Just For You

Privacy Policy

Effective date: 2025-10-06
Last updated: 2025-10-06

This Privacy Policy explains what we collect, how we use it, and the choices you have when using Just for You (“we”, “us”). We welcome visitors from the US and abroad (including EEA/UK).

What we collect

We collect information you choose to provide and technical information generated by your use of the site.

  • Information you provide: contact details and preferences (for example, details you submit on our waitlist or forms). The specific fields are those shown at the point of collection.
  • Analytics information: usage and device data (for example, pages viewed, events, heatmaps, session recordings when enabled, referrers, timestamps, and approximate location at the state/region level).

How we use information

  • To operate, secure, and improve our website and features.
  • To send emails you request or allow (transactional messages and newsletters you can unsubscribe from).
  • To understand usage in aggregate and fix issues.

We do not sell or share personal information for cross-context behavioral advertising.

No retargeting pixels.

Analytics & providers we use

  • PostHog (Cloud EU) for analytics, heatmaps, and optional session recording. We route events through our first-party proxy on Cloudflare before processing in the EU.
  • Supabase (on AWS us-east-2/Ohio) for database and infrastructure.
  • Resend for sending transactional and newsletter emails.
  • Cloudflare for hosting/CDN and security.

These providers act on our instructions and are not permitted to use your data for their own advertising purposes. We intend to maintain appropriate data processing terms with our providers.

Your choices

  • Analytics/session recording:
    toggle your settings here to opt out. This disables analytics and session recording for your browser.
  • Emails: every newsletter includes an unsubscribe link. Transactional emails (e.g., confirmations) may still be sent where necessary.
  • Deletion: you can ask us to delete your information. Waitlist entries are automatically deleted if no account is created within 6 months of an invite.

Do Not Track & GPC

Some browsers send a Do Not Track (DNT) signal. We do not respond to DNT signals. If you don’t want analytics, please use the opt-out described above.

Browsers may also support Global Privacy Control (GPC). Because we do not sell or share personal information for cross-context behavioral advertising, GPC-based sale/share opt-outs are not applicable to our current practices. If our practices change, we will update this policy.

Retention

  • Waitlist data: auto-deleted after 6 months if no account is created.
  • Analytics/session data: kept up to 24 months, then deleted or aggregated.
  • We may retain limited records if required by law or to protect our service.

International transfers

We primarily operate in the United States. Data may be processed in the US and other countries. For EEA/UK visitors, our processors use appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers.

Security

We use best practices to protect your data. Even though no system is perfectly secure, we are cautious and take great care to protect your data.

Children’s privacy

Our website is for individuals 16+. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, please contact us and we will delete it.

Region-specific notes

  • United States: opt out of analytics as described; unsubscribe from newsletters anytime.
  • EEA/UK: depending on your situation, you may have rights (access, deletion, etc.). Use the contact method below and we’ll help.

Contact

For privacy questions or requests, please use our Contact Form.

GDPR/UK Supplement

Applies to visitors located in the European Economic Area (EEA) and the United Kingdom.

Controller & Contact

We are based in the United States. For EEA/UK visitors, we act as the data controller responsible for your information.

Controller: Just for You
Contact: Use this form

Lawful Bases

  • Consent – for non-essential analytics (including heatmaps and session recording) and newsletters/marketing emails.
  • Legitimate interests – to operate, secure, and improve the site (strictly necessary logging/security).

Cookies & Analytics (EEA/UK)

We do not use non-essential cookies or similar technologies (e.g., analytics, heatmaps, session recording) unless you give consent. You can give or withdraw consent at any time using the in-page privacy control (Settings → Privacy).

Your Rights

You may have the right to request access, correction, deletion, restriction, objection, and data portability. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. Use the contact method above to make a request. We may ask for information to verify your identity.

You can exercise these rights by using our contact form and specifying that your request concerns personal data.

International Transfers

Your data may be processed outside the EEA/UK. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) offered by our processors.

Processors

We use processors acting on our instructions, including PostHog (EU cloud; routed via our Cloudflare proxy), Supabase (on AWS us-east-2), Resend (email), and Cloudflare (hosting/CDN/security). These providers are not permitted to use your data for their own advertising purposes.

Retention

Waitlist entries are automatically deleted after 6 months if no account is created. Analytics/session data is kept up to 24 months, then deleted or aggregated. We may retain limited data to comply with law or protect the service.

Automated Decision-Making

We do not engage in automated decision-making producing legal or similarly significant effects.

Complaints

You have the right to lodge a complaint with your local supervisory authority. We would appreciate the chance to address your concerns first via the contact method above.