Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

Personal Data You Provide

• Email Address: When you submit our waitlist form or email us directly at [email protected]
• Communication Data: If you contact us via email or our contact form

How We Collect Your Email

• Waitlist Form: When you enter your email in our signup form, it triggers your email client to send us a message (mailto functionality)
• Auto-Reply: We automatically send you a welcome email confirmation when you join our waitlist
• Local Storage: We store a confirmation flag in your browser's local storage to prevent duplicate signups (this stays on your device only)
• Direct Email: If you email us directly at any of our addresses

Automatically Collected Data

• Website Analytics: Page views, time on site, and general usage patterns (via Cloudflare Analytics - cookieless)
• Technical Data: Browser type, device type, and general location (country level)

What We Don't Collect

• We don't use cookies for tracking
• We don't collect personal browsing history
• We don't track you across other websites
• We don't collect phone numbers or addresses
• We don't send localStorage data to our servers (it only prevents duplicate form submissions on your device)

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on:

• Consent (Art. 6(1)(a) GDPR): When you voluntarily provide your email for our waitlist
• Legitimate Interest (Art. 6(1)(f) GDPR): For website analytics to improve our service
• Contract Performance (Art. 6(1)(b) GDPR): To provide the service you signed up for

4. How We Use Your Data

• Waitlist Management: To notify you when daypod becomes available
• Service Delivery: To provide the podcast service once launched
• Communication: To send important updates about our service
• Website Improvement: To understand how visitors use our site
• Legal Compliance: To comply with legal obligations

We will never:

• Sell your personal data to third parties
• Use your data for advertising on other platforms
• Send you spam or irrelevant marketing
• Share your data without your explicit consent (except as legally required)

5. Third-Party Services

Cloudflare (Website Hosting & Analytics)

We use Cloudflare for:

• Website hosting and content delivery
• Cookieless website analytics
• Security and DDoS protection
• Email routing for contact forms

Cloudflare may process technical data such as IP addresses for security purposes. Learn more: Cloudflare Privacy Policy

Email Services

We use Cloudflare Email Routing and Fastmail for email management:

• Cloudflare Email Routing: Routes emails sent to @daypod.io addresses and handles auto-reply functionality
• Fastmail: Securely stores received emails in our inbox
• Auto-Replies: Automated welcome emails are sent via Cloudflare Workers when you join our waitlist

Your email addresses are securely processed and stored according to their respective privacy policies and GDPR requirements.

6. Data Storage and Security

Where Your Data is Stored

• Email addresses: Secure email systems (EU/US based)
• Website data: Cloudflare's global network (GDPR compliant)
• All data is stored in accordance with GDPR requirements

Security Measures

• Encryption in transit and at rest
• Regular security audits
• Access controls and authentication
• Secure backup procedures

7. Data Retention

• Waitlist Data: Until you unsubscribe or we launch the service
• Customer Data: As long as you use our service, plus 3 years for legal purposes
• Analytics Data: Aggregated data retained indefinitely (anonymized)
• Communication Data: 3 years for customer support purposes

8. Your Rights Under GDPR

As a data subject, you have the following rights:

9. International Data Transfers

Some of our service providers may be located outside the EU. When we transfer your data internationally, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable

10. Cookies and Tracking

We Don't Use Tracking Cookies

Our website uses Cloudflare Analytics, which is cookieless and privacy-respecting. This means:

• No cookies are set on your device
• No personal data is collected for analytics
• No cross-site tracking occurs
• Analytics data is aggregated and anonymized

Essential Technical Cookies

We may use strictly necessary cookies for website functionality (such as remembering your preferences), but these are essential for the service and don't require consent under GDPR.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide clear information about the breach and our response

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Germany, the relevant authority is:

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last updated" date
• Notify you via email if you're on our waitlist
• Post a notice on our website

We encourage you to review this policy periodically.

15. Contact Us

If you have questions about this privacy policy or our data practices, contact us: