Privacy Policy

Last updated: 2026-05-11

What we collect

  • Newsletter signup: email address, only when you submit it.
  • Boutique sightings: the data you enter (city, date, availability). Email and IP, if provided, are stored as SHA-256 hashes only — we cannot recover the plaintext.
  • Watchlist: stored in your browser's localStorage. Never sent to our servers.
  • Server logs: standard request logs (IP, user-agent, page accessed, timestamp) retained for 30 days for security and abuse prevention.
  • Analytics: we use privacy-friendly analytics (no third-party cookies, no personal identifiers). Aggregated only.

What we don't do

  • We never sell your data.
  • We don't use Facebook Pixel, Google Ads tracking, or third-party adtech.
  • We don't share newsletter lists with anyone.
  • We don't profile users for advertising.

Cookies

We use a single session cookie for CSRF protection on forms. No marketing or third-party cookies are set by us.

Your rights

Under GDPR (EU/UK) and CCPA (California), you have rights to:

  • Access the personal data we hold about you
  • Request deletion of your newsletter subscription at any time (one-click unsubscribe in every email, or email us)
  • Request a copy of stored data
  • Object to processing

For access/deletion requests, email [email protected].

Data retention

  • Newsletter subscriber emails: retained while active; deleted within 30 days of unsubscribe.
  • Server logs: 30 days.
  • Boutique sighting submissions (anonymized): retained indefinitely as part of the dataset.

Third parties

  • Newsletter delivery: SendGrid (when configured). Their privacy: sendgrid.com/legal.
  • Hosting: Hetzner (DE), Cloudflare (NL/global).
  • No third-party adtech or analytics.

Contact

[email protected]