Privacy Policy

What we collect, why, and what we do not.

Aethel collects the minimum data required to operate. We do not build behavioural profiles, sell data, or track individuals. This page states precisely what we collect, why, who sees it, and how long we keep it.

Effective date: 9 May 2026

What We Collect

Waitlist entries

When you join the waitlist, we store your email address, an optional reason, the page you joined from, and whether you opted into a monthly digest. Nothing else.

Contact submissions

When you use the contact form, we store your name, email, subject, and message text. Submissions are retained so we can reply and track correspondence status.

Anonymous session identifiers

A 64-character hex token is generated on your first visit and stored in an HTTP-only, same-site cookie named aethel_sid. It carries no personal information — it is a random value used solely to count concurrent visitors and total site visits without tracking individuals.

Blog engagement signals

When you open a post, a view is counted. When you read to the end, a read is counted. Both are deduplicated per session per post using Redis rate limiting. We store only integer counts — not which user viewed which post.

IP addresses

Your IP address is read server-side to enforce rate limits on the waitlist, contact, and stats endpoints. It is not persisted to the database. Once the rate-limit window closes, no record of the address remains.

How We Use It

Launch notification

Waitlist email addresses are used for one purpose: notifying you when early access opens. If you opted in, you may receive a monthly blog digest in addition to that single launch email. We do not send marketing, newsletters, or promotional content.

Correspondence

Contact submissions are read and replied to by the Aethel team. We do not route them through third-party CRMs or automated pipelines.

Aggregate analytics

Visitor counts and blog engagement figures appear on the site as aggregate numbers — online visitors, total visits, views, reads, and completion rate. They inform product decisions. No individual is identifiable from any displayed figure.

Abuse prevention

Rate limiting uses your IP address transiently to prevent spam submissions to the waitlist, contact, and stats endpoints. This data is never stored or analysed beyond its immediate purpose.

Cookies & Storage

aethel_sid (session cookie)

A single first-party cookie, HTTP-only, SameSite=Lax, with a 24-hour max-age. It holds a random 64-character hex token. It is not accessible to JavaScript, cannot be sent cross-site, and contains no personal information. Deleting it or clearing cookies removes it entirely.

No tracking cookies

We do not set advertising, analytics, or fingerprinting cookies. We do not use Google Analytics, Mixpanel, or any behavioural tracking service.

Google AdSense

When AdSense is enabled, Google may set its own cookies governed by Google's privacy policy. AdSense ads appear in designated slots only. We do not share waitlist or contact data with Google, and we do not control the cookies Google sets.

Third Parties

Supabase (PostgreSQL)

Our primary database. Waitlist entries, contact submissions, blog posts, and site stats are stored on Supabase infrastructure in the ap-northeast-1 (Tokyo) region. Supabase does not process this data for its own purposes.

Upstash (Redis)

Rate-limit state is stored in Upstash Redis. Only counters keyed by IP address or session identifier are written — no personal data. Counters expire automatically at the end of each rate-limit window.

Google AdSense

Advertisement slots load from Google's ad servers. Google's data practices are governed by its own privacy policy. If you wish to opt out of personalised advertising, visit Google's Ad Settings.

Google Fonts

Fonts are loaded at build time via Next.js font optimisation and served from our own origin. No requests are made to Google Fonts servers by your browser.

Data Retention

Waitlist entries

Retained until you request deletion or until the waitlist is closed following the product launch.

Contact submissions

Retained until the matter is resolved and archived, or until you request deletion.

Active visitor records

Purged automatically after five minutes of inactivity. No long-term record of individual sessions is kept.

Blog stats

Aggregate integer counts retained indefinitely as part of the post record. No individual-level reading history is stored.

Rate-limit counters

Expire automatically at the end of each window (one hour for the waitlist, twenty-four hours for contact, one minute for stats endpoints). Not persisted beyond their window.

Your Rights

Access and deletion

You may request a copy of the personal data we hold about you, or ask us to delete it, by emailing us at the address below. We will respond within five working days.

Waitlist opt-out

You may remove yourself from the waitlist at any time by emailing us. We will delete your entry from the database and send no further communications.

Cookie removal

Clear your browser cookies to remove the aethel_sid session token. A new anonymous token will be issued on your next visit.

No account, no lock-in

Because Aethel does not require an account, there is no profile to delete. Your presence on the site is an anonymous session. Walking away is sufficient.

Policy Changes

How we notify you

Material changes to this policy will be announced via a blog post. The effective date at the top of this page will be updated. Continued use of the site after a change constitutes acceptance of the revised policy.

What will not change

We will not begin selling data, introducing undisclosed third parties, or removing rights you currently hold without prominent advance notice.

Contact

Privacy questions, access requests, and deletion requests go to:

bangcesaryahoo@gmail.com

We respond to most enquiries within five working days.