Privacy Policy — The Boarding Pass Club

Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 21 May 2026

The Boarding Pass Club ("we", "us", "our") operates theboardingpassclub.com (the "Site"). This Privacy Policy explains what data we collect, how we use it, and the rights you have over it under UK GDPR and the Data Protection Act 2018.

1. Who we are

The Boarding Pass Club is a UK-based travel-deals and event publication. The data controller is Wayne Nixon, contactable at hello@theboardingpassclub.com.

2. Data we collect

  • Email address — only when you voluntarily subscribe to our newsletter or download a lead-magnet PDF. We store this in Ghost (our publishing platform).
  • Usage data — pages visited, referrer, approximate location (country/city level from IP), device type, and click events on outbound affiliate links. Collected via Google Analytics 4 (GA4) using cookieless or first-party cookie measurement depending on consent.
  • Technical logs — server access logs (IP, user agent, timestamp) retained for 30 days for security and abuse prevention.

We do not collect names, addresses, phone numbers, or payment details. We do not process special-category personal data.

3. How we use your data

  • Send you the email content you subscribed to (newsletter, deal alerts, lead-magnet PDFs).
  • Understand which content is popular and improve the Site.
  • Measure the performance of affiliate partnerships (which posts drive which outbound clicks) so we can keep recommending what genuinely helps readers.
  • Comply with legal obligations.

Lawful basis: consent (newsletter, optional cookies), legitimate interest (security logs, anonymous analytics), and legal obligation (where applicable).

4. Cookies & tracking technologies

We use the following categories of cookies:

  • Strictly necessary — Ghost session, login state. These cannot be disabled.
  • Analytics — Google Analytics 4 (cookie _ga, _ga_*, _gid). Used to measure traffic. Anonymised IP is enforced.
  • Affiliate attribution — Travelpayouts, CJ, Awin, Impact, GetYourGuide, Skiddle, AirHelp, Capital on Tap, Revolut, and other affiliate partners may set first-party or third-party cookies when you click an outbound link, so that a commission can be attributed to us. We never sell this data.

You can opt out of all non-essential cookies by clicking Decline on our cookie banner, or by configuring your browser to block third-party cookies.

5. Third-party services

We rely on the following processors, each with their own privacy practices:

  • Ghost (publishing & membership) — stores subscriber emails. Ghost privacy.
  • Resend (transactional email) — delivers signup confirmations and PDF downloads. Resend privacy.
  • Google Analytics 4 — anonymised traffic analytics. Google privacy.
  • Hetzner — EU server hosting (Germany).
  • Affiliate networks — Travelpayouts, CJ, Awin, Impact, GetYourGuide, Tiqets, Skiddle, AirHelp, Booking.com, Trainline.
  • Social platforms (publishing only) — we publish to X/Twitter, Facebook, Pinterest, Instagram and Telegram. We do not share subscriber data with them.

We do not sell, rent, or trade your personal data with anyone.

6. Affiliate disclosure

Many links on the Site are affiliate links. If you click and book, we may earn a small commission at no extra cost to you. This is how we keep the Site free. All affiliate placements carry the #ad or "sponsored" disclosure per UK ASA / CAP guidance. We only recommend products and services we'd use ourselves.

7. Data retention

  • Subscriber emails — until you unsubscribe or request deletion.
  • Analytics data — 14 months in GA4, then aggregated and anonymised.
  • Server logs — 30 days.

8. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion ("right to be forgotten").
  • Request restriction of processing.
  • Object to processing based on legitimate interest.
  • Data portability (receive your data in a portable format).
  • Withdraw consent at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, email hello@theboardingpassclub.com. We'll respond within 30 days.

9. California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to opt out of any "sale" of personal information. We do not sell personal information.

10. Children's privacy

The Site is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we hold data about a child, please contact us so we can delete it.

11. Security

We use HTTPS site-wide (TLS 1.2+), HMAC-verified webhooks, encrypted database storage, and least-privilege server access. No system is 100% secure, but we work hard to protect your data.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be highlighted at the top of the Site for 30 days.

13. Contact

Questions about this policy or your data?
Email: hello@theboardingpassclub.com
Site: theboardingpassclub.com

Get the UK's best travel deals — free. Daily hand-picked package holidays, flight deals + UK event-travel ideas. No spam.