Not Many Know

Not Many Know

You agree to the privacy policy below, and the Privacy Policy for Substack, the technology provider.

Privacy Policy

Last Updated: 10 JUNE 2026

1. Introduction

This Privacy Policy explains how David Alston, a sole trader based at Halton Mill, Mill Lane, Halton, Lancaster, LA2 6ND, trading as Not Many Know (”we”, “us”, “our”), collects, uses, stores, and protects your personal data when you visit notmanyknow.com, subscribe to the Not Many Know publication, become a paid member, interact with community features, or contact us (”the Website”, “the Publication”, “the Service”).

The Service is hosted on Substack. Substack provides the publication, subscription, account, payment, email delivery, comments, and community infrastructure. Substack may process your personal data under its own terms and privacy policy as an independent service provider and/or data controller, depending on the context.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 for personal data we determine the purposes and means of processing.

ICO Registration Number: ZA431043

We are committed to protecting your privacy in compliance with:

  • the UK General Data Protection Regulation (UK GDPR);

  • the Data Protection Act 2018;

  • the Privacy and Electronic Communications Regulations 2003 (PECR);

  • the Data (Use and Access) Act 2025.

2. What Personal Data We Collect

We may collect and process the following categories of personal data.

2.1. Information you provide directly

  • name;

  • email address;

  • subscription status;

  • messages, replies, comments, and support enquiries;

  • member submissions, which may include voice notes, songs, psalms, hymns, poems, testimony, project notes, creative work, or other material you choose to share;

  • preferences, survey responses, and community prompt responses;

  • any information you choose to include when contacting us by email or through Substack.

2.2. Subscription and payment information

Paid subscriptions are processed through Substack and Stripe. We may receive limited information such as:

  • subscriber name and email address;

  • subscription plan;

  • subscription status;

  • payment confirmation;

  • renewal, cancellation, refund, or failed payment status;

  • country or approximate billing location where made available for tax, fraud prevention, or reporting purposes.

We do not store your full card details.

2.3. Information collected automatically

Substack, hosting providers, analytics systems, email delivery systems, payment processors, and security tools may collect technical and usage information such as:

  • IP address;

  • browser type and version;

  • operating system;

  • device information;

  • pages or posts visited;

  • email opens and link clicks where tracked by Substack;

  • date and time of visits or email interactions;

  • referring website;

  • cookie and similar technology data.

2.4. Information from third parties

We may receive information from:

  • Substack, for publication, subscriber, comment, email, and membership management;

  • Stripe, for payment confirmation, billing, refund, fraud prevention, and subscription status information;

  • email providers where you contact us directly;

  • related services operated by David Alston, where you choose to use them, such as Only One You Pro Bio Pages.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

PurposeLawful BasisProviding free subscriptions and publication accessArticle 6(1)(b), performance of a contract or steps taken at your requestProviding paid membership and subscriber-only contentArticle 6(1)(b), performance of a contractProcessing payments, refunds, renewals, and cancellationsArticle 6(1)(b), performance of a contractSending newsletter emails and essential service communicationsArticle 6(1)(b), performance of a contract, and/or Article 6(1)(a), consentResponding to enquiries and support requestsArticle 6(1)(b), performance of a contract or steps taken at your requestManaging comments, replies, member submissions, and community participationArticle 6(1)(b), performance of a contract, and/or Article 6(1)(f), legitimate interestsComplying with legal, accounting, tax, and regulatory obligationsArticle 6(1)(c), legal obligationWebsite security, fraud prevention, and abuse preventionArticle 6(1)(f), legitimate interestsImproving the Publication, understanding reader engagement, and managing the ServiceArticle 6(1)(f), legitimate interestsSending marketing communications beyond the subscription you requestedArticle 6(1)(a), consent

Where we rely on legitimate interests, we have considered your rights and freedoms and are satisfied that they are not overridden. You have the right to object to processing based on legitimate interests.

4. How We Use Your Data

We use your personal data to:

  • provide, manage, and improve the Publication and membership;

  • send newsletter posts and other emails you have subscribed to receive;

  • manage paid subscriptions, renewals, cancellations, refunds, and member access;

  • respond to enquiries, replies, and support requests;

  • manage comments, discussion threads, and member participation;

  • review and, with your permission where appropriate, feature member submissions such as songs, voice notes, poems, testimony, or project notes;

  • provide or coordinate related member benefits, such as Only One You access where included;

  • analyse reader engagement and improve the Service;

  • detect, prevent, and address technical issues, spam, fraud, abuse, or security risks;

  • comply with legal obligations, including tax and accounting records.

5. Email Communications

5.1. If you subscribe to Not Many Know, you consent to receive emails from the Publication through Substack.

5.2. You can unsubscribe from free or paid emails using the unsubscribe or account-management tools provided by Substack.

5.3. If you are a paid member, unsubscribing from emails may not automatically cancel your paid subscription. You should use Substack’s subscription-management tools to cancel payment renewals.

5.4. We may also reply directly from help@notmanyknow.com or another email address controlled by David Alston where you contact us for support.

6. Data Sharing

We may share your personal data with the following categories of recipients:

  • Substack: to host the Publication, manage subscribers, deliver emails, provide comments/community tools, and support paid membership.

  • Stripe: to process payments, renewals, refunds, fraud checks, and billing information.

  • Email service providers: to send and receive direct support emails.

  • Hosting, DNS, domain, and security providers: to operate and secure the Website and related email/domain systems.

  • Only One You Pro Bio Pages: where you choose to activate or use an included or related member benefit.

  • Professional advisers: such as accountants, bookkeepers, legal advisers, or technical support providers where reasonably necessary.

  • Legal and regulatory authorities: where required by law or to protect our legal rights.

We do not sell your personal data to third parties.

Where third-party processors process personal data on our behalf, we expect them to process it under appropriate contractual safeguards.

7. Substack, Stripe, and Third-Party Platforms

7.1. Not Many Know is hosted on Substack, and paid subscriptions are processed through Substack and Stripe.

7.2. Substack and Stripe may collect and process personal data directly when you create an account, subscribe, comment, pay, cancel, request a refund, or use their systems.

7.3. Their own privacy policies and terms may apply to that processing. You should review Substack’s and Stripe’s current privacy notices if you want full details of how they handle your data.

7.4. We cannot control all data handling decisions made independently by Substack, Stripe, app stores, browser providers, or your email provider.

8. International Data Transfers

Some of our third-party service providers, including Substack and Stripe, may process personal data outside the UK.

Where personal data is transferred outside the UK, we expect appropriate safeguards to be in place, such as:

  • UK adequacy decisions;

  • the UK International Data Transfer Agreement (IDTA);

  • the UK Addendum to EU Standard Contractual Clauses;

  • Standard Contractual Clauses;

  • equivalent contractual or legal safeguards used by the relevant service provider.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy.

Data TypeRetention PeriodSubscriber and account dataDuration of subscription/account relationship, then as reasonably needed for records and supportPaid subscription and billing records6 years where required for HMRC, accounting, and legal obligationsSupport correspondenceUp to 2 years from resolution, unless needed for an ongoing relationship or legal reasonComments and repliesWhile the relevant post, thread, or account remains active, unless deleted earlierMember submissionsFor as long as needed for the purpose agreed, unless you ask us to stop using them and we can reasonably do soMarketing consent recordsDuration of consent plus up to 1 yearWebsite and email engagement dataAs configured within Substack or the relevant provider

After the applicable retention period, data will be securely deleted or anonymised where reasonably possible.

10. Member Submissions and Personal Content

10.1. If you submit a voice note, song, psalm, hymn, poem, testimony, creative work, or other personal material, we will use it only for the purpose for which it was submitted or for a purpose you later approve.

10.2. We will not deliberately publish a private voice note, personal testimony, or similarly personal submission as a featured item without your permission.

10.3. If you ask us to remove or stop using a submission, we will act reasonably. However, we may not be able to remove material from emails already sent, backups, archived versions, or material already accessed by subscribers.

10.4. Please avoid sending sensitive personal data unless it is genuinely necessary. Sensitive personal data may include information about health, race, ethnicity, political opinions, religious beliefs, sexuality, biometric data, or criminal convictions. NMK is a Christian publication, so you may naturally choose to discuss religious belief. You should only share what you are comfortable sharing.

11. Cookies and Similar Technologies

The Service is hosted on Substack, which may use cookies, pixels, local storage, analytics, and similar technologies to operate the Website, manage accounts, deliver emails, track engagement, process subscriptions, prevent abuse, and improve its services.

Substack’s cookie and tracking practices may change over time and are controlled by Substack. Browser settings may allow you to block or delete cookies, but some features may not work properly without them.

If Not Many Know later uses additional cookies or tracking tools outside Substack, we will update this Privacy Policy or publish a separate Cookie Policy where appropriate.

12. Your Rights Under the UK GDPR

You have the following rights in relation to your personal data:

  • Right of access (Article 15): request a copy of the personal data we hold about you.

  • Right to rectification (Article 16): request correction of inaccurate or incomplete data.

  • Right to erasure (Article 17): request deletion of your personal data, subject to legal obligations.

  • Right to restrict processing (Article 18): request that we limit the processing of your data.

  • Right to data portability (Article 20): request your data in a structured, commonly used, machine-readable format.

  • Right to object (Article 21): object to processing based on legitimate interests or for direct marketing.

  • Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time.

  • Rights related to automated decision-making (Article 22): we do not currently carry out automated decision-making or profiling that produces legal effects.

To exercise any of these rights, please email help@notmanyknow.com. We will respond within one month of receiving your request, in accordance with the UK GDPR.

Where your request relates to personal data controlled directly by Substack or Stripe, we may direct you to contact them or use their account tools.

13. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • using reputable third-party platforms for hosting, email, subscription, and payment processing;

  • relying on encrypted payment processing through Stripe;

  • using HTTPS/TLS encryption where available;

  • limiting access to subscriber, member, and support data;

  • keeping administrative accounts protected with appropriate security measures;

  • reviewing and removing unnecessary data where reasonably possible.

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

14. Children’s Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete it promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Where changes are significant, we will notify you by email or via a notice on the Website where reasonably possible.

16. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at help@notmanyknow.com so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. Related Services

David Alston also operates:

  • davealston.com, a writing and consulting website;

  • Only One You Pro Bio Pages at onlyone.you.

Those services have their own legal documents. If you use those services, their respective privacy policies and terms apply.

18. Contact Us

For any questions about this Privacy Policy or your personal data, please contact:

David Alston
Trading as Not Many Know
Halton Mill, Mill Lane, Halton, Lancaster, LA2 6ND
help@notmanyknow.com
ICO Registration Number: ZA431043

© 2026 Not Many Know · Publisher PrivacyPublisher Terms
Substack · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture