Privacy Policy

Last updated: 22 June 2026

1. Who we are

TenInTheMorning is the data controller for the personal data we collect through this service. Contact: hello@teninthemorning.com.

2. What data we collect

Data	Purpose	Lawful basis
Email address	Account authentication and email delivery	Contract performance
Name	Personalising your briefing greeting	Contract performance
Location (city)	Weather data and local news	Contract performance
Password (hashed)	Account security	Contract performance
Edition settings	Storing your briefing configuration	Contract performance
Payment data	Processing subscription payments (handled by Stripe)	Contract performance

3. How we use your data

We use your data solely to provide and improve the TenInTheMorning service: authenticating your account, building and delivering your personalised email briefing, and processing payments. We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-party processors

We use the following third-party services to operate TenInTheMorning:

Supabase (database and authentication) — EU-hosted
Stripe (payment processing) — PCI-DSS compliant
Resend (email delivery)
Vercel (hosting)
Anthropic (AI content generation) — prompts do not include personal data

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, all personal data is removed within 30 days. Payment records may be retained by Stripe as required by financial regulations.

6. Your rights

Under UK GDPR, you have the right to:

Access — request a copy of the data we hold about you
Rectification — correct inaccurate data via your Account page
Erasure — delete your account and all associated data
Portability — receive your data in a machine-readable format
Object — object to processing where our lawful basis is legitimate interest
Withdraw consent — where processing is based on consent (e.g. marketing emails)

To exercise any of these rights, email hello@teninthemorning.com. We will respond within 30 days.

7. Cookies and local storage

TenInTheMorning uses essential cookies for authentication (Supabase session cookies) and localStorage/sessionStorage for editor state and preferences. We do not use tracking cookies, analytics, or advertising cookies.

8. Marketing emails

We will only send marketing emails (feature announcements, promotions) if you have explicitly opted in. Your daily briefing is a transactional email — part of the service you signed up for — and is not marketing. You can unsubscribe from marketing emails at any time via the link in each email or through your Account page.

9. Children

TenInTheMorning is not directed at children under 16. We do not knowingly collect personal data from anyone under 16.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email. The latest version is always available at this page.

11. Complaints

If you are unhappy with how we handle your data, please contact us at hello@teninthemorning.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.