SL-SAG LogoSL-SAG

Privacy Policy

Draft

This document is a working draft and is pending formal legal review. It may change before being finalized. Questions? Contact us at support@slsag.org.

SL-SAG — Somaliland Strategic Advisory Group Last updated: May 2026 Version: 1.0-draft

Who we are

Somaliland Strategic Advisory Group ("SL-SAG", "we", "us", or "our") operates the website at slsag.org, a civic policy and think-tank publishing platform. Our contact address for privacy matters is support@slsag.org.

SL-SAG is based in Somaliland. We recognise that many of our readers and contributors are based in the European Union, the United Kingdom, the United States, and other jurisdictions with their own data protection rules. Where those rules apply to you, we describe your rights below.

What data we collect and why

1. Visitors browsing the public site

When you read articles or browse slsag.org, our web infrastructure (hosted on Vercel) automatically processes a small amount of technical data so the pages load:

  • Your IP address (processed briefly in transit; not stored by us in identifiable form)
  • Browser type and operating system
  • Pages visited and time of visit
  • Referring URL (how you arrived at our site)

We use privacy-focused analytics to understand which topics attract readers and how to improve the site. We do not build individual profiles of visitors. Aggregate statistics (for example, "3,000 readers viewed this report this month") are used internally.

Lawful basis (GDPR Art. 6(1)(f)): Legitimate interest in understanding how the site is used, balanced against your interest in not being tracked.

2. Contact form submissions

If you contact us through the website, we collect your name, email address, and the contents of your message. We use this to respond to you and, if relevant, to route your message to the right team member.

We do not add you to any mailing list based on a contact form submission unless you separately request it.

Lawful basis (GDPR Art. 6(1)(b)): Necessary to respond to your request; or Art. 6(1)(f) legitimate interest in handling enquiries.

Retention: Contact records are kept for up to 24 months, then deleted unless there is an ongoing relationship or legal reason to retain them.

3. Newsletter signups

If you subscribe to our newsletter or policy updates, we collect your email address and, optionally, your name. We use this to send you the communications you asked for.

You can unsubscribe at any time by clicking the link in any email we send, or by emailing support@slsag.org. Unsubscribing removes you from the list within five business days.

Lawful basis (GDPR Art. 6(1)(a)): Consent. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Retention: Until you unsubscribe or ask us to delete your details.

4. Member writer accounts

If you are an approved contributor or staff member with an account on slsag.org, we hold:

  • Your name and email address
  • A hashed password (we never store passwords in readable form)
  • Your contributor biography and any author profile information you provide
  • Records of articles you have submitted, edited, or published
  • Login timestamps and IP addresses (for security and audit purposes)

Lawful basis (GDPR Art. 6(1)(b)): Necessary to perform the contributor agreement; or Art. 6(1)(f) for security logging.

Retention: Active accounts are held for the life of the account. On account deletion, personal details are removed within 30 days. Published article records with your by-line may be retained in anonymised or attributed form consistent with our editorial archive policy.

5. Cookies

See our separate Cookie Policy for full details. In summary, we use:

  • Strictly necessary cookies (site function, session management)
  • Performance cookies (aggregate analytics)

We do not use advertising or tracking cookies.

How we share your data

We do not sell personal data.

We share data only with the processors and partners listed below, to the extent necessary to operate the site:

Processor Role Location Privacy reference
Vercel Inc. Web hosting and edge delivery USA (EU region available) vercel.com/legal/privacy-policy
Neon Inc. Database hosting (Neon Postgres) USA neon.tech/privacy
Resend Inc. Transactional email (account notifications, newsletters) USA resend.com/legal/privacy-policy

Where processors are based in the United States, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms for transfers from the EU/UK.

We may disclose data if required by law, court order, or to protect the safety of individuals. We will notify you where permitted.

Your rights

Depending on where you are located, you may have the following rights:

All visitors

  • Right to know what data we hold about you
  • Right to request correction of inaccurate data
  • Right to request deletion ("right to be forgotten")
  • Right to object to processing based on legitimate interest

EU / UK visitors (GDPR / UK GDPR)

  • All of the above, plus the right to data portability and to lodge a complaint with your supervisory authority (for EU: your national DPA; for UK: the ICO at ico.org.uk)

California visitors (CCPA / CPRA)

  • Right to know, right to delete, right to correct, right to opt out of sale (note: we do not sell data)
  • We do not discriminate against you for exercising these rights

To exercise any right, email support@slsag.org with "Privacy Request" in the subject line. We will respond within 30 days (or within the statutory deadline if shorter).

Data security

We use industry-standard measures to protect data in transit (HTTPS / TLS 1.2+) and at rest (encrypted database storage via Neon Postgres). Access to production systems is restricted to authorised personnel. We follow responsible disclosure practices for security incidents.

If a breach is likely to affect your rights, we will notify affected individuals and, where required, the relevant supervisory authority within the timeframes required by law.

Children

SL-SAG is a policy and research platform intended for adults and older secondary-school students. We do not knowingly collect data from children under 13. If you believe a child has submitted data to us, contact support@slsag.org and we will delete it promptly.

Changes to this policy

We will post any material changes on this page with an updated "Last updated" date. For significant changes, we will provide notice via the site or (for subscribers) by email.

Contact

Questions about this policy: support@slsag.org

Open questions for attorney review:

  1. Somaliland does not currently have a comprehensive data protection statute. An attorney should confirm whether GDPR applies directly (if SL-SAG targets EU residents), and whether any Somali federal or regional law applies to the operator.
  2. Verify that Vercel's Data Processing Agreement covers the use of the EU edge region and satisfies SCCs.
  3. Confirm whether Resend has a signed DPA available and whether it is adequate for EU/UK transfers.
  4. If SL-SAG ever accepts funding from US government sources, FARA and related disclosure obligations may affect what data you collect and retain.
  5. Confirm the legal entity name and registration details — "SL-SAG" is used throughout but the registered legal name should appear in this document.