Effective date: 1 July 2026 · Last reviewed: 1 July 2026. This policy describes how jeremystephen.com (including www.jeremystephen.com) handles information about you. It is written to be read, not skimmed past — but a summary comes first.

The site is built on a simple principle: collect as little personal information as possible, and be plain about the little that is collected. There are no accounts to create, no paywall, no advertising, and no analytics scripts watching you read.

The short version

  • Browsing this site is effectively anonymous to me. I keep no database of visitors, run no analytics, and set no cookies for ordinary visitors.
  • If you use the contact form, your message reaches me as a single email and is used only to reply to you.
  • If you subscribe to the newsletter, your email address is stored with the newsletter provider (Mailchimp) and used only to send the newsletter. Every email includes an unsubscribe link.
  • Your information is never sold, rented, or shared for marketing — with anyone.
  • Questions or requests any time: hello@jeremystephen.com.

Who is responsible for this site

This is the personal website of Jeremy Stephen — economist, columnist, aviation professional, and technology builder — based in Barbados. For the purposes of data-protection law (including the Barbados Data Protection Act, 2019 and, for readers in the EU/UK, the GDPR), I am the data controller for the processing described here. You can reach me at hello@jeremystephen.com or through the contact form.

Information you give me

The only personal information this site collects is what you choose to type into one of its two forms.

The contact form

The contact form asks for your name, your email address, your message, and an enquiry category (general, media, speaking, or research). Submitting it generates one email, delivered over an encrypted connection to hello@jeremystephen.com. I use it solely to read and reply to your enquiry.

  • The website itself keeps no copy — your message exists only as ordinary email correspondence once delivered.
  • Your details are never added to any marketing list because you contacted me.
  • Messages are capped in length and rate-limited, which keeps the form useful for people and useless for spam scripts.

The newsletter

The newsletter form collects exactly one thing: your email address. It is passed to Mailchimp, the newsletter provider, which stores it together with the sign-up time and a record of your consent. Depending on settings you may first receive a confirmation email asking you to verify the subscription (double opt-in).

  • Your address is used only to send the newsletter — nothing else.
  • Every newsletter includes an unsubscribe link. Unsubscribing takes effect immediately and requires no explanation.
  • Emails sent through Mailchimp may include the provider's standard delivery and engagement measurement (for example, whether an email was opened). This is a common feature of newsletter platforms; it never feeds advertising.

Information processed automatically

No analytics, no tracking

This site runs no analytics — not Google Analytics, not a privacy-friendly alternative, nothing. There are no advertising networks, no social-media pixels or embedded widgets, no fingerprinting, and no cross-site tracking of any kind. I genuinely do not know who reads the site, and that is by design.

Fonts are self-hosted and served from this site's own server, so your browser does not contact Google Fonts or any other font network when you visit.

IP addresses and abuse prevention

When you submit a form, your IP address is checked against a short-lived, in-memory rate limit (for example, at most five contact messages per ten minutes per connection). This protects the forms from spam and abuse. These counters live only in the server's memory, expire within minutes, and are never written to disk or linked to your identity.

Server logs

Like virtually every website, the server infrastructure keeps standard technical logs (IP address, requested page, time, browser user-agent) for security monitoring and fault diagnosis. Logs are kept on a short rolling window on infrastructure I operate, are not used to build profiles, and are not shared.

Cookies

The site sets no cookies for ordinary visitors — which is why you are not greeted by a cookie banner. No advertising, analytics, or third-party cookies exist here.

The only cookies in the codebase are functional ones used by me as the site's author: a login session for the content-management studio and a draft-preview cookie for reviewing unpublished writing. Neither is set on your browser during normal reading. If the site ever needs cookies that affect visitors, this policy will say so first.

Third-party services

A small, deliberate set of services helps run the site. Each receives only what its job requires.

Sanity (content management)

Articles and images are managed in Sanity, a hosted content platform. When you read a page, your browser loads images from Sanity's content delivery network (cdn.sanity.io) and may open a connection to Sanity's live-update service so newly published corrections appear without a refresh. Like any web request, those connections expose standard metadata (your IP address and browser type) to Sanity. Sanity stores my content, not information about you. See Sanity's privacy policy.

Mailchimp (newsletter)

Newsletter subscriptions are stored and delivered by Mailchimp (an Intuit company, United States). Mailchimp processes subscriber addresses on my behalf under its published data-processing terms. See Mailchimp's privacy notice.

Email delivery

Contact-form messages are relayed through an authenticated SMTP email service over an encrypted connection, the same way ordinary email is sent. The service's role is delivery only.

Hosting

The site is self-hosted in a hardened container on server infrastructure that I operate, behind a reverse proxy that terminates HTTPS. No third-party website-analytics or ad-tech layer sits in front of it.

The data dashboards

The Economics and Finance dashboards display aggregate, public macroeconomic and market data for Caribbean economies and exchanges — GDP, inflation, stock-exchange boards, and the like. They are fed by an authenticated data pipeline and contain no personal information about anyone, visitors included.

How long information is kept

  • Contact messages: kept as ordinary email correspondence for as long as needed to handle the enquiry and maintain reasonable records, then deleted. You can ask me to delete a message at any time.
  • Newsletter addresses: kept until you unsubscribe or the list is deleted. Unsubscribed addresses are handled per Mailchimp's suppression rules so you are not accidentally re-added.
  • Rate-limit counters: in server memory only; expire automatically within minutes.
  • Technical server logs: short rolling retention, then discarded.

Where data-protection law applies, the processing above rests on: your consent (the newsletter — withdrawable at any time via the unsubscribe link); legitimate interests (replying when you write to me, and protecting the site from spam and abuse); and, where relevant, compliance with legal obligations.

Your rights

Subject to applicable law — including the Barbados Data Protection Act, 2019 and the GDPR for readers in the EU/UK — you have the right to:

  • ask what personal information I hold about you, and receive a copy (access);
  • have inaccurate information corrected (rectification);
  • have your information deleted (erasure) — for the newsletter, the unsubscribe link is the fastest route;
  • object to or ask me to restrict a particular use of your information;
  • withdraw consent at any time, without affecting processing that happened before;
  • complain to a supervisory authority — in Barbados, the Data Protection Commissioner; in the EU/UK, your local data-protection authority.

To exercise any of these, email hello@jeremystephen.com. I will respond within a reasonable time and never charge for a legitimate request. Given how little the site collects, most requests are short conversations.

How this site protects information

Security was designed in before launch, not bolted on after. In plain English, the site:

  • serves every page over an encrypted connection (HTTPS), and instructs browsers to refuse unencrypted connections in future (HSTS);
  • sends strict security headers, including a Content-Security-Policy, and forbids other sites from embedding its forms (clickjacking protection);
  • collects the minimum by design — no visitor accounts and no visitor database exist, so there is no honeypot of personal data to breach;
  • defends its forms with rate limiting and an invisible spam trap rather than tracking-based CAPTCHA services, so abuse prevention adds no surveillance;
  • requires cryptographically verified credentials on every automated publishing and data endpoint, and shuts those endpoints down entirely (fails closed) if their secrets are not configured;
  • sanitises all content-derived output — link destinations are allow-listed and structured data is escaped — so even a compromised editor account could not inject scripts into your browser;
  • follows least privilege: the public site runs with read-only credentials, secrets stay out of the code and the container image, and publishing rights remain with my authenticated editor session;
  • is audited against known dependency vulnerabilities on a regular cadence, and runs as an unprivileged user inside an isolated container.

No internet service can honestly promise absolute security. If you believe you have found a vulnerability in this site, please email hello@jeremystephen.com — responsible reports are genuinely welcome and will be acknowledged.

International visitors and data transfers

The site is operated from Barbados; its service providers (Sanity, Mailchimp, email delivery) operate infrastructure in the United States and Europe. Where personal information crosses borders — for example, a newsletter address stored with Mailchimp — the transfer is covered by the provider's published data-processing terms and recognised transfer safeguards (such as standard contractual clauses).

Children

This site is written for a general adult readership and is not directed at children. I do not knowingly collect personal information from children; if you believe a child has submitted information here, contact me and I will delete it.

Articles link out to sources, and external links are configured so the destination site is not told which page you came from (no referrer leakage) and cannot script against this one. Once you leave, the destination's own privacy policy applies — this one does not travel with you.

Changes to this policy

If the site's behaviour changes — new services, analytics, or cookies — this policy will be updated first, with a new effective date at the top. Material changes will be noted plainly rather than buried. The current version always lives at this address.

Contact

Questions, requests, or concerns about privacy: email hello@jeremystephen.com or use the contact form. I read everything sent to me.