The Closed Session
  • Products
  • About
  • Governance Decoded ↗

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how The Closed Session collects, uses, and protects your personal data. It applies to users of the-closed-session.com and to subscribers to the Governance Decoded newsletter. It is prepared in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian data protection law.

1. Who is the data controller

The data controller for this website is Paul Halpin, trading as The Closed Session (the-closed-session.com).

Contact: support@the-closed-session.com

2. What personal data we collect and why

2.1 Newsletter subscriptions (Governance Decoded)

If you subscribe to the Governance Decoded newsletter via this website, we collect your email address and, if provided, your name.

Legal basis: Your consent (GDPR Article 6(1)(a)).
Purpose: To send you the Governance Decoded newsletter and associated product announcements.
Processor: Email subscriptions are managed through Beehiiv (Beehiiv, Inc.). Your data is stored on Beehiiv's servers. Beehiiv's Privacy Policy is available at beehiiv.com/privacy.

You may withdraw your consent and unsubscribe at any time using the unsubscribe link included in every newsletter email.

2.2 Purchases

If you purchase a product from The Closed Session, your payment and contact data is collected and processed by Paddle (Paddle.com Market Ltd), which acts as the Merchant of Record for all transactions. Paddle's Privacy Policy is available at paddle.com/legal/privacy.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)).
What we receive from Paddle: The minimum information necessary to fulfil your order — typically your email address and the product purchased.

2.3 Website infrastructure

This website is hosted on Cloudflare Pages (Cloudflare, Inc.). Cloudflare processes standard server log data, including IP addresses and request metadata, as part of its infrastructure and security services. This data is processed by Cloudflare in accordance with its Privacy Policy at cloudflare.com/privacypolicy.

We do not use advertising trackers, third-party analytics cookies, or behavioural tracking on this site.

3. How we use your data

We use your personal data only for the purposes described above. We do not sell, rent, share, or transfer your personal data to third parties for marketing or commercial purposes. We do not use your data for automated decision-making or profiling.

4. How long we keep your data

Newsletter subscription data is retained for as long as you remain subscribed, and for a reasonable period thereafter to comply with any legal retention obligations.

Purchase-related data is retained for as long as required by applicable Italian and EU law — typically seven years for tax and accounting records.

5. Your rights under GDPR

You have the following rights in relation to your personal data:

  • Access: to request a copy of the personal data we hold about you
  • Rectification: to request correction of inaccurate data
  • Erasure: to request deletion of your data, subject to our legal retention obligations
  • Objection: to object to processing where our legal basis is legitimate interest
  • Portability: to receive your data in a portable format where technically feasible
  • Withdrawal of consent: to withdraw consent at any time where processing is based on consent (this does not affect the lawfulness of prior processing)

To exercise any of these rights, contact us at: support@the-closed-session.com

We will respond to all valid requests within one month. Complex requests may take up to three months; we will inform you if this is the case.

6. The right to complain

If you believe we have handled your personal data unlawfully or not in accordance with this Policy, you have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali
www.garanteprivacy.it

If you are based in another EU member state, you may also contact your national supervisory authority.

7. International data transfers

Your data may be processed outside the European Economic Area by our processors — principally Beehiiv (US) and Cloudflare (US). Both operate under appropriate data transfer safeguards, including Standard Contractual Clauses where applicable. Please refer to their respective privacy policies for details.

Paddle's data processing arrangements are described in Paddle's own Privacy Policy, available at paddle.com/legal/privacy.

8. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, processors, or applicable law. The current version will always be available at this address. Material changes will be communicated via the website or via the Governance Decoded newsletter.

9. Contact

For any privacy-related queries, please contact:
support@the-closed-session.com

Products

  • Board AI Oversight Framework
  • AI Governance Readiness Diagnostic
  • Governance Playbooks (coming soon)

Resources

  • Governance Decoded Newsletter ↗

Legal

  • Terms & Conditions
  • Refund Policy
  • Privacy Policy
© 2026 The Closed Session by Paul Halpin. All rights reserved. Payments processed by Paddle, Merchant of Record.