Privacy Policy

Last updated: May 11, 2026

This document explains how Detailmatic ("Detailmatic", "we") processes personal data for the waitlist and the detailmatic.cz website. The document complies with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll., on the processing of personal data. By using detailmatic.cz you acknowledge this Privacy Policy.

Data controller

The data controller within the meaning of Art. 4(7) GDPR is Daniel Frühauf.
Contact: [email protected]

What we collect

The email address, name, and optional phone number you submit to the waitlist.
The unique referral code assigned to your account at sign-up.
If you arrive via a referral link, the referral code that brought you (not the referring person's identity).
Information you choose to share with us in email replies.
Sign-up context: the page you arrived on, UTM tags from the link you followed, the document referrer, your browser user-agent, viewport and screen dimensions, timezone offset, and country derived from your IP address.
A salted SHA-256 hash of your IP address — used only for rate-limiting and abuse protection. The raw IP address is never written to our database or logs.
Anonymous usage data (pageviews, clicks, form interactions, error reports) collected automatically via PostHog without identifying you personally.
Identified analytics data — linking your waitlist email to your session history — only if you explicitly accept analytics cookies.

How we use the data

To send beta invites and important launch updates.
To operate the referral program and understand how the waitlist grows through personal sharing.
If you provide a phone number, we may call you about beta onboarding when your invite is ready.
To measure interest and improve the website.
To protect the website from abuse or fraudulent traffic.

Legal basis for processing

Consent (Art. 6(1)(a) GDPR) — by joining the waitlist you consent to receiving an invitation and launch announcements. You may withdraw consent at any time.
Legitimate interest (Art. 6(1)(f) GDPR) — for anonymous analytics, protecting the site from abuse, and improving the service.
Consent (Art. 6(1)(a) GDPR) — for linking your email to your analytics history via PostHog identify().

Cookies and similar technologies

We use a small number of cookies and browser-storage entries that are strictly necessary to operate the site (for example, to remember your language preference and to protect the form against abuse). These do not require your consent.
We use PostHog product analytics. The PostHog SDK loads when you open the page and immediately begins collecting anonymous usage data (pageviews, clicks, error reports) without identifying you. No personal data leaves your browser at this stage.
If you click Accept in the cookie banner, we may link your activity to your waitlist email via posthog.identify() for a more complete understanding of the user journey. If you reject, anonymous tracking continues but no personal identifier is ever associated with your session. You can change your choice at any time by reopening the banner from the footer.
We also use Cloudflare Web Analytics to measure aggregate traffic and performance. This is a privacy-first service that does not use cookies, does not track individual users, and does not store personal data.
We also write a small set of session-storage entries (cleared when you close the tab) to remember the page you arrived on and any UTM parameters from the link you followed, so that we can attribute your sign-up correctly. These entries do not contain personal data and live only in your browser.

Referral program

Each person who joins the waitlist receives a unique referral code. If you share your referral link and someone visits the invitation page, your first name as entered at sign-up is displayed to that visitor to indicate who invited them.
If you join via a referral link, we record which referral code referred you. We do not share your identity with the person who referred you.
Referral data is retained for the same duration as your waitlist entry and is deleted when you exercise your right to erasure.

Subprocessors

We do not sell personal data. We share it only with the following processors, each acting on our instructions under a data-processing agreement (Art. 28 GDPR):
Vercel Inc. — hosting and edge infrastructure for the website (servers in the EU).
Neon Inc. — managed Postgres database where waitlist sign-ups are stored (servers in the EU).
Upstash Inc. — Redis service used for rate-limiting and short-lived operational logs (servers in the EU).
PostHog Inc. — product analytics (servers in the EU, on eu.posthog.com).
Cloudflare Inc. — privacy-first web analytics and edge infrastructure. Cloudflare Web Analytics does not use cookies or track individual users.
Discord Inc. — internal Slack-style notifications when a new sign-up happens. We send only an opaque hash of your email and non-identifying signal (locale, country, UTM tags). Your name, email address, and phone number are never sent to Discord.

International transfers

All of the processors listed above store the personal data they receive within the European Economic Area. The Discord notification channel is operated by a US-based company, but the payload we send is hashed and contains no personal data, so no personal-data transfer outside the EEA takes place.
Should this change in the future, we will rely on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) as the safeguard and update this document accordingly.

Retention

We retain your email address for as long as we operate the waitlist or until you request its deletion.
We retain analytics data for the standard period configured in PostHog (typically up to 12 months).

Your rights

Right of access (Art. 15 GDPR).
Right to rectification of inaccurate data (Art. 16 GDPR).
Right to erasure — "right to be forgotten" (Art. 17 GDPR).
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR).
Right to object to processing based on legitimate interest (Art. 21 GDPR).
Right to withdraw consent (Art. 7(3) GDPR) — without affecting the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint with a supervisory authority — in Czechia: Úřad pro ochranu osobních údajů, www.uoou.cz (Art. 77 GDPR).
To exercise any of these rights, write to [email protected].

Changes to this policy

We may update this document — for example, when the scope of processing or applicable law changes. The current version is always available on this page with the date of the last update.

Last updated: May 11, 2026

What we collect

The email address, name, and optional phone number you submit to the waitlist.

The unique referral code assigned to your account at sign-up.

If you arrive via a referral link, the referral code that brought you (not the referring person's identity).

Information you choose to share with us in email replies.

Sign-up context: the page you arrived on, UTM tags from the link you followed, the document referrer, your browser user-agent, viewport and screen dimensions, timezone offset, and country derived from your IP address.

A salted SHA-256 hash of your IP address — used only for rate-limiting and abuse protection. The raw IP address is never written to our database or logs.

Anonymous usage data (pageviews, clicks, form interactions, error reports) collected automatically via PostHog without identifying you personally.

Identified analytics data — linking your waitlist email to your session history — only if you explicitly accept analytics cookies.

How we use the data

To send beta invites and important launch updates.

To operate the referral program and understand how the waitlist grows through personal sharing.

If you provide a phone number, we may call you about beta onboarding when your invite is ready.

To measure interest and improve the website.

To protect the website from abuse or fraudulent traffic.

Legal basis for processing

Consent (Art. 6(1)(a) GDPR) — by joining the waitlist you consent to receiving an invitation and launch announcements. You may withdraw consent at any time.

Legitimate interest (Art. 6(1)(f) GDPR) — for anonymous analytics, protecting the site from abuse, and improving the service.

Consent (Art. 6(1)(a) GDPR) — for linking your email to your analytics history via PostHog identify().

Cookies and similar technologies

We use a small number of cookies and browser-storage entries that are strictly necessary to operate the site (for example, to remember your language preference and to protect the form against abuse). These do not require your consent.

We use PostHog product analytics. The PostHog SDK loads when you open the page and immediately begins collecting anonymous usage data (pageviews, clicks, error reports) without identifying you. No personal data leaves your browser at this stage.

If you click Accept in the cookie banner, we may link your activity to your waitlist email via posthog.identify() for a more complete understanding of the user journey. If you reject, anonymous tracking continues but no personal identifier is ever associated with your session. You can change your choice at any time by reopening the banner from the footer.

We also use Cloudflare Web Analytics to measure aggregate traffic and performance. This is a privacy-first service that does not use cookies, does not track individual users, and does not store personal data.

We also write a small set of session-storage entries (cleared when you close the tab) to remember the page you arrived on and any UTM parameters from the link you followed, so that we can attribute your sign-up correctly. These entries do not contain personal data and live only in your browser.

Referral program

Each person who joins the waitlist receives a unique referral code. If you share your referral link and someone visits the invitation page, your first name as entered at sign-up is displayed to that visitor to indicate who invited them.

If you join via a referral link, we record which referral code referred you. We do not share your identity with the person who referred you.

Referral data is retained for the same duration as your waitlist entry and is deleted when you exercise your right to erasure.

Subprocessors

We do not sell personal data. We share it only with the following processors, each acting on our instructions under a data-processing agreement (Art. 28 GDPR):

Vercel Inc. — hosting and edge infrastructure for the website (servers in the EU).

Neon Inc. — managed Postgres database where waitlist sign-ups are stored (servers in the EU).

Upstash Inc. — Redis service used for rate-limiting and short-lived operational logs (servers in the EU).

PostHog Inc. — product analytics (servers in the EU, on eu.posthog.com).

Cloudflare Inc. — privacy-first web analytics and edge infrastructure. Cloudflare Web Analytics does not use cookies or track individual users.

Discord Inc. — internal Slack-style notifications when a new sign-up happens. We send only an opaque hash of your email and non-identifying signal (locale, country, UTM tags). Your name, email address, and phone number are never sent to Discord.

International transfers

All of the processors listed above store the personal data they receive within the European Economic Area. The Discord notification channel is operated by a US-based company, but the payload we send is hashed and contains no personal data, so no personal-data transfer outside the EEA takes place.

Should this change in the future, we will rely on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) as the safeguard and update this document accordingly.

Your rights

Right of access (Art. 15 GDPR).

Right to rectification of inaccurate data (Art. 16 GDPR).

Right to erasure — "right to be forgotten" (Art. 17 GDPR).

Right to restriction of processing (Art. 18 GDPR).

Right to data portability (Art. 20 GDPR).

Right to object to processing based on legitimate interest (Art. 21 GDPR).

Right to withdraw consent (Art. 7(3) GDPR) — without affecting the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint with a supervisory authority — in Czechia: Úřad pro ochranu osobních údajů, www.uoou.cz (Art. 77 GDPR).

To exercise any of these rights, write to [email protected].