COLDBRIEF← Back

Legal

Privacy Policy

Last updated: April 2026

1. Data controller

ColdBrief (coldbrief.com) is operated by Karol Dec, an individual based in Rzeszów, Poland. Karol Dec is the data controller responsible for your personal data collected through this website.

Contact: hello@coldbrief.com

2. What data we collect

At this stage (pre-launch waitlist), we collect only:

  • Email address — when you join the waitlist.
  • Consent record — timestamp and text of the consent you gave at signup.
  • Signup source — which part of the page you signed up from (e.g. hero, CTA).
  • Basic server logs — IP address and timestamp of the request (standard web server logs, not stored in our database).

We do not collect any other personal data at this stage. When the full product launches, this policy will be updated to reflect additional data processing.

3. Why we collect it (legal basis)

  • Launch updates and early access communication: Consent (Art. 6(1)(a) GDPR / UK GDPR). You gave explicit consent at signup. You can withdraw it at any time — see Section 6.
  • Security and fraud prevention: Legitimate interest (Art. 6(1)(f) GDPR). Server logs are kept temporarily to detect abuse.

4. How long we keep your data

Your email address is kept until you request removal or 24 months after the product launches — whichever comes first. You may request deletion at any time by emailing hello@coldbrief.com.

5. Who we share data with

We do not sell your personal data. We use the following sub-processors to operate the service:

  • Supabase Inc. — database hosting (eu-central-1, Frankfurt, Germany).
  • Resend Inc. — transactional email delivery (Ireland, eu-west-1).
  • Vercel Inc. — website hosting and infrastructure (US-based, with global edge network).

All sub-processors are contractually bound to process data only as instructed and in compliance with GDPR. Transfers outside the EEA rely on Standard Contractual Clauses (SCCs) where applicable.

6. Your rights

Under GDPR (EU/UK) and applicable laws worldwide, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Correct inaccurate data (Art. 16).
  • Request restriction of processing (Art. 18).
  • Request deletion of your data — "right to be forgotten" (Art. 17).
  • Receive your data in a portable format (Art. 20).
  • Withdraw consent at any time — this does not affect the lawfulness of prior processing (Art. 7).
  • Object to processing based on legitimate interest (Art. 21).
  • Lodge a complaint with your local data protection authority (in Poland: UODO, uodo.gov.pl).

To exercise any right or to unsubscribe from all communications, email hello@coldbrief.com with subject “Privacy Request”. We will respond within 30 days.

7. Cookies

This website does not use tracking or advertising cookies. If you sign in to the application (post-launch), a functional session cookie will be set by our authentication provider (Clerk). No third-party analytics cookies are used.

8. California residents (CCPA)

We do not sell personal information. California residents have the right to know what personal information is collected and to request deletion. To exercise these rights, contact hello@coldbrief.com.

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email to waitlist members. The “Last updated” date above will always reflect the current version.