Privacy
Privacy Policy
This policy explains what personal data AfterhoursFounders collects, why, the legal basis for each use, who we share it with, how long we keep it, and the rights you have. We collect as little as we can and never sell your data.
Last updated: 2026-06-16.
1. Who is responsible for your data
The data controller for afterhoursfounders.com is Berries Lab S.L. (VAT ESB72854060), Paseo del Mare Nostrum 15, 08039 Barcelona, Spain. For any privacy question or to exercise your rights, contact hello@afterhoursfounders.com.
2. What we collect, why, and our legal basis
| Data | Why | Legal basis (GDPR Art. 6) |
|---|---|---|
| Your email address (if you subscribe) | To send you the newsletter you asked for, with a confirmation (double opt-in) step. | Consent — Art. 6(1)(a). You can withdraw any time (see §6). |
| Approximate location (city/country), derived from your IP at our edge | To show a localized date/place line in the masthead. Computed in transit and not stored. | Legitimate interest — Art. 6(1)(f): a minor, non-intrusive display feature. |
Ad click + campaign identifiers (e.g. gclid, utm_*) in a first-party cookie | To measure which advertising campaigns lead to sign-ups. | Consent — Art. 6(1)(a), via the cookie banner. EU/EEA visitors: set only after you accept. |
| Usage analytics (pages viewed, events) via GA4 and PostHog | To understand and improve how the site is used, in aggregate. | Consent — Art. 6(1)(a), via the cookie banner. |
| Anti-spam signal (Cloudflare Turnstile) and request metadata (IP, user-agent) at the edge | To protect the sign-up form from bots and to keep the service secure and available. | Legitimate interest — Art. 6(1)(f): security and abuse-prevention. |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects, and we do not knowingly collect data from children (this site is not directed at people under 16).
3. Cookies and similar technologies
We default to denying all non-essential storage (Google Consent Mode v2) until you choose. The full list of cookies, what each does, and how to change your choice is on our Cookie Policy. You can reopen your choices any time via “Cookie preferences” in the footer.
4. Who we share it with
We don’t sell your data. We use a small set of service providers (processors) that handle data on our behalf under contract, and — only with your consent — analytics/advertising providers:
| Recipient | Role | Location & safeguard |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, WAF, bot-protection (Turnstile), media storage (R2), edge key-value (rate limiting), approximate-location lookup | Global edge; processing nearest the visitor — EU Standard Contractual Clauses (SCCs) / Data Processing Addendum |
| Neon, Inc. | Managed PostgreSQL database (stores subscriber records) | United States (us-east-1) — EU Standard Contractual Clauses (SCCs) |
| Railway Corp. | Application hosting for the content-management system | United States — EU Standard Contractual Clauses (SCCs) |
| Resend (Plus Five Five, Inc.) | Transactional + newsletter email delivery (sends via Amazon SES, EU region) | United States / EU (eu-west-1) — EU Standard Contractual Clauses (SCCs) |
| Google Ireland Ltd. (Google Analytics 4, Google Ads, Tag Manager) | Audience analytics, advertising-conversion measurement, tag orchestration — only with your consent | EU / United States — EU–U.S. Data Privacy Framework + SCCs |
| PostHog, Inc. | Product analytics (EU-hosted instance) — only with your consent | European Union (eu.posthog.com) — EU hosting; SCCs for any support access |
| YouTube / Google | Video playback — loaded only if you click to play an embedded video (click-to-load facade) | EU / United States — EU–U.S. Data Privacy Framework + SCCs |
5. International transfers
Some providers above process data outside the EU/EEA (notably in the United States). Where they do, the transfer is covered by appropriate safeguards — EU Standard Contractual Clauses and, where applicable, the EU–U.S. Data Privacy Framework — as noted per recipient. You can request a copy of the relevant safeguards from hello@afterhoursfounders.com.
6. How long we keep it
- Unconfirmed subscriptions: deleted shortly after the confirmation window closes if you never confirm.
- Confirmed subscribers: kept until you unsubscribe, then removed (we may keep a minimal suppression record so we don’t email you again).
- Approximate location: never stored (computed in transit).
- Advertising-attribution cookie: up to 90 days (see Cookie Policy).
- Analytics: retained per each provider’s configured retention.
- Security/edge logs: short-lived, kept only as long as needed for security and operation.
7. Your rights
Under the GDPR you have the right to:
- access the data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to processing;
- data portability (receive your data in a portable format);
- withdraw consent at any time, without affecting prior lawful processing.
To exercise any of these, email hello@afterhoursfounders.com. You can unsubscribe from the newsletter using the link in any email or by contacting us. We respond within the timeframe the GDPR requires (generally one month).
8. Complaints
If you believe we’ve mishandled your data, please contact us first so we can put it right. You also have the right to lodge a complaint with a supervisory authority — for us, that is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) — https://www.aepd.es.
9. Changes to this policy
We may update this policy as the site evolves. We’ll change the “last updated” date above and, for material changes that affect how we use your data, give clearer notice.
Questions: hello@afterhoursfounders.com.