Legal

Privacy Policy

We believe you have a right to know exactly what happens with your data. This policy explains it plainly, without legal jargon.

Last updated: 6 April 2026

Who we are

The Consilium is the official publication of the University of Edinburgh Economics Society. We publish economics analysis, opinion, and commentary written by students. We are based in Edinburgh, Scotland, and operate under UK law.

If you have any questions about this policy or how we handle your data, please contact us at theconsilium.editor@gmail.com.

What data we collect and why

We only collect information that is necessary to run the website. Here is what we collect:

Newsletter subscriptions

When you subscribe to our newsletter, we store your email address. We use it to send you new articles and updates. The legal basis is your consent: you can unsubscribe at any time using the link at the bottom of any newsletter email, and we will delete your email address immediately.

Reader accounts

If you create an account, we store your name, email address, and a securely hashed version of your password (we never store passwords in plain text). We use this to let you log in, save articles, and track your reading progress across devices. The legal basis is your consent at the point of sign-up. You can request deletion of your account and all associated data at any time.

Reading progress and bookmarks

If you have an account, we store which articles you have read, how far through each article you are, and which articles you have bookmarked. This lets you continue reading where you left off. This data is linked to your account and is deleted when your account is deleted.

Contact form submissions

When you use our contact form, we store your name, email address, subject, and message so that we can respond to you. We retain contact messages for up to two years. The legal basis is our legitimate interest in responding to enquiries.

Cookies and visit tracking

We use cookies to improve your experience. A visit counter cookie helps us decide when to show you our account sign-up prompt. A session cookie is used to keep you logged in if you have an account. No advertising or tracking cookies are used.

When you first visit the site, you will be asked to accept or decline non-essential cookies. If you decline, only the essential session cookie will be used. You can change your preference at any time by clearing your browser cookies.

Login records

We record the time, email address, and IP address of login attempts (both successful and failed) for security purposes. This helps us detect unauthorised access attempts and protect accounts. This data is visible only to site administrators.

How long we keep your data

Newsletter subscriptions: until you unsubscribe
Account data, reading progress, and bookmarks: until you delete your account
Contact form messages: up to two years
Login records: up to one year for security auditing

Where your data is stored

Your data is stored on a secure PostgreSQL database hosted by Supabase. Supabase servers are located in the European Union. All data is encrypted in transit and at rest.

Who we share your data with

We do not sell your data to anyone, ever. We share it only with the third-party services required to operate the website:

Vercel: hosts the website and serves pages to your browser. Vercel processes request data including IP addresses as part of normal web serving.
Supabase: stores the database containing your account and subscription data.
Resend: sends transactional emails such as password resets and account notifications. Your email address is passed to Resend only when sending you a message.

All three services are reputable providers with their own privacy commitments and, where applicable, UK GDPR compliance.

Your rights under UK GDPR

If you are based in the UK or European Union, you have the following rights regarding your personal data:

The right to access: you can ask us what data we hold about you.
The right to correct: if any information we hold is inaccurate, you can ask us to correct it.
The right to erasure: you can ask us to delete all personal data we hold about you. For account holders, you can do this instantly by contacting us or using the deletion option in your account.
The right to withdraw consent: where we rely on your consent to process data (such as newsletter subscriptions), you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.
The right to object: you can object to our use of your data where we rely on legitimate interest as the legal basis.

To exercise any of these rights, email us at theconsilium.editor@gmail.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.

Changes to this policy

If we make significant changes to this policy, we will update the date at the top of this page. We encourage you to review this policy periodically.

Contact us

For any questions about this privacy policy or your personal data, contact us at theconsilium.editor@gmail.com.

←Back to Homepage