Privacy Policy

Last updated: April 2026

1. Information We Collect

  • Contact form: name, email address, and message content
  • Newsletter signup: email address and the page you subscribed from
  • Page view analytics: anonymous traffic data via Plausible Analytics (cookie-free, no personal data collected)
  • IP address: hashed with SHA-256 for rate limiting only — never stored in raw form
  • Admin panel: email and password for administrative use only (single user)

2. How We Use Your Information

  • To respond to contact form inquiries
  • To send newsletter emails (opt-in only, CAN-SPAM compliant)
  • To improve website performance using anonymous Plausible analytics
  • To rate limit form submissions and prevent abuse

3. Data Storage & Retention

  • Database: Neon PostgreSQL (US region), encrypted at rest
  • IP address hashes: automatically purged after 90 days via scheduled cleanup
  • Inactive subscribers: hard-deleted after 180 days of inactivity
  • Contact form submissions: retained indefinitely for business records
  • Blog view deduplication data: purged after 48 hours

4. Third-Party Services

ServicePurpose
Plausible AnalyticsWebsite traffic analytics — EU-hosted, no cookies, GDPR-compliant
ResendEmail delivery for newsletters and contact notifications
VercelWebsite hosting with edge CDN and automatic HTTPS
NeonDatabase hosting (PostgreSQL, US region, encrypted at rest)
UpstashRate limiting via Redis — temporarily stores IP hashes

5. Your Rights

  • GDPR (EU residents): Right to access, correction, deletion, data portability, right to withdraw consent, and right to be forgotten
  • CCPA (California residents): Right to know what data is collected, right to delete, right to opt-out of sale (we do not sell data)
  • All users: Email erdem@foundryventures.net for any data request
  • Requests processed within 30 days

6. Cookies

  • No tracking cookies — Plausible Analytics is cookie-free
  • No third-party cookies — no YouTube embeds, no third-party widgets
  • Only functional cookie: Admin JWT authentication token (HttpOnly, Secure, SameSite=Strict, scoped to /admin path, not used for tracking, exempt from consent requirements)

7. Children's Privacy

The foundryventures.net website does not knowingly collect data from children under 13. MindfulTime (mindfultime.app) is a separate product with its own COPPA-compliant privacy policy. If we learn we have collected data from a child under 13, we will delete it promptly.

8. Changes to This Policy

The "Last updated" date is shown at the top of this page. Material changes will be communicated via our newsletter. Continued use of the website after changes constitutes acceptance.

9. Contact

Foundry Ventures LLC
United States
Email: erdem@foundryventures.net

This privacy policy does not constitute legal advice.