Privacy notice

Consent text version: v1-2026-05

What we collect

  • Your email address, only because you typed it into the waitlist form and clicked consent.
  • The platforms you want a paid build for (iOS, macOS, Android, Windows, or "Linux, already using").
  • Anonymous usage of this page via self-hosted Umami and Plausible — page views, button clicks, and a waitlist_signup event that contains only your platform selection and the A/B variant you saw. Your email is never sent to either analytics system.
  • Marketing attribution (e.g. utm_source) if it was in the URL when you arrived.
  • Coarse region / locale derived from your browser, used to plan app-store rollout.

What we don't collect

  • No third-party trackers, no Google Analytics, no Facebook pixel, no advertising IDs.
  • No tracking cookies. We use one functional localStorage entry to remember which A/B variant you were shown so the page doesn't reshuffle on you between visits.
  • We do not persist your IP address in the signup database. The signup endpoint hashes it with a salt that rotates daily and never writes the raw or hashed value to disk. Our reverse proxy's access log is set to discard by default, so request-with-IP records are not retained at the edge either.

Why we collect it

To email you when the paid builds you asked about are available. That's it. Legal basis: your explicit consent, recorded at submission time along with the version of this notice you saw.

Who else sees it

Your email is stored in our own Postgres database and in our own Listmonk instance, both running on a single VPS in the EU (Hetzner, Germany). Listmonk handles the double-opt-in confirmation email and the eventual marketing emails. The confirmation click takes you to a page on mail.lotti.app — also us, same server.

We do use an external SMTP provider to actually send mail (the operator's domain has no mail server of its own). The provider in use is: (not yet configured — see Listmonk admin for the active provider). They are a data processor under GDPR (we have a DPA with them) and process only your email address, only for the purpose of delivering messages you asked to receive.

How long we keep it

  • Unconfirmed signups (you typed your email but did not click the confirmation link) are deleted after 14 days.
  • Confirmed signups are kept for as long as you want to receive these messages. Click the unsubscribe link in any email at any time. Unsubscribing deletes the row entirely; we don't keep a record that you were once on the list.
  • Anonymous analytics events are kept by Umami / Plausible per their default retention. These events cannot be linked back to your email.

How to delete your data

Click the unsubscribe link in any email we send you. That deletes your Listmonk subscription, which on the next reconcile pass also deletes your row from our database. Or write to ops@lotti.matthiasn.com and we will do both manually.

The localStorage entry

We store a single entry, name gb_anonid (GrowthBook anonymous ID), to keep your A/B test assignment stable across page visits. The value is a random string generated in your browser; it is never sent to a third party. The write only happens the first time you focus the email input — i.e. when you have started using the waitlist form. If you only read the page and leave, nothing is written to your browser's storage.

Changes

If this notice changes, the version tag at the top changes with it. The version you consented to is recorded with your row.