Privacy Policy

Last Updated: 5th February 2026

1. Introduction

This privacy policy explains how London Underground Alerter ("we", "us", or "our") collects, uses, and protects your personal information when you use our service. We are committed to protecting your privacy and being transparent about how we handle your data.

London Underground Alerter is operated by an individual based in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

2. Who We Are

Service Name: London Underground Alerter
Purpose: Email alerts for London Underground, Overground, Elizabeth line, DLR, and Tram service disruptions
Data Controller: Individual operator (UK-based)
Contact: alerts@tubenotifications.co.uk

3. What Information We Collect

We collect the following personal information when you subscribe to our alert service:

Information You Provide:

• Email Address: Required to send you service disruption alerts
• Line Preferences: Which Tube/rail lines you want to receive alerts for
• Time Window: The time periods during which you want to receive alerts (e.g., 08:00-10:00 for your morning commute)

Information We Collect Automatically:

• IP Addresses: We log IP addresses for security purposes and to prevent abuse of our service (e.g., when you subscribe, unsubscribe, or access unsubscribe links). This helps us identify and prevent automated systems from inappropriately accessing unsubscribe links.
• Subscription Timestamps: When you subscribed and when you unsubscribed (if applicable)
• Alert History: Records of which alerts were sent to prevent duplicate notifications

Information We Do NOT Collect:

• We do not require your name, phone number, address, or any other personal details
• We do not track your location
• We do not collect payment information (our service is free)

4. How We Use Your Information

We use your personal information for the following purposes:

1. Service Delivery: To send you email alerts about service disruptions on your selected Tube/rail lines during your specified time windows
2. Service Improvement: To ensure alerts are sent only when relevant (avoiding duplicate or unnecessary notifications)
3. Security & Fraud Prevention: To log IP addresses and prevent abuse of our service
4. Communication: To send you confirmation emails when you subscribe or unsubscribe

We will NEVER:

• Send you marketing emails or promotional content
• Sell, rent, or share your email address with third parties for marketing purposes
• Send you emails unrelated to Tube/rail service disruptions

5. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Consent (Article 6(1)(a) UK GDPR): When you subscribe to our service, you provide explicit consent for us to send you email alerts. You can withdraw this consent at any time by unsubscribing.
• Legitimate Interest (Article 6(1)(f) UK GDPR): We have a legitimate interest in logging IP addresses for security purposes, fraud prevention, and to ensure our service is not abused.

6. How We Share Your Information

We work with the following third-party service providers to deliver our service:

Email Service Provider (Brevo):

We use Brevo (formerly Sendinblue) to send email alerts. When you subscribe, your email address and subscription preferences are shared with Brevo to enable email delivery. Brevo is GDPR-compliant. You can review Brevo's privacy policy at: https://www.brevo.com/legal/privacypolicy/

Transport for London (TfL) API:

We use TfL's publicly available API to check the status of Tube and rail lines. We do not share any of your personal information with TfL. We only retrieve public service status data.

Hosting Provider (DigitalOcean):

Our service is hosted on DigitalOcean's London data centre. Your subscription data is stored securely on servers located in the United Kingdom. DigitalOcean complies with GDPR and industry-standard security practices.

We do NOT:

• Share your data with advertisers or marketing companies
• Sell your personal information to anyone
• Transfer your data outside the UK/EEA (except to Brevo, which has appropriate GDPR safeguards)

7. Data Retention

We retain your personal information for as long as you remain subscribed to our service. Here's what happens to your data:

While You're Subscribed:

• Your email address and preferences are stored in our database
• Alert history is retained for up to 1 year to prevent duplicate notifications

When You Unsubscribe:

• Your personal data is permanently deleted from our database immediately upon unsubscription
• We do not keep any backup copies or "soft delete" records
• Unsubscribe logs (IP addresses and timestamps) are retained for up to 90 days for security auditing purposes, then permanently deleted

Automated Cleanup:

• Statistics and line history data older than 1 year are automatically purged from our database
• No personally identifiable information is stored in these statistics tables

8. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

Right to Access:

You can request a copy of the personal information we hold about you. Email us at alerts@tubenotifications.co.uk with your request.

Right to Rectification:

If your email address or preferences are incorrect, you can update them by unsubscribing and re-subscribing with the correct information.

Right to Erasure ("Right to be Forgotten"):

You can request deletion of your personal data at any time by clicking the unsubscribe link in any alert email, or by emailing us directly. Your data will be permanently deleted immediately.

Right to Withdraw Consent:

You can withdraw your consent to receive alerts at any time by unsubscribing. This will stop all future emails and delete your data from our system.

Right to Data Portability:

You can request a copy of your subscription data in a machine-readable format (JSON) by emailing alerts@tubenotifications.co.uk.

Right to Object:

You can object to our processing of your data by unsubscribing or contacting us directly.

9. How to Unsubscribe

You can unsubscribe from our service at any time by using the unsubscribe link in any alert email we send you.

Every alert email includes an unsubscribe link at the bottom. Click the link, confirm your decision on the unsubscribe page, and your data will be immediately and permanently deleted.

Important Security Note: To prevent malicious automated systems from unsubscribing users without their knowledge, our unsubscribe links require a button click on a confirmation page. This protects you from email security scanners that automatically click links in emails.

10. Data Security

We take data security seriously and implement the following measures to protect your information:

• Encrypted Connections: All communication between your browser and our servers is encrypted using HTTPS/TLS
• Secure Database Storage: Your subscription data is stored in a secure SQLite database with restricted access
• IP Logging for Abuse Prevention: We log IP addresses to detect and prevent automated abuse of our service
• Rate Limiting: We implement rate limits to prevent spam subscriptions and denial-of-service attacks
• Regular Security Updates: Our servers and software are regularly updated with security patches
• Access Control: Only authorised personnel have access to the production database

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

11. Cookies and Tracking

Our website uses minimal tracking technologies:

Essential Cookies:

We may use strictly necessary cookies for basic functionality (e.g., session management, security). These cookies are essential for the service to function and are set based on legitimate interest.

Analytics (Google Analytics):

We use Google Analytics to understand how visitors use our website (e.g., page views, traffic sources). This helps us improve the service. Google Analytics may set cookies, and data is processed in accordance with Google's privacy policy.

We do NOT use:

• Advertising cookies
• Third-party tracking pixels
• Cross-site tracking
• Social media tracking

12. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom:

• Database Hosting: DigitalOcean's London data centre (UK)
• Email Service: Brevo (EU-based, GDPR-compliant)

If data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• The "Last Updated" date at the top of this policy will be revised
• Significant changes will be communicated to subscribers via email
• Continued use of the service after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please contact us:

We aim to respond to all enquiries within 7 working days.

---

Summary in Plain English:

• We only collect your email, line preferences, and alert time windows
• We use your data solely to send you Tube/rail disruption alerts – no marketing, no spam
• You can unsubscribe anytime via the link in any email
• When you unsubscribe, we immediately delete all your personal data – no exceptions
• We use Brevo to send emails and store data on DigitalOcean servers in London
• We log IP addresses for security purposes only
• We never sell your data or share it with advertisers