Privacy Policy
Effective 3 July 2026. Short, because we collect very little.
The short version
- No cookies, no advertising trackers, no fingerprinting.
- We run our own first-party, cookieless analytics — page views and a few interaction events, sent to our own server (no third-party scripts), tagged with a random per-session id that isn't tied to your identity.
- API requests are processed to answer them and to enforce rate limits — request parameters are dates and country codes, not personal data. Don't put personal data in API parameters.
- The only personal data we ask for is an email address, and only when you request an API key, join the launch-note list, or express interest in a paid plan.
- For API keys we keep a small record: your email, a one-way hash of the key (never the key itself), and how much you use it.
API keys — what we store
When you request a key (POST /v1/keys), we store a record in our own database (Cloudflare D1): the email you gave, a one-way SHA-256 hash of the key (never the key itself, so a leak of our database can't produce working keys), the tier, and usage counters (a request count and a last-seen timestamp). We use this to operate the key — enforce rate limits, support revocation, and understand how the preview is actually used. We do not log your API request parameters against your key. Ask us and we'll delete your key record.
When you request a key through the website form, the same form also records your email (with the context, e.g. "key signup") via Formspree so we can send you the launch note and product-relevant updates about Datewise — that's the deal stated on the form, and there is no other mail.
Launch-note signups and paid-plan interest (website forms): submitted to and stored by Formspree (our form processor), which emails them to us. We use them to send what the form said we'd send, and to contact you about a plan you asked about. We don't sell or share these addresses. Want an address deleted? Contact us (below) and we'll remove it from Formspree and our inbox.
Analytics — our own, first-party and cookieless
We run no third-party analytics (no Google Analytics, no Plausible, no ad networks) and set no cookies. Instead the site sends page views and a handful of interaction events (for example, "opened the get-a-key dialog" or "clicked a pricing plan") to our own endpoint, stored in our Cloudflare D1 database. Each event carries the page path, the referring site (so we can tell how many visitors arrived from, say, Hacker News), and a random per-session identifier kept in your browser's sessionStorage — it is not a cookie, it resets when you close the tab, and it is never tied to your email or any other identity. We use this only to understand how the preview is used and where visitors come from; we do not build advertising profiles and never sell or share it.
What our infrastructure sees
The Service runs on Cloudflare (Workers, with the key record and the analytics events above in Cloudflare D1). Like any host, Cloudflare processes connection metadata — including your IP address, which we also use (transiently, at the edge) for keyless rate limiting.
Where data lives
Cloudflare operates globally (our key database is a Cloudflare D1 instance); Formspree is US-based. If you're in the EU/EEA: the legal basis for processing an email you submit is the consent you give by submitting it, and you can withdraw it by asking us to delete the address (and your key record).
Changes and contact
If this policy changes, the effective date above changes with it. Questions or deletion requests: use the contact page.