• Usage data — anonymous page views, referrers, browser, OS, and country (derived from IP, IP not stored). Source: Vercel Analytics. Aggregated stats are retained for as long as the project runs; no raw event is tied to you because no identifier is stored.
• Performance data — anonymous Core Web Vitals (LCP, CLS, INP). Source: Vercel Speed Insights. Same retention profile as above.
• Correspondence — if you email us, we keep your name, address, and message body until the event is over plus twelve months, then delete the thread.

• No cookies. No local storage tracking. No fingerprinting.
• No advertising or remarketing pixels.
• No third-party analytics beyond Vercel's.
• No newsletter list.
• No automated decisions about you.
• No targeting of children. The site is not intended for anyone under 16.
• No selling, sharing, or licensing of any data, ever.

All processing relies on legitimate interest under Art. 6(1)(f) GDPR — running and improving the site, and managing event correspondence with people who reach out. We don't use cookies, so the ePrivacy consent banner you see everywhere else doesn't apply here.

Vercel Inc. processes our analytics and hosts the site. Vercel may process some data in the United States; their data processing addendum and EU Standard Contractual Clauses apply. We don't run any other vendors that touch visitor data.

TLS in transit, end to end. No personal-identifying writes from visitors today. If we ever suffer a breach affecting your data, we'll notify the supervisory authority within 72 hours and reach you directly if there's a high risk to your rights.

Under the GDPR you may request access, rectification, erasure, restriction, objection, or data portability. Email t@hexa.com and we'll respond within thirty days.

To opt out of analytics, block /_vercel/insights/* with the content blocker of your choice — we don't reach for a server-side fallback to capture you.

You may also lodge a complaint with your local data protection authority. In Belgium that's the Autorité de protection des données.

Tanguy Goretti, on behalf of Off the Radar — Brussels, Belgium.
We don't have a Data Protection Officer; the controller handles requests directly.
Reach: t@hexa.com.

We update this page when something changes — a new processor, a new collection point, a new retention window. The current version date is stamped at the top.