Privacy Policy for nystaknit.com
Last updated: 2026-05-21
This policy describes how we process your personal data when you sign up for our waiting list on nystaknit.com.
The policy covers the landing page only. The Nysta app will have its own policy when it launches.
1. Data controller
StatLab (sole proprietorship of Malene Juul Viskum)CVR: 41068027
Alleen 39
8660 Skanderborg
Denmark
Contact: hi@nystaknit.com
2. What data we collect
When you sign up for the waiting list, we collect:
- Your email address
- Language (Danish or English)
- Time of sign-up
- Confirmation status (whether you have confirmed your email via the link)
- Source (which channel you came from, e.g. Reddit, Instagram, direct link)
When you visit the site, we collect anonymised usage data through PostHog:
- Which pages you have viewed
- Which buttons you have clicked
- Language switches
- Scroll depth
- Anonymised region (not your full IP address)
We do not set any tracking cookies. PostHog runs in cookie-free mode without IP storage.
3. Purpose and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Send you one email when Nysta launches | Consent, art. 6(1)(a) |
| Confirm your email address (double opt-in) | Consent, art. 6(1)(a) |
| Improve the landing page through anonymous statistics | Legitimate interest, art. 6(1)(f) |
| Defend the sign-up form against abuse | Legitimate interest, art. 6(1)(f) |
4. Recipients and sub-processors
| Provider | What | Where | Function |
|---|---|---|---|
| Supabase | Email, language, consent timestamp | EU (Frankfurt) | Database |
| Amazon SES | Email address | EU (Ireland) | Sending confirmation and launch emails |
| Vercel | Anonymised request logs | EU + US edge | Hosting of nystaknit.com |
| Cloudflare | IP address (briefly, for traffic protection) | EU + US edge servers. Transfers under SCC. | DNS and DDoS protection |
| PostHog | Anonymised usage data | EU (Frankfurt) | Analytics |
| Sentry | Error data without personally identifiable content | EU (Frankfurt) | Error monitoring |
5. How long we keep your data
| Data | Period |
|---|---|
| Waiting-list sign-up | Until you ask us to delete it, or 6 months after you have received the launch email |
| Unconfirmed sign-ups | 30 days, then deleted |
| Anonymised statistics in PostHog | 12 months |
| Error reports in Sentry | 90 days |
6. Your rights
- Access. You can ask for a copy of the data we hold about you.
- Rectification. You can have incorrect information corrected.
- Erasure. You can ask us to delete your data. We delete within 30 days.
- Data portability. You can have your data delivered in a common format.
- Objection. You can object to processing based on legitimate interest.
- Withdrawal of consent. You can withdraw your consent at any time.
Write to hi@nystaknit.com. We respond within 30 days.
You can complain to the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, dt@datatilsynet.dk.
7. Security
All communication between your browser and nystaknit.com runs over HTTPS. Data at Supabase is encrypted at rest and in transit. Access to the database is limited to people who need it to run nystaknit.com, and happens through individual API keys.
8. Children
Nysta is not aimed at people under 13 years of age. We do not knowingly collect data about people under 13. If you believe a child has signed up for the waiting list, please contact us.
9. Changes to this policy
We may change the policy. The current version is always available at nystaknit.com/privacy with the date of the last update at the top. Material changes are announced to the waiting list by email at least 14 days before they take effect.
10. Questions
Write to hi@nystaknit.com.