Abraham of London
Governance // Privacy

Privacy Policy

This policy explains how Abraham of London handles personal data across the site, diagnostic flows, access-controlled areas, contact points, and post-assessment continuity systems. It is written to reflect the system as it operates now.

Last Updated: 30 April 2026

1. Who We Are

Abraham of London is the trading and publishing identity used for this site and related digital services. For data protection purposes, the controller is Abraham Adaramola, based in London, United Kingdom.

Contact for privacy matters: info@abrahamoflondon.org

2. What We Collect

We collect only the categories of information needed to operate the site and the services offered through it. Depending on how you use the site, this may include:

  • Contact details you provide, such as name, email address, and enquiry content.
  • Diagnostic and decision data you enter into assessments, strategy tools, or follow-up flows.
  • Access and entitlement data for members, purchasers, or invited users.
  • Technical and security data such as IP-derived signals, browser information, device context, timestamps, and abuse-prevention logs.
  • Client-side continuity data stored in your browser, including assessment progress, session state, and preference markers.

Some newer continuity flows are designed to separate identity from decision records by encrypting stored email data and using hashed lookups. Some older site features still rely on more conventional application storage patterns while they are being brought into the same model.

3. How We Use It

We use personal data only where there is a clear operational reason to do so. This includes:

  • Delivering assessments, reports, downloads, memberships, and other requested services.
  • Maintaining continuity across decision tools, including saved progress, reminders, and return access.
  • Responding to contact requests, support issues, and account or access queries.
  • Operating security controls, rate limits, session protections, and fraud or abuse detection.
  • Maintaining internal records needed for fulfilment, service integrity, and lawful business administration.

Our main legal bases are contract, steps taken at your request before contract, legitimate interests in running and securing the service, and consent where a submission is optional or specifically framed that way.

4. Email And Decision Continuity

If you provide an email address in connection with a diagnostic, strategy, or decision flow, we may use it to continue that specific process. This may include a session continuation message, a decision-state follow-up, or a return brief where the system records that the decision state has changed.

These emails are intended to continue the service you entered, not to run generic campaigns. They are governed by system state, cooldown controls, and unsubscribe handling. We do not include full assessment responses in emails, and we use summarised language rather than verbatim user input.

5. Sharing And Processors

We do not sell personal data. We share data only where needed to operate the site, deliver messages you asked to receive, process access, or protect the service.

Depending on the feature in use, this may include infrastructure, hosting, email, and abuse-prevention providers. Current processors or third-party services may include Resend for transactional email delivery, Stripe for payment processing and access entitlement, Google reCAPTCHA where enabled on protected forms or flows, and Buttondown where subscription workflows are used.

Some of these providers may process data outside the United Kingdom. Where that happens, we rely on appropriate contractual or statutory safeguards.

6. Retention

We keep data only for as long as it is reasonably needed for the relevant service, security, legal, or record-keeping purpose.

  • Client-side continuity data remains in your browser until it expires or you remove it.
  • Decision and reminder records may be retained while an active continuity or access relationship exists.
  • Some unlinked or inactive session data is periodically purged.
  • Where you unsubscribe or request deletion, we process that request as soon as reasonably practicable, although limited suppression or audit data may be retained where needed to honour the request or comply with law.

7. Your Rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, or portability. You may also withdraw consent where we rely on it.

Some flows also provide direct unsubscribe or deletion mechanisms. You can request full data deletion at any time — your decision records, identity data, and session history will be removed. If you want to exercise a right, contact info@abrahamoflondon.org. You also have the right to complain to the UK Information Commissioner's Office if you believe data has been handled unlawfully.