Est. 2026 · Tallinn The NorthPath Letter Strategy and analysis of global businesses · by Manish Goel, FCA

Premium Membership

Manish Goel Plus

Subscribe Log In
Learn More Portfolio

Legal · GDPR · Estonian Data Protection

Privacy Policy

Last updated: 24 May 2026 · Applies to northpathadvisory.eu and The NorthPath Letter email newsletter

This Privacy Policy explains how NorthPath Advisory OÜ (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit northpathadvisory.eu, subscribe to The NorthPath Letter, or otherwise interact with us. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Estonian Personal Data Protection Act.

1. Who we are

Controller: NorthPath Advisory OÜ (Estonian private limited company, in incorporation), registered office in Tallinn, Estonia.
Contact for privacy queries: info@northpathadvisory.eu

2. What data we collect, why, and on what legal basis

DataPurposeLegal basis (Art. 6 GDPR)Retention
Email addressSending you The NorthPath Letter email newsletterConsent (Art. 6(1)(a)) — you opted in via the on-site formUntil you unsubscribe
Name (optional, if you provide it)Personalising the newsletter greetingConsent (Art. 6(1)(a))Until you unsubscribe
Email opens, link clicks, IP at time of openUnderstanding which essays are useful so we can improveLegitimate interest (Art. 6(1)(f)) — internal editorial analytics24 months
IP address, browser, pages visited (site analytics)Security, fraud prevention, aggregated traffic analyticsLegitimate interest (Art. 6(1)(f)) — site operation14 months
Cookies (essential + optional)See Cookie PolicyEssential: legitimate interest; Optional: consentSee Cookie Policy
Comments, emails, contact-form submissionsReplying to youLegitimate interest / consent3 years

3. Who we share your data with (processors)

We use a small number of vetted service providers to operate the publication. Each has signed standard contractual clauses (where required) and acts strictly on our instructions.

  • beehiiv, Inc. (USA) — email delivery platform for The NorthPath Letter. Receives your email address and engagement data. Transfer to the United States is covered by the EU-US Data Privacy Framework where beehiiv is certified, and standard contractual clauses otherwise.
  • Hostinger International Ltd. (Cyprus / Lithuania) — website hosting and email mailbox. Hosts site files and logs. Data remains in the EU.
  • Cloudflare, Inc. (USA, EU edge) — DNS and CDN. Sees only your IP address and the URL being requested. Used purely for security and performance; no profiling.
  • Stripe Payments Europe Ltd. (Ireland) — only used if you subscribe to Manish Goel Plus (the paid tier). Receives the payment information you give them directly; we never see your card details.
  • Xolo Leap OÜ (Estonia) — incorporation and accounting service for NorthPath Advisory OÜ. Receives only information required for tax and corporate filings.

We do not sell your data, rent it, or share it with advertisers. There are no ad networks on this site.

4. International data transfers

Some of our processors (beehiiv, Cloudflare, Stripe in certain backup paths) are based outside the European Economic Area. For any such transfer we rely on (a) the EU-US Data Privacy Framework where the recipient is certified, or (b) the European Commission’s Standard Contractual Clauses (2021/914), with supplementary measures where appropriate.

5. Your rights under GDPR

As a data subject you have the right to:

  • Access — request a copy of the personal data we hold about you (Art. 15)
  • Rectification — ask us to correct inaccurate data (Art. 16)
  • Erasure — ask us to delete your data (“right to be forgotten”) (Art. 17)
  • Restriction — ask us to limit the processing of your data (Art. 18)
  • Portability — receive your data in a structured, machine-readable format (Art. 20)
  • Objection — object to processing based on legitimate interest, including direct marketing (Art. 21)
  • Withdraw consent at any time, with no detriment, for processing based on consent (Art. 7(3))
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or with the supervisory authority of your habitual residence

To exercise any of these rights, email info@northpathadvisory.eu. We will respond within 30 days. Unsubscribing from the newsletter is also possible at any time via the unsubscribe link in every email.

6. Data security

We use TLS (HTTPS) on every page, a managed application firewall, automated daily backups, and least-privilege access controls. No system is perfect, but we take reasonable and industry-standard measures to protect your data. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate within 72 hours and inform affected users without undue delay (Art. 33–34 GDPR).

7. Cookies

A summary cookie banner appears on your first visit and is managed via our Cookie Consent tool. Essential cookies (session, security, consent state) are set on a legitimate-interest basis. Optional cookies (analytics, embedded content) are set only with your consent. You can change your choices at any time via the “Cookie preferences” link in the footer. Full details, including each cookie’s name, purpose, and lifetime, are in the Cookie Policy.

8. Children

The NorthPath Letter is intended for adult professional readers (institutional investors, family offices, equity-research professionals, and self-directed investors over 18). We do not knowingly collect data from children. If you believe a child has provided us personal data, please contact us so we can delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced at the top of this page and, where required, communicated by email. The “Last updated” date above will always reflect the current version.

10. Contact

Questions about your data, this policy, or our practices?
Email: info@northpathadvisory.eu
Mail: NorthPath Advisory OÜ, Tallinn, Estonia