Wifecraft
Privacy

What we collect, what we don't.

Plain version: we collect as little as possible, we never sell anything, we name every processor we share data with, and the whole site is designed so that nothing on it is logged against your real identity.

What we collect

  • Email, only if you give it. If you subscribe we store your email address, the page you subscribed from, the timestamp, and a salted hash of your IP for spam protection. We use this to send you the next article. You can unsubscribe with the link in any email or by writing to us; we delete on request.
  • Aggregate analytics, only with your consent. When you accept the consent banner, PostHog Cloud (EU) records page views, clicks, and product events under a first-party cookie. No ad pixels, no third-party trackers, never sold. Decline the banner and PostHog never initialises on your visit. Cloudflare's first-party request log (cookieless) runs regardless under legitimate interest.
  • Questions you ask. When you use /ask, the question text is sent to our server, embedded into a vector, searched against the indexed forum threads, and answered. We log the question text, your IP hash, and the response so we can detect abuse and improve the system. Don't include names or other identifying details in your question — see the warning above the textarea.
  • Gap Game answers. Quiz responses are stored against a session ID generated when you start. Email is optional. Sessions older than thirty days are deleted.

What we don't

  • No third-party advertising trackers.
  • No social-media pixels (Facebook, X, TikTok).
  • No selling of email addresses, ever.
  • No fingerprinting beyond what your browser already broadcasts.
  • No persistent cookies that follow you off the site (a single cookie/localStorage entry remembers that you've passed the 18+ splash; that is the only persistence we use for tracking purposes).

Processors and sub-processors

Per Article 13 GDPR, here is the full list of services that may handle your data on our behalf:

  • Cloudflare, Inc. (US, with EU data centres) — site hosting (Cloudflare Pages), Worker compute, KV storage for the email list, first-party analytics. Privacy policy.
  • Pinecone Systems, Inc. (US) — vector storage for the indexed practitioner-forum content. Receives your question text, embedded as a vector, when you use /ask. Privacy policy.
  • OpenAI, L.L.C. (US) — generates the embedding vector from your question. Privacy policy.
  • OpenRouter, Inc. (US) — proxies the question and the retrieved thread excerpts to a small open-source language model that writes the answer. Privacy policy.
  • Anthropic, PBC (US) — used only by an internal personal-coach endpoint not exposed on the public site.
  • Appwrite Cloud (Frankfurt, Germany) — backend for the Gap Game (sessions, responses, optional email).
  • Resend, Inc. (US) — transactional email when we wire newsletter sends. Not active at launch; we will update this list when it goes live.
  • PostHog, Inc. (EU region: eu.posthog.com) — aggregate product analytics. Only runs after you accept the consent banner. Privacy policy.

All US-based processors operate under EU Standard Contractual Clauses (SCCs) for data transfers. Where you have not given explicit consent, we rely on legitimate-interest (Art. 6(1)(f)) for analytics and on contract performance (Art. 6(1)(b)) for tools you actively use.

Retention

  • Email subscribers: until you unsubscribe or ask us to delete.
  • Gap Game session data: 30 days after the session ends.
  • /ask questions and responses: 90 days, then deleted.
  • Server logs: 14 days at Cloudflare.

Your rights under GDPR

You have the right to access the personal data we hold about you, to correct it, to delete it, to restrict its processing, to object to its processing, and to data portability. To exercise any of these, write to [email protected] from the email address concerned. We respond within 30 days, usually faster.

You also have the right to lodge a complaint with the Berliner Beauftragte für Datenschutz und Informationsfreiheit (the Berlin data-protection authority) if you believe we've handled your data improperly.

How to be forgotten

Email [email protected] from the address you used and we will delete everything associated with it. No friction, no "please tell us why," no twenty-step unsubscribe.

Imprint

Site operator and contact details are on our Impressum page, per § 5 TMG.

Last updated · 2026-05-09