Privacy Policy

Last updated: 3 May 2026

This page explains what information TossWealth collects, why, and what happens to it. The site is run by a single person — me — and these policies reflect that.

If you only have a minute: I don’t sell, share, or market with your data. The only personal information I knowingly collect is what you send me through the contact form, and that exists so I can reply. Everything else on this page is the longer, more careful version of the same idea.

Who this applies to

This policy applies to anyone who visits tosswealth.com, regardless of country. It is written to align with India’s Digital Personal Data Protection Act, 2023 (DPDP) and the European Union’s General Data Protection Regulation (GDPR). I am the data fiduciary (DPDP) and data controller (GDPR) for this site.

If you have any concern about how your data is handled here, write to me through the contact form and I will respond personally.

What I collect

There are four categories of data, and I am being honest about all of them.

1. What you send me deliberately

When you submit the contact form, you provide your name, email address, and message. This is collected only when you choose to send it.

2. Standard server logs

Like every website, mine runs on a server (Hostinger), and the server keeps standard access logs. These typically record IP address, browser type, the page you visited, and the date and time. I do not personally read these logs in normal operation. They exist for diagnostics and security.

3. Analytics

I use Google Analytics to understand basic traffic patterns — how many people visit, which posts they read, roughly where they are visiting from. Google Analytics may set its own cookies and may collect additional data per Google’s policies. I have configured it for site analytics only; I do not run advertising or remarketing through it.

If you wish to opt out of Google Analytics specifically, you can install the official browser add-on at tools.google.com/dlpage/gaoptout or block analytics cookies in your browser settings.

4. Plugin and security data

The site uses two plugins that may store small amounts of data:

  • Wordfence Security logs visitor activity for security purposes — failed login attempts, suspicious requests, IP-level threat data. This is automated and used only to protect the site.
  • Rank Math SEO stores data about content for search engine optimization. It does not track individual visitors.

I do not actively review the data collected by these plugins unless investigating a specific security or content issue.

What I don’t do

To be clear about boundaries:

  • I do not sell your data to anyone, ever.
  • I do not share your data with marketers, advertisers, or any third party that asks.
  • I do not run a newsletter and have no email list to add you to.
  • I do not run advertising on this site.
  • I do not use your data to build profiles for targeting or remarketing.
  • I do not pass form submissions to any external CRM, automation tool, or analytics platform.

How I use the contact form data

If you write to me through the contact form, your message and email are used solely to respond to you and continue the conversation if it warrants one. The data sits in two places: my email inbox, and the WordPress database on this site. I do not move it elsewhere.

I keep contact submissions for as long as feels reasonable — usually because a conversation may resume months or years later. If you want me to delete your submission, write and ask. I will.

One important thing about contact form correspondence:

If a person who has written to me later publicly misrepresents what was said in our exchange — claiming things were promised, advised, or asserted that were not — I reserve the right to publish the actual exchange in full to correct the record. This is a defensive measure, used only in response to public misrepresentation, and only to the extent necessary to set the record straight. In the absence of such a circumstance, your messages remain private.

Cookies

A cookie is a small file your browser stores when you visit a website. Cookies on this site come from these sources:

  • WordPress sets cookies when an author (me) is logged in to manage the site. Visitors do not encounter these.
  • LiteSpeed Cache uses cookies to manage caching and improve page speed.
  • Google Analytics sets cookies to count visitors and understand traffic patterns.
  • Wordfence may set cookies for security purposes (e.g., to identify suspicious behaviour).
  • Comments, if you ever leave one, may store your name and email in a cookie so you don’t have to re-enter them. (Comments are currently disabled, but this could change.)

You can clear or block cookies through your browser settings. Doing so will not break the site for normal reading — though some performance features may degrade slightly.

I do not currently use a cookie consent banner. If readership patterns or applicable regulation changes require one, I will add one and update this policy.

Third parties involved

For full transparency, here is the list of third parties whose services touch this site:

  • Hostinger — hosting provider (server logs, infrastructure)
  • Google Analytics — visitor analytics
  • Google Fonts — fonts are served locally on this site, so Google Fonts itself is not loading from external servers per visit
  • Wordfence — security
  • Rank Math — SEO

Each of these has its own privacy policy, which I encourage you to read if you want details on their practices.

Your rights

Under DPDP (India) and GDPR (EU/EEA), and as a matter of basic decency for everyone else, you have the following rights:

  • Right to access — you can ask what personal data I hold about you.
  • Right to correction — you can ask me to correct any data that’s wrong.
  • Right to deletion — you can ask me to delete your data, and I will (subject to the contact-form correspondence note above, where I may retain records of an exchange for defensive purposes if it is publicly misrepresented).
  • Right to withdraw consent — if you previously consented to something, you can withdraw that consent.
  • Right to portability — you can ask for a copy of your data in a usable format.
  • Right to complain — if you feel I’ve mishandled your data, you can complain to the relevant data protection authority in your jurisdiction (the Data Protection Board in India, your national supervisory authority in the EU).

To exercise any of these, write to me through the contact form. I will respond within 30 days and usually much sooner.

Children

This site is not directed at children under 18, and I do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted information through this site, please write to me and I will delete it.

Security

Reasonable security measures are in place: HTTPS encryption for all traffic, Wordfence for active threat detection, and standard WordPress security practices. No system is perfectly secure, but I treat the data here with the care I’d want for my own.

Changes to this policy

I may update this policy occasionally — to reflect new tools added to the site, changed regulations, or clearer thinking about the topics above. The “Last updated” date at the top will reflect any changes. Material changes will be flagged at the top of the page for a reasonable period.

Contact

For any privacy-related question or request, write to me through the contact form. I read every message myself and respond personally.