Privacy

What we collect, why, and your rights.

Plain English. No tracking pixels. No third-party advertising. No data sales. UK GDPR-compliant.

Last updated 2 May 2026.

Who we are

"Knack" (we, us) is a sole trader operating from the United Kingdom and publishing at knack.run. For all data-protection purposes, the controller is reachable at [email protected]. Knack is the legal entity behind buyer payouts and VAT; that information is held by our payment provider (Polar) and is never exposed in customer-facing communications.

What we collect, and why

When you buy a pack

Email address, billing country, and (in some jurisdictions) tax ID. Polar handles the card data — we never see or store payment card numbers. We use this information to deliver the pack, send your licence key, send updates, and meet our tax-record obligations.

Lawful basis: performance of contract; legal obligation (tax records).

When you subscribe to the newsletter

Email address and the date you subscribed. Stored in Resend (our email provider). One-click unsubscribe in every email; no friction, no win-back drip.

Lawful basis: consent.

When you visit the site

We use Cloudflare Web Analytics, which records aggregate page-view counts and referrer information without setting cookies and without storing any personal identifier or IP address. We see "20 people read the home page yesterday"; we do not see which 20 or where any one of them lives.

Cloudflare also keeps short-lived edge logs (IP address, user-agent, request URL) for the purposes of running the site, blocking abuse, and rate-limiting. These logs are retained by Cloudflare per their own policy and are not used by us for marketing.

Lawful basis: legitimate interests (operating and securing the site).

When you email us

Whatever you send us, plus the email address you sent it from. Used only to reply.

Lawful basis: legitimate interests (responding to enquiries) or performance of contract (if you're a buyer).

Who we share data with

We use a short list of sub-processors. Each is contractually bound to UK GDPR-equivalent protections.

Polar (United States) — payments, invoicing, tax compliance, refund processing. Acts as our Merchant of Record. Polar privacy policy.
Resend (United States) — transactional email (purchase receipts, licence keys, update notifications) and the newsletter. Resend privacy policy.
Cloudflare (United States, global edge) — site hosting, DNS, edge security, web analytics, email routing. Cloudflare privacy policy.

We do not sell, rent, or lease personal data to anyone, ever. We do not share data with advertising networks. We do not load third-party marketing scripts.

International transfers

Polar, Resend and Cloudflare are US-based. Transfers from the UK to the US are made under the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, with the recipient certified under the UK Extension to the EU-US Data Privacy Framework where applicable.

How long we keep data

Purchase records — 7 years after the financial year of purchase (UK HMRC requirement).
Licence-key records — for the life of the licence (lifetime), so we can deliver updates. Removed on refund or buyer request.
Newsletter subscriber list — until you unsubscribe, then immediately.
Support emails — 24 months after the last reply, then deleted.
Analytics — aggregated only; no individual record exists to retain.

Your rights

Under UK GDPR you have the right to:

access the personal data we hold about you,
have inaccurate data corrected,
have your data erased ("right to be forgotten"),
restrict or object to certain processing,
receive a copy of your data in a portable format,
withdraw consent for the newsletter at any time.

Email [email protected] and we will action any of the above inside one calendar month, free of charge. We may need to verify your identity first.

If you're not satisfied with our response, you can complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint. We'd rather you came to us first, but the right to complain is yours regardless.

Cookies

The marketing site (knack.run) sets no cookies of its own. Cloudflare may set a single technical cookie (__cf_bm) for bot management; this cookie contains no personal data and expires inside 30 minutes. The Polar checkout (on a polar.sh domain) sets its own cookies for the payment flow — see Polar's privacy policy linked above.

We do not use a cookie banner because we do not set non-essential cookies. The cookies above are strictly necessary under PECR and ICO guidance.

Children

Knack is sold to professional adults. We don't knowingly collect data from anyone under 18. If you believe we hold data on a child, email [email protected] and we'll delete it.

Changes

We update this policy when our processing actually changes — not for cosmetic reasons. The "last updated" date at the top is the source of truth. For material changes affecting active buyers or subscribers, we also email you directly.