Log in Subscribe

Privacy Policy

Gishty believes you should know how your data is used (if at all).

Effective date: 03 January 2026

This Privacy Policy explains how the data provided by you is collected, used and protected by Sham Jaff (“Gishty,” or “Sham”).

By subscribing to Gishty's newsletters, you agree to this Privacy Policy. If you do not agree, please do not use Gishty's services.

See also:

1. Who Gishty is

Gishty is operated by Sham Jaff, a freelance journalist (Freiberuflerin) in Germany.

The data controller responsible under Article 4(7) of the General Data Protection Regulation (GDPR) is Sham Jaff.

You can contact Sham Jaff at [email protected] or at Holsteinische Strasse 38, 12161 Berlin, Germany.

2. What Information Gishty Collects

Gishty collects the following types of personal and non-personal data:

  • Information you provide: such as your name, email address, payment details (as processed by Gishty's payment processors; Gishty does not store full credit card or bank details), and any messages you send Gishty.
  • Automatically collected data: such as IP address, country, user agents, browser type, pages visited, and other required data (used for security and rate limiting).
  • Third-party sources: such as payment processors or newsletter platforms (e.g. Mailchimp, PayPal) that share limited data with Gishty for service delivery (only when required).
What's the tl;dr?
Gishty only collects what’s necessary to run the site, deliver newsletters, and improve Gishty's service.
How does this impact me?
Your personal details are safe and handled carefully; Gishty doesn't ask for more information than Gishty truly needs.

3. How and Why Gishty Uses Your Information

Gishty process your data for the following purposes:

  • To deliver newsletters and updates you subscribe to.
  • To offer occassional promotional or fundraising emails.
  • To manage VIP memberships and process payments.
  • To respond to messages, feedback, or customer support requests.
  • To analyze site performance and improve content.
  • To comply with legal obligations and enforce Gishty's Terms.

Gishty's legal bases for processing (under GDPR) include consent, contractual necessity, legitimate interests, and legal compliance.

What's the tl;dr?
Gishty uses your data to send what you asked for, run the business effectively, and meet legal obligations.
How does this impact me?
You’re in control — Gishty will never use your data for unrelated purposes or sell it to third parties.

4. Cookies and Tracking Technologies

Gishty uses cookies and similar technologies to keep Gishty's website functioning (essential cookies), and to personalize user experience (optional cookies).

You can manage or withdraw your consent anytime by logging out of Gishty (all account-related session cookies are removed at that point) or through your browser settings.

Gishty does not use any advertising or cross-site tracking cookies.

What's the tl;dr?
Cookies help the site work smoothly and let Gishty understand what readers enjoy most.
How does this impact me?
You can destroy both essential and optional cookies by logging out of Gishty.

5. How Gishty Shares Your Information

Gishty only shares data with trusted service providers who help operate Gishty, such as:

  • Email platforms (e.g. Mailchimp, Postmark)
  • Payment processors (e.g. PayPal, Patreon)

All partners are required to handle your data securely and in compliance with privacy laws. Gishty never sells personal data to advertisers or third parties.

What's the tl;dr?
Sometimes Gishty needs partners to run things like payments or email delivery — but they must follow strict privacy rules.
How does this impact me?
Your data won’t leave Gishty's control; partners only use it to provide the services you’ve requested.

6. International Data Transfers

When data is transferred outside Germany, Gishty ensures appropriate safeguards are in place under GDPR, PIPEDA, and CCPA, including:

  • Data processing agreements
  • Verified adequacy decisions
What's the tl;dr?
Some tools Gishty uses may process data abroad, but Gishty only works with providers who meet international privacy standards.
How does this impact me?
Your personal data receives the same level of protection, no matter where it’s processed.

7. Data Retention

Gishty retains personal data only as long as necessary for the purposes set out in this policy, or as required by law. When no longer needed, Gishty securely deletes or anonymizes it.

What's the tl;dr?
Gishty doesn't keep your information forever — just long enough to do what Gishty said Gishty would.
How does this impact me?
You can be confident that your data isn’t stored indefinitely or used without reason.

8. Service Providers

Gishty uses certain trusted third-party services to help operate Gishty's website and deliver Gishty's products and services. These providers may process personal data on Gishty's behalf in accordance with this Privacy Policy and applicable data-protection laws.

Each service is engaged only to the extent necessary to perform its function (for example, hosting, email delivery, payment processing, etc) and is bound by confidentiality and data-protection obligations.

Gishty ensures, where required, that data transfers outside your jurisdiction are made under appropriate safeguards.

A list of Gishty's current service providers, along with the purpose of processing, is provided below:

  • Amazon Web Services (AWS): Provides website hosting, storage, email and infrastructure services used to operate and maintain Gishty's platform.
  • Cloudflare: Delivers content efficiently through its content delivery network (CDN) and provides security features such as DDoS protection and SSL management.
  • Mailchimp: Manages Gishty's subscriber lists, email communications, and newsletter distribution.
  • Patreon: Provides services to Patreon-originating users and subscribers.
  • PayPal: Processes online payments and subscription transactions securely in accordance with PCI-DSS standards.
  • Plausible: Provides GDPR compliant, cookie-free, non-tracking analytics services.
  • Postmark: Delivers transactional emails such as sign-up confirmations, password resets, and account notifications.
  • Substack: Provides services to Substack-originating users and subscribers. (removed in December 2025)
  • Carrd: Hosts parts of Gishty's website and landing pages used for sign-ups and information displays. (removed in December 2025)
What's the tl;dr?
Gishty uses trusted third-party services to host the site, send emails, analyze traffic, and process payments securely.
How does this impact me?
Your data may pass through these trusted providers so Gishty can run the site, send emails, and process payments. They don’t sell or misuse your information and only use it to deliver the services you request.

9. Your Rights

Gishty grants users the following rights:

  • Access your data
  • Correct inaccuracies
  • Request deletion (“right to be forgotten”)
  • Object to or restrict processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with a data authority

Residents of California also have rights under CCPA, including:

  • Right to know what personal data is collected
  • Right to delete data
  • Right to opt out of data sale (Gishty does not sell personal data)
What's the tl;dr?
You’re in charge of your own information and can ask Gishty to show, change, or delete it anytime.
How does this impact me?
Simply email Gishty at [email protected] for any data request — Gishty will respond within the required legal timeframe.

10. Email Communications and Consent

Gishty sends newsletters and updates only to users who have opted in, in compliance with GDPR, PECR, and CASL.

Every email includes an unsubscribe link.

For paid subscriptions, email is part of the contractual service, but you can opt out of promtional & fundraising communications anytime.

What's the tl;dr?
Gishty will only email you if you’ve chosen to hear from Gishty.
How does this impact me?
You can unsubscribe or adjust preferences at any time — no questions asked.

11. Security Measures

Gishty implements appropriate technical and organizational security measures to protect your data against loss, theft, or unauthorized access. This includes encryption, secure servers, and limited internal access.

What's the tl;dr?
Gishty takes security seriously and use industry-standard safeguards.
How does this impact me?
Your personal data is stored safely and handled only by authorized people.

12. Children’s Privacy

Gishty's services are not directed at individuals under 18. Gishty does not knowingly collect personal data from minors. If Gishty becomes aware of such data, Gishty deletes it promptly.

What's the tl;dr?
Gishty is for adults and young adults interested in journalism and culture — not for children.
How does this impact me?
If you’re a parent and think your child’s data has been submitted, you can contact Gishty to have it removed.

13. Updates to This Policy

Gishty may update this Privacy Policy from time to time. The latest version will always be posted on this page with an updated effective date. Material changes will be clearly communicated 4-weeks prior to taking effect.

What's the tl;dr?
Privacy laws and Gishty's practices evolve, so this document may change.
How does this impact me?
Check back occasionally — but Gishty will notify you if anything significant changes.

14. Contact Information

For any privacy questions, data requests, or complaints, please contact Gishty at: [email protected]