Lingo
Privacy

Privacy.

The short version: when you join the waitlist, I keep your email and what you wrote, in a database I control, until I email you about the product. Then if you want me to delete it, I do.

Last updated: TBD before launch

This page is the longer version, for people who want the full picture or who need it for their own compliance.

Who I am.

This site and the Lingo app are made by Qatalytic Oy, a Finnish private limited company, based in Helsinki, Finland. I'm the only person here. You can reach me at hello@qatalytic.fi for anything in this policy.

For GDPR purposes I am the data controller for the website and the waitlist.

What I collect, and why.

When you join the waitlist:

  • Your email address. So I can write back when there's something to try. That's the only reason.
  • What you wrote in the "next conversation you're dreading" box. I read these. It shapes which scenarios I prioritise in the app, and which examples appear on the site. Sometimes a sentence is interesting enough to quote on the changelog — only ever paraphrased and anonymised, never with your email or anything that identifies you.
  • A one-way hash of your IP address. Not your raw IP — a 32-character SHA-256 fingerprint. I use it only to spot patterns if the form gets spammed.
  • Your browser's user-agent string. Same purpose; lets me filter bots from real signups.
  • Submission timestamp. Obvious.

I do not collect: your name, your location, your raw IP, your browsing on this site, any tracking cookies, anything from third-party scripts. There are no analytics on this site at v0.1.

Legal basis.

GDPR Article 6(1)(a): your consent, given when you submit the form. You can withdraw it any time — see Your rights below.

Where the data is stored.

  • Database: Supabase, hosted in the EU (AWS Frankfurt). Supabase Inc. is a US company but operates this project in an EU AWS region. They are my subprocessor.
  • Form server: TBD until the site goes public. The host (and its region) will be named here before launch.

I do not transfer your data outside the EU/EEA. The subprocessors I use may, by the nature of being US-headquartered companies, in theory be subject to US legal process under the CLOUD Act. Both operate under the EU-US Data Privacy Framework and standard contractual clauses for this scenario.

How long I keep it.

Until the v0.1 launch, your waitlist entry sits in Supabase. After I email you about the product:

  • If you reply or sign up, the relationship continues — see the app's own privacy policy when it ships.
  • If you don't respond within six months of that email, I delete the row.
  • If you ask me to delete it sooner, I do, within 30 days.

Who I share it with.

Nobody, beyond the subprocessors named above. No marketing partners, no data brokers, no analytics, no ads. The waitlist is not sold, traded, or licensed.

Your rights under GDPR.

You can ask me to:

  • Access — tell you what I have on you and give you a copy
  • Rectify — fix anything wrong
  • Erase — delete everything ("right to be forgotten")
  • Restrict — pause any processing
  • Port — give you a machine-readable export
  • Object — say no to specific processing
  • Withdraw consent — at any time, no questions asked

Email hello@qatalytic.fi with what you'd like. I respond within 30 days; usually within a few.

If I drop the ball, you can complain to the Finnish data-protection authority (tietosuoja.fi) or whichever EU supervisory authority covers where you live.

Cookies.

None. The site does not set cookies at v0.1. If that ever changes, this page changes first.

Changes to this policy.

If I update this policy, the "Last updated" line at the top changes. Material changes — anything affecting what I do with your data — I'll email everyone on the waitlist about.

Contact.

Imaad Shaik · hello@qatalytic.fi · Qatalytic Oy, Helsinki, Finland.