Privacy & Cookie Policy

Your Strategy Gap is a boutique strategic advisory practice operated by David Lilley. For the purposes of UK and EU data protection law, we are the data controller of any personal information you provide through this website.

You can reach us at:

We try to collect as little as possible. In practice that means:

• If you sign in to the members’ area: your email address, an encrypted password (we never see it in plain text), and basic sign-in metadata such as the date and time you logged in.
• If you contact us directly: your name, email address and whatever you choose to put in your message.
• Technical information your browser sends automatically: IP address, browser type, the page you came from and the page you visited. This is held briefly in server logs for security and diagnostics.

We do not use advertising cookies, marketing pixels, behavioural profiling, or third-party analytics that track you across other websites.

Under UK GDPR Article 6, we rely on the following lawful bases:

• Contract — to give you access to the members’ area and the services you’ve asked for.
• Legitimate interests — to keep the site secure, prevent abuse, and respond to enquiries. We balance this against your rights and only use the minimum data needed.
• Legal obligation — where we have to keep records (for example, tax or accounting evidence relating to engagements).
• Consent — for anything optional, such as a future newsletter. You can withdraw consent at any time.

We do not sell your data. We never share it for advertising. We use a small number of trusted suppliers ("processors") to actually run the website:

• Our hosting and database provider — stores the website, the members’ database and authentication records on our behalf, under a data processing agreement.
• Email provider — used to send sign-in and transactional emails (for example, password resets).

We will also disclose information if we are legally required to (for example, in response to a valid court order), or where it is necessary to protect our rights or the safety of others.

Some of our suppliers operate outside the UK or the European Economic Area. Where that happens, we rely on safeguards approved by the UK Information Commissioner — typically the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision — so that your data continues to be protected to UK / EU standards.

• Members’ accounts: for as long as your account is active, plus up to 12 months if it becomes inactive, after which it is deleted or anonymised.
• Email correspondence: typically up to 24 months after our last contact, unless a longer period is needed for an ongoing engagement.
• Server and security logs: generally up to 30 days.
• Records we must keep by law (for example, accounting records): for the period set by UK law, normally 6 years.

The site is served over HTTPS. Passwords are stored using one-way cryptographic hashing — we cannot see your password and would not be able to share it even if we were asked to. Access to the underlying database is restricted, audited and role-based.

No system is perfectly secure. If we ever become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours and tell you without undue delay where the law requires it.

Under UK and EU GDPR you have the right to:

• Be informed about how we use your data (this notice).
• Access a copy of the data we hold about you.
• Rectify data that is wrong or incomplete.
• Erase your data ("right to be forgotten") where it no longer needs to be kept.
• Restrict or object to certain uses, including processing based on legitimate interests.
• Portability — to receive your data in a common machine-readable format.
• Withdraw consent at any time, where we relied on consent.
• Not be subject to automated decisions with legal or similarly significant effects. We do not make such decisions.

To exercise any of these rights, email privacy@yourstrategygap.com. We will respond within one month, free of charge.

A cookie is a small text file stored on your device by your browser. We use as few as possible, and only ones that are strictly necessary for the site to work. We do not need your consent for these under the Privacy and Electronic Communications Regulations (PECR), but we want you to know they are there.

You can clear or block cookies in your browser’s settings. If you block the authentication cookie you will not be able to sign in to the members’ area.

If we ever add optional cookies (for example, analytics), we will update this policy and ask for your explicit consent through the cookie banner before they are set.

This website is intended for senior business audiences. It is not directed at children under 13, and we do not knowingly collect their personal data. If you believe a child has provided information to us, please contact us and we will delete it.

We may update this policy from time to time. The version date at the top will change and, where the changes are material, we will draw your attention to them in the members’ area or by email.

Questions, requests or concerns? Please email privacy@yourstrategygap.com or write to us at the address in section 1.

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local supervisory authority in the EEA.

This page is maintained by Your Strategy Gap to explain, in plain English, how we handle personal data on this website. It is not a substitute for tailored legal advice.

← Back to home