I would love the ability for members to choose different newsletters they want to be subscribed to. Many publications have different newsletters that not everyone may want to receive.
Some example would be a weekly digest of posts on the site, a members-only newsletter, a paid-members newsletter etc.
As a part of this, a member should be able to resubscribe to a newsletter they have previously unsubscribed from, displaying it on a page with their other membership information (potentially as checkboxes that allow them to pick and choose the newsletters).
Also, when email templates are added, the ability to have a different template for each newsletter would be great, giving the ability to brand each newsletter differently.
The ability to use “tags” that can pull the subscriber’s name into the post would also be great, adding a personalised touch to each newsletter.
Really excited to see how Ghost members develops further!
A major impediment to the membership function at the moment in the EU is allowing users can delete their own accounts (as opposed to just unsubscribing from the newsletter). I can’t see how you could make a case that it was necessary or lawful under GDPR to retain someone’s data indefinitely because they logged in once then unsubscribed. (Also, need to make it easier to insert links to privacy policies!)
From what I understand (and I could be wrong), GDPR doesn’t require you to allow users to delete their own accounts, but you have to delete their account if they request it. There is a “Delete member” button in the Ghost admin for this already.
To add a privacy policy, you just need to edit your theme. Ghost as a publishing platform does not control your email form; the theme handles that, so you just need to create a page and add a link to it within or beneath your form (or in your menus).
On deletion, you’d have to go further than that. You’re right that you’d need to offer that. But, to be a tedious bookworm, as the UK’s ICO puts it, requests for deletion are “not the only way in which the GDPR places an obligation on you to consider whether to delete personal data”. You, at the very least, would need a routine purge of unsubscribed accounts (and not wait for them to ask). But if you’re just running a mailing list, the moment they hit unsubscribe, you’re holding data which is useless to you but personal to them (and which, if there’s a breach, would multiply the regulators’ aggression).
On privacy stuff, I’ve done that. But it’s an odd thing not to have built-in. People should have access to your privacy notices ideally in the footers of emails and in the sign-up sheet.