Privacy Policy

This site is built privacy-first. We collect the minimum data needed to run the site and communicate with you, we are transparent about who we share it with, and we never sell it. This policy explains what we collect, why, and what your rights are under UK GDPR.

Who we are

What AI Did Next is published by WAIDN, 12 Emberton Street, Newcastle Under Lyme, Staffordshire, ST5 7LJ, United Kingdom. This site is the data controller for all personal data described in this policy.

If you have any questions about this policy or how we handle your data, contact us at questions at whataididnext.com or via the contact page. We aim to respond within five working days.

What we collect and why

Newsletter and email updates

If you sign up for our newsletter or updates, we collect your first name and email address. We use this to send you new articles, content updates, and occasional information about tools and products we build or recommend. The legal basis for this processing is your consent. You can withdraw consent at any time by clicking the unsubscribe link in any email we send, or by contacting us directly.

Analytics and site behaviour

We run our own self-hosted analytics platform, Track n Dash, to understand how people use this site — which pages are read, which links are clicked, and how content performs. This helps us improve what we publish. Analytics only run if you accept cookies via our cookie banner. All visitor identifiers are one-way hashed using SHA-256 and rotate daily — they cannot be used to identify you personally across sessions. The legal basis is legitimate interest, gated by your cookie consent.

Contact and support enquiries

If you contact us via the contact form or by email, we retain your name and email address to respond to your enquiry and for a reasonable period afterwards in case of follow-up questions. We do not use contact data for marketing without your separate consent. The legal basis is legitimate interest.

Who we share your data with

We do not sell your personal data. We do not share it with third parties for their own marketing purposes. We use the following third-party services to operate the site and communicate with you.

Brevo (email delivery)

We use Brevo (operated by Sendinblue SAS, 55 rue d'Amsterdam, Paris 75008, France) to deliver newsletter emails and other subscriber communications. When you subscribe, your first name and email address are transferred to Brevo's systems. Brevo is subject to EU GDPR and we maintain a Data Processing Agreement with them. Data is processed within the EU. For full details, see Brevo's privacy policy.

Track n Dash (self-hosted analytics)

Our analytics platform is self-hosted on our own server at whataididnext.com. Visitor data collected by Track n Dash does not leave our server and is not shared with any third party. All identifiers are pseudonymous and rotate daily.

Affiliate partners

This site may include affiliate links — links where we earn a commission if you make a purchase through them. Where an affiliate link is used, it is disclosed clearly in the relevant content. Clicking an affiliate link may allow the destination site to identify that you arrived from here. We do not share your personal data directly with affiliate partners.

Advertising

This site does not currently run third-party advertising. If advertising is introduced in the future, this policy will be updated before it goes live to reflect any associated data processing, including any cookies or tracking technologies used by advertising partners.

How long we keep your data

We keep your data only for as long as it is needed for the purpose it was collected. Specifically: newsletter subscriber data is retained for as long as your subscription is active, and deleted within 30 days of an unsubscribe request. Analytics data is retained for 90 days. Contact enquiry data is retained for up to 12 months. When data is no longer needed, it is deleted.

Your rights under UK GDPR

If you are a UK resident, you have the following rights in relation to your personal data:

Right of access — you can request a copy of the personal data we hold about you.

Right to rectification — you can ask us to correct any inaccurate or incomplete data.

Right to erasure — you can ask us to delete your personal data (the right to be forgotten).

Right to restriction — you can ask us to limit how we process your data while a dispute is being resolved.

Right to data portability — you can request your data in a structured, commonly used, machine-readable format.

Right to object — you can object to processing based on legitimate interest. We will stop unless we have compelling legitimate grounds that override your interests.

Right to withdraw consent — where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk, by telephone on 0303 123 1113, or by post to: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Data security

We take reasonable technical and organisational measures to protect your data. The site runs over HTTPS. Our analytics platform is self-hosted and access is protected by password authentication and rate limiting. Admin areas are blocked from public access. No system is completely secure, but we treat security as a first principle — it is built in from the start, not added later.

Cookies

For full details of the cookies this site sets and how to manage them, see our Cookie Policy. In summary: we set a single consent preference cookie regardless of your choice, and analytics cookies only if you accept via the cookie banner.

Children

This site is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. The updated date at the top of this page will always reflect when it was last changed. For material changes — such as new data processors, new types of data collection, or changes to how we use your data — we will notify active subscribers by email before the changes take effect.