Skip to content
What's Next? The Leader’s Playbook
Subscribe →
Founders’ price Launch pricing for your first twelve months. 40 Playbooks, 40% discount for Founders. View the playbooks →

Privacy policy

Last updated: 10 June 2026

This policy explains what personal data we collect when you use the What's Next? website at whatsnext.ltd, why we collect it, who we share it with, and the rights you have over it. It covers visitors, newsletter subscribers, and paying members anywhere in the world.

We are the controller of your personal data. We are Ask the Customer Limited, a company registered in England and Wales (company number 12555451), registered office 49 Greek Street, London W1D 4EG, trading as What's Next?.

For any privacy question or to exercise your rights, email us at [email protected].

1. The data we collect

We collect only what we need to run the service.

You give us:

  • Account details — your name and email address when you create an account or subscribe.
  • Newsletter sign-up — your email address, if you subscribe to the newsletter.
  • Payment details — when you buy something, you enter your payment details with our payment provider (see section 4). We receive confirmation of the payment and limited details such as the last four digits of your card, your billing country, and the amount — we do not receive or store your full card number.
  • Messages — anything you send us when you contact us for support or otherwise.

We collect automatically when you use the site:

  • Usage and device data — pages you visit, links you click, the content you view, and technical information such as your IP address, browser, device type, and approximate location (derived from your IP address).
  • Video data — which videos you watch and how you watch them (for example, how much of a video you played), so we can deliver video reliably and understand what is useful.
  • Cookies and similar technologies — see section 6.

We do not seek to collect special-category data (such as health, religion, or political views), and we ask that you do not send it to us.

2. How we use your data, and our legal basis

Under the UK and EU General Data Protection Regulation, we must have a lawful basis for using your data. Here is what we do and why.

What we doWhyLegal basis
Create and run your account; give you access to the content you have paid forTo provide the service you signed up forPerformance of our contract with you
Take payment and manage renewalsTo complete and maintain your purchasePerformance of our contract; legal obligation (tax records)
Send the newsletter and service-related emailsTo keep you informed; service emails are part of the contractConsent (newsletter) / contract (service emails)
Measure how the site and content are used; improve themTo run and improve a service people find usefulOur legitimate interests
Keep the site secure and prevent abuseTo protect you, us, and the serviceOur legitimate interests / legal obligation
Respond to your messagesTo support youLegitimate interests / contract
Comply with our legal obligationsTo meet the law (for example, tax and accounting)Legal obligation

Where we rely on legitimate interests, we have weighed those interests against your rights, and you can object (see section 7). Where we rely on consent, you can withdraw it at any time.

3. Marketing and the newsletter

The newsletter is opt-in. You can unsubscribe at any time using the link in every email, or by emailing us. Unsubscribing from marketing does not stop essential service emails — for example, a receipt, a renewal notice, or a security message — which we need to send to run your account.

4. Who we share your data with

We do not sell your personal data. We share it only with the service providers who help us run What's Next?, and only as needed. These act as our processors (or, for payments, as independent controllers or merchant of record) under appropriate contracts. They are:

  • Ghost — our publishing and membership platform. Hosts the site, your account, and the newsletter system.
  • Cloudflare — domain, content delivery, security, and video hosting (Cloudflare Stream).
  • Mux — video performance and viewing analytics.
  • Stripe — payment processing.
  • Lemon Squeezy — payment processing and, for some regions, merchant of record (the seller of record for that transaction, which collects applicable taxes).
  • PostHog — product and website analytics.

We may also share data where the law requires it (for example, with a court or regulator), or to establish, exercise, or defend legal claims, or in connection with a sale or reorganisation of our business — in which case your data would remain protected under this policy or an equivalent.

5. Sending data outside the UK and EEA

Some of our providers are based outside the UK and the European Economic Area, including in the United States. When your data is transferred internationally, we make sure it is protected by an approved safeguard — such as the UK's International Data Transfer Agreement or Addendum, the European Commission's Standard Contractual Clauses, or a transfer to a country the UK or EU has decided offers adequate protection. You can ask us for more detail using the contact address above.

6. Cookies and similar technologies

We and our providers use cookies and similar technologies to make the site work, to remember your preferences and login, to keep the site secure, and to understand how it is used. They fall into broad groups:

  • Essential — needed for the site to work, including login, security, and the paywall. These do not need your consent.
  • Analytics — help us understand usage so we can improve the service (PostHog; video data via Mux).
  • Payment and security — set by our payment and security providers (Stripe, Cloudflare) to process payments and protect against fraud.

Where the law requires consent for non-essential cookies, we ask for it through a cookie banner when you first visit, and you can change your choice at any time. You can also control cookies through your browser settings, though blocking some may stop parts of the site working.

7. Your rights

Depending on where you live, you have rights over your personal data. Wherever you are, you can ask us to act on the rights below, and we will do our best to honour them.

You can ask us to:

  • access the data we hold about you, and get a copy;
  • correct data that is wrong or incomplete;
  • delete your data, where there is no good reason for us to keep it;
  • restrict or object to how we use it, including for analytics or marketing;
  • receive your data in a portable format, or have it sent to another provider; and
  • withdraw consent at any time, where we rely on it.

To exercise any of these, email [email protected]. We will respond within the time the law allows (one month under UK/EU GDPR). We will not charge you, and we will not treat you differently for exercising a right.

If you are in the UK or EU

These rights come from the UK and EU GDPR. If you think we have mishandled your data, you can complain to the UK's Information Commissioner's Office (ico.org.uk) or your local data-protection authority. We would appreciate the chance to put things right first.

If you are in California

Under the California Consumer Privacy Act (as amended), you have the right to know what personal information we collect and how we use and share it, to delete it, to correct it, and to opt out of any "sale" or "sharing" of it. We do not sell your personal information. You can exercise these rights using the contact address above, and you will not be discriminated against for doing so.

Elsewhere

If your country's law gives you privacy rights, those rights apply, and you can exercise them through the same contact address.

8. How long we keep your data

We keep your data only as long as we need it:

  • Account and subscription data — for as long as you have an account, and for a period afterwards in case you return or in case of a dispute.
  • Payment and tax records — for as long as the law requires (in the UK, generally six years).
  • Newsletter data — until you unsubscribe, after which we remove you from the active list.
  • Analytics data — for a limited period, often in aggregated or de-identified form.

When we no longer need your data, we delete it or anonymise it.

9. How we protect your data

We use appropriate technical and organisational measures to protect your data, and we choose providers who do the same. No system is perfectly secure, but we work to keep yours safe and to act quickly if anything goes wrong.

10. Children

The service is for adults (18 and over) and is not directed at children. We do not knowingly collect data from children. If you believe a child has given us personal data, tell us and we will delete it.

11. Changes to this policy

We may update this policy. If we make a significant change, we will tell you — by email or a notice on the site — before it takes effect. The "last updated" date at the top always shows the current version.

12. Contact us

For any question about this policy or your data, email [email protected].