ansa-phone. Help me pick a phone
no. 01 Small print

Privacy and security

Last updated 26 May 2026.

Plain-English summary of what we collect, who handles it, how long we keep it, and the things we will never do with it. Reviewed quarterly, will be reviewed by a UK solicitor before formal trading.

The short version

  • HTTPS-only with a Let's Encrypt TLS certificate, auto-renewed.
  • Newsletter signup: we hold your email, the page you signed up on, and the date.
  • We don't sell phones, take payments, take card details or ship anything. That happens at the UK retailer you click through to.
  • Site analytics via Google Analytics and Microsoft Clarity, loaded only if you accept the cookie banner. Decline and nothing is set or sent.
  • Transactional email via Resend, EU-hosted, 30-day log retention.
  • We never sell your data. We never share it with marketers. We never use it to train AI.
  • You can ask us to delete everything we hold on you, any time, at hello@ansa-phone.co.uk. We do it within 30 days.

What we will never do

  • Sell your email address to anyone.
  • Rent the newsletter list to a marketing partner.
  • Use your email or order data to train any AI model.
  • Send more email than we describe at sign-up: the first-phone series when you join (four short emails over eleven days), then never more than one note a fortnight.
  • Sign you up for anything you didn't tick a box for.
  • Use your data for third-party advertising, or sell it to ad networks.
  • Load any analytics or recording tool before you've said yes to the cookie banner.
  • Hand your data to law enforcement without a UK court order.

Who is responsible

Ansa-Phone is written and run by one editor in the UK, an individual rather than a company, and that editor is the data controller. The fastest way to reach them: hello@ansa-phone.co.uk.

Security at the layer below

  • HTTPS everywhere. Let's Encrypt TLS certificate, issued by certbot, auto-renewed by a scheduled task on our Ionos UK VPS. We force 80 → 443 redirection at the nginx layer.
  • No card data, ever. We don't process payments. When you click a buy button, you leave ansa-phone.co.uk and complete your purchase at the UK retailer (Amazon UK, Pinwheel UK, Light, Back Market UK or a SIM provider). Your card details never touch our infrastructure.
  • Hashed IPs. Affiliate-click logging stores a salted SHA-256 hash of the visitor IP, not the IP itself. The salt is stored in the server's environment variables and rotated annually.
  • Database access. The Postgres database is only reachable from inside the VPS. Direct SSH access is restricted to our keys. There is no public DB port.
  • Backups. Nightly pg_dump to Backblaze B2, 30-day retention. Encrypted at rest by Backblaze.

Every third-party service we use, named

  • Resend, transactional email. EU-hosted. They see your email address and the content of the welcome email we send you. Log retention 30 days. Privacy policy: resend.com/legal/privacy-policy.
  • Google Analytics 4 (Google), page and event analytics. Loaded only if you accept the cookie banner. Sets cookies and measures pages viewed, referrers, country, device and browser. Google processes this internationally under its standard contractual clauses. Decline, and it never loads. Change your mind any time via cookies. Privacy policy: policies.google.com/privacy.
  • Microsoft Clarity (Microsoft), session replay and heatmaps. Loaded only if you accept the cookie banner. Sets cookies and records on-page interactions (clicks, scrolls, mouse movement) so we can see where people get stuck. Form fields and text you type are masked by default. Decline, and it never loads. Privacy statement: privacy.microsoft.com.
  • Anthropic, the Ansa-Phone assistant (the paperclip). Only relevant if you choose to chat with it. The messages you type in the chat are sent to Anthropic's Claude service to write the reply, using this site's own pages as the source. Anthropic does not use these messages to train its models, and handles them under its commercial API terms (which provide for limited retention for abuse prevention). Nothing else on the site sends anything to Anthropic, and the chat asks for no name, email or sign-up. Please don't type personal details into it. Privacy policy: anthropic.com/legal/privacy.
  • Ionos UK, VPS hosting. The server lives in their UK data centre. They see the server's existence but not the application data. Privacy policy: ionos.co.uk/terms-gtc/terms-privacy.
  • Fonts, self-hosted. Every typeface on Ansa-Phone (Bricolage Grotesque, Hanken Grotesk, IBM Plex Mono and VT323) is served from our own UK server. Visiting Ansa-Phone makes no font request to Google or any other third party, so no one sees your IP for a font.
  • Amazon Associates, only relevant when you click an Amazon UK buy button on /best-simple-phones or a phone review. Amazon then sets its own cookies on the destination retailer page. See Amazon's privacy policy for detail.
  • Awin, the affiliate network behind some buy links (Back Market UK and the SIM providers). Only relevant when you click one of those buy buttons: you leave Ansa-Phone and Awin records the click so the retailer knows we sent you, setting its own cookies on the destination site. Awin runs no script on Ansa-Phone itself. Privacy policy: awin.com/gb/privacy.

That is the list. No data goes anywhere else.

What we collect, in detail

Newsletter sign-up. Your email, optionally your name, the source page (e.g. "footer", "switching-kit"), and the date you consented. Stored in a Postgres database on our UK VPS. Lawful basis: consent (Article 6(1)(a) UK GDPR).

Affiliate clicks. When you click a marked buy button anywhere on Ansa-Phone, we log the network identifier (e.g. "amazon" or "direct"), the retailer name (e.g. "Amazon UK"), the product slug, the source page, the user-agent string, the timestamp, and a salted SHA-256 hash of your IP. We do not store your raw IP. Click logs are kept for 24 months then aggregated to totals and the row-level data is deleted. Lawful basis: legitimate interest in measuring which recommendations are useful enough to click through.

Site analytics. If you accept the cookie banner, Google Analytics records pages viewed, referrers, country, device and browser, and Microsoft Clarity records on-page interactions (clicks, scrolls, mouse movement, with form inputs masked) so we can see where people get stuck. Both set cookies. If you decline, neither loads and nothing is sent. Lawful basis: consent. You can withdraw it any time on the cookies page.

The assistant chat. If you chat with the paperclip assistant, the messages you type (and the last few turns of that chat, so it can follow the thread) are sent to Anthropic's Claude service to compose the reply. We don't ask for or attach your name, email or any account, we rate-limit the chat, and we don't store the conversation on our server. Anthropic does not train on these messages. Lawful basis: legitimate interest in answering the question you chose to ask. Don't type personal details into the chat.

How long we keep it

  • Newsletter subscriptions: until you unsubscribe.
  • Affiliate-click logs: 24 months, then aggregated and row-level data deleted.
  • Resend transactional email logs: 30 days, then purged by Resend.
  • Google Analytics: we set the shortest data-retention Google offers (currently 14 months) for event-level data; aggregate reports persist. Only collected if you accepted cookies.
  • Microsoft Clarity: per Microsoft's retention for Clarity (recordings expire on their schedule). Only collected if you accepted cookies.
  • VPS access logs: 90 days then rotated out.

Your rights under UK GDPR

You can ask to:

  • See what we hold on you (subject access).
  • Correct anything wrong.
  • Delete everything we hold (right to erasure).
  • Take a copy in a portable format.
  • Object to processing on legitimate-interest grounds.
  • Withdraw consent to the newsletter at any time, with one click in any email.

Email hello@ansa-phone.co.uk with the request. We respond within 30 days. If you think we have got it wrong, you can complain to the Information Commissioner's Office at ico.org.uk.

Privacy FAQ

Is my information safe with Ansa-Phone?

The site is HTTPS-only with a Let's Encrypt TLS certificate, auto-renewed. Form submissions go directly to our Node server over TLS. We don't handle payments, take card details or ship anything, all of that happens at the UK retailer you click through to. Newsletter emails are stored in a Postgres database on our Ionos UK VPS, accessible only by us over SSH. We hash IP addresses before storing them.

Do you sell or share my data with marketers?

No. We never sell data, never rent the email list, never share it with marketers, and never give it to any third party other than the operational services listed below (Resend, the affiliate networks when you click a buy button, the analytics providers Google and Microsoft if you accept the cookie banner, and Anthropic if you choose to chat with the on-site assistant).

Do you use cookies?

Only if you say yes. Ansa-Phone sets no cookies until you accept the cookie banner. If you accept, Google Analytics and Microsoft Clarity set cookies so we can see which pages help and where people get stuck. If you decline, or ignore the banner, no analytics cookies are set and nothing is sent to Google or Microsoft. Either way the site keeps a little localStorage on your device to remember your cookie choice and whether you've dismissed the affiliate-disclosure bar, nothing else. When you click a buy button, the affiliate network may set its own cookies on the destination retailer's site, each network has its own policy.

Where is my data stored?

Newsletter subscriptions live on our Ionos UK VPS in the UK. Transactional email logs at Resend live in Resend's EU infrastructure (purged after 30 days). If you accept the cookie banner, Google Analytics and Microsoft Clarity process data on Google's and Microsoft's own infrastructure, which is international, under their standard contractual clauses. If you decline, no analytics data is sent anywhere. Everything we hold ourselves stays in the UK or EU.

How do I get my data deleted?

Email hello@ansa-phone.co.uk with the subject "Delete my data" and the email address you signed up with. The editor will confirm by email and complete deletion as soon as possible, and within 30 days as required by UK GDPR. We do not keep a "deleted" record, once gone, it is gone.

Are you GDPR compliant?

Yes. Ansa-Phone is written and run by one editor in the UK, an individual rather than a company, and that editor is the data controller. The contact route is hello@ansa-phone.co.uk. Lawful bases: consent for the newsletter, legitimate interest for affiliate-click logging (anonymised), and consent for site analytics (the cookie banner, which you can change any time). You have the right to access, rectification, erasure, portability and to object. Complaints go to the ICO at ico.org.uk.

ansa-phone.
00:00
Ansa-Phone