Privacy Policy

Last updated: October 4, 2025

This Privacy Policy describes how The Messy Middle ("we", "our", or "us") collects, uses, and protects your information when you visit our website and subscribe to our newsletter. This policy tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve our service, deliver our newsletter content, and enhance your experience. By using our service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Company (referred to as either "the Company", "we", "us" or "our" in this Agreement) refers to Dermot Kilroy, operating The Messy Middle blog.
• Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing details of your browsing history on that website among its many uses.
• Country refers to: United Kingdom
• Device means any device that can access the service such as a computer, a cellphone or a digital tablet.
• Newsletter refers to our email publication "The Messy Middle" containing insights on engineering leadership.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Website and Newsletter.
• Third-party Service refers to any service or application provided by a third party that we use to deliver our service, including but not limited to Kit.com (ConvertKit), Cloudflare, and other integrated platforms.
• Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
• Website refers to The Messy Middle, accessible from https://messymiddle.blog/
• You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

When you use our service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. This information is collected through:

• Newsletter Subscription: Email address, and optionally your first name
• Contact Forms: Name and email address when you contact us
• Newsletter Engagement: Email open rates, click-through rates, and engagement metrics
• Subscription Management: Subscription preferences, unsubscribe requests, and subscription history

Usage Data

Usage data is collected automatically when using our service through our website infrastructure and third-party services.

This usage data may include information such as your device's Internet Protocol address (IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access our service through a mobile device, we may collect certain information automatically, including but not limited to the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our website or when you access our service through a mobile device.

Third-Party Service Data

Our website and newsletter service integrate with several third-party platforms that may collect additional data:

• Kit.com (ConvertKit): Processes newsletter subscriptions, manages email delivery, tracks email engagement, and handles subscription preferences
• Cloudflare: Provides website hosting, content delivery, caching, and may collect performance and security-related data

Tracking Technologies and Cookies

We use cookies and similar tracking technologies to track activity on our website and store certain information. These technologies help us deliver and improve our service. The technologies we use may include:

• Essential Cookies: Required for the website to function properly, including session management and security features
• Performance Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously
• Cloudflare Cookies: Used by our hosting provider for security, performance optimization, and content delivery

Cookies can be "Persistent" or "Session" Cookies. Persistent cookies remain on your device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for the following purposes:

• Necessary / Essential Cookies

  Type: Session and Persistent Cookies

  Purpose: These cookies are essential to provide you with services available through the website and to enable you to use some of its features. They help with website functionality, security, and basic operations. Without these cookies, the services you have requested cannot be provided.

• Performance and Analytics Cookies

  Type: Persistent Cookies

  Purpose: These cookies help us understand how visitors interact with our website by collecting and reporting information about website usage, page load times, and error messages.

• Third-Party Cookies

  Type: Various

  Purpose: Set by third-party services like Cloudflare for content delivery, security, and Kit.com for newsletter subscription tracking.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service.

Use of Your Personal Data

We may use your personal data for the following purposes:

• Newsletter Delivery: To send you our email newsletter "The Messy Middle" with insights on engineering leadership
• Service Provision: To provide and maintain our website, deliver content, and ensure optimal performance
• Communication: To respond to your inquiries, feedback, and support requests
• Service Improvement: To analyze website usage, understand reader preferences, and improve our content and user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security and Fraud Prevention: To detect, prevent, and address technical issues, spam, and fraudulent activity
• Newsletter Analytics: To track email engagement (opens, clicks) to understand content effectiveness and reader preferences

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your personal data includes:

• Consent: When you subscribe to our newsletter or contact us voluntarily
• Legitimate Interest: For website analytics, security, and service improvement
• Legal Obligation: When required to comply with applicable laws

Sharing Your Personal Data

We may share your personal information in the following situations:

• With Third-Party Service Providers: We share data with trusted service providers who help us operate our website and newsletter:
  • Kit.com (ConvertKit): Your email address and engagement data for newsletter delivery and management
  • Cloudflare: Website usage data for hosting, security, and performance optimization
• For Legal Reasons: When required by law, court order, or government request, or to protect our rights and safety
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition, where personal data may be transferred as part of the business assets
• With Your Consent: We may disclose your personal information for any other purpose with your explicit consent

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy:

• Newsletter Subscriptions: Until you unsubscribe or request deletion. After unsubscribing, we may retain your email address to prevent accidental re-subscription
• Website Usage Data: Generally retained for up to 2 years for analytics and security purposes
• Email Engagement Data: Retained as long as you remain subscribed to track preferences and improve content
• Contact Inquiries: Retained for up to 3 years to provide support and maintain correspondence records

We will retain and use your personal data to the extent necessary to comply with legal obligations, resolve disputes, and enforce our policies. When personal data is no longer needed, we will securely delete or anonymize it.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including:

• United States: Our service providers Kit.com (ConvertKit) and Cloudflare operate servers and process data in the US
• Other locations: Where our third-party service providers have infrastructure

These countries may have data protection laws that differ from those in your jurisdiction. However, we ensure that:

• All data transfers comply with applicable data protection laws
• Our service providers implement appropriate safeguards for international transfers
• We use service providers that participate in recognized data protection frameworks where applicable

By using our service, you consent to the transfer of your information to these countries for the purposes described in this privacy policy.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

General Rights

• Unsubscribe: You can unsubscribe from our newsletter at any time using the unsubscribe link in any email
• Access: Request information about the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements

Additional Rights (GDPR - EEA Residents)

• Data Portability: Receive your personal data in a structured, machine-readable format
• Restrict Processing: Request restriction of processing in certain circumstances
• Object to Processing: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at dk@dermotkilroy.com. We will respond to your request within the timeframe required by applicable law.

Legal Disclosure Requirements

We may disclose your personal data when required by law or in response to valid legal processes, including:

• Compliance with a legal obligation or court order
• Protection of our rights, property, or safety, and that of our users or the public
• Prevention or investigation of possible wrongdoing in connection with our service
• Response to valid requests by public authorities or law enforcement

Data Security

The security of your personal data is important to us. We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

• Encryption: Data transmission is protected using SSL/TLS encryption
• Access Controls: Limited access to personal data on a need-to-know basis
• Third-Party Security: Our service providers (Kit.com, Cloudflare) implement industry-standard security practices
• Regular Monitoring: Regular monitoring for security vulnerabilities and threats

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require parental consent before we collect and use that information.

Third-Party Services and Links

Third-Party Service Providers

Our service integrates with the following third-party providers:

• Kit.com (ConvertKit): Email marketing and newsletter delivery platform. View their privacy policy at https://convertkit.com/privacy
• Cloudflare: Web hosting, security, and performance optimization. View their privacy policy at https://www.cloudflare.com/privacypolicy/

External Links

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update our privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes to this privacy policy, we will:

• Update the "Last updated" date at the top of this privacy policy
• Post the new privacy policy on this page
• For material changes, provide notice through our newsletter or website

We encourage you to review this privacy policy periodically to stay informed about how we are protecting your information. Your continued use of our service after we post any modifications to the privacy policy constitutes your acceptance of those changes.

Contact Us

If you have any questions about this privacy policy, your personal data, or want to exercise your privacy rights, please contact us:

• Email: dk@dermotkilroy.com
• Subject Line: Please use "Privacy Policy Inquiry" for faster response
• Response Time: We will respond to privacy-related inquiries within 30 days

For newsletter-specific requests (unsubscribe, subscription management), you can also use the links provided in our newsletter emails.

Data Protection Authority

If you are located in the EEA and believe we have not adequately resolved your privacy concerns, you have the right to lodge a complaint with your local data protection authority.