§ Privacy Policy

How this site handles data.

A short, honest summary of what lubosdusek.com collects, why, where it's stored, and what your rights are. Written to be readable, not impressive.

Last updated · 10 May 2026

§ 01Who I am

This site is run personally by Lubos Dusek. lubosdusek.com is a personal publication. There is no company, no team, and no commercial entity behind it.

For the purposes of UK and EU data protection law, that makes me the data controller for any personal data this site processes.

Contact: hello@lubosdusek.com

§ 02What this policy covers

This policy applies to lubosdusek.com and any subdomains under it. It covers the data the site collects, how it's used, where it's stored, and what your rights are.

It does not cover external sites linked from here (LinkedIn, regulatory authority pages, official journals, news outlets). Those are governed by their own policies.

§ 03What I collect

The site has two places where you can submit data, and one place where data is collected automatically by hosting infrastructure.

Newsletter signups

When you submit your email address through the newsletter form, I store it along with the timestamp of your signup. That is all. No name, no extra fields. The email is used only to send the newsletter.

Survey responses (The Trust Gap)

The Trust Gap is an anonymous research survey. Responses are stored along with the timestamp of submission. No email, no IP address, and no other identifying information is captured by the survey form. If you choose to write something into a free-text comment field, it is stored as you wrote it. So please don't include personal information there unless you want it stored.

Server access logs

The site is hosted on Cloudflare Pages. Cloudflare automatically logs standard request information for security and abuse prevention: IP address, user agent string, request path, timestamp. These logs are operated by Cloudflare and governed by Cloudflare's privacy practices.

What I do not collect

The site does not run analytics or tracking scripts. No Google Analytics, no Plausible, no Fathom, no equivalent. The site does not set tracking cookies of its own. The only third-party request the site makes on page load is to Google Fonts (fonts.googleapis.com) for typeface delivery; this transmits standard request metadata to Google as a service operator.

§ 04Why I collect it

Newsletter emails are used to send newsletter editions.
Survey responses are aggregated for research and writing on platform trust and data practices.
Hosting logs are used by Cloudflare for site security and operation.

I do not sell or trade data. I do not use it for advertising. I do not share it with third parties beyond the processors listed in section 06.

§ 05Legal basis

Under UK GDPR and EU GDPR, the legal bases I rely on are:

Newsletter signups: consent. You opt in by submitting the form. You can withdraw at any time by unsubscribing.
Survey responses: consent. Participation is voluntary, and the survey makes clear that responses are stored.
Hosting logs: legitimate interests. Site security and operation.

§ 06Where data is stored

Newsletter emails and survey responses are stored in a Supabase database. Supabase is the data processor.
Hosting logs are managed by Cloudflare as the data processor.
Google Fonts serves the typefaces used on the site. Loading a font file from fonts.googleapis.com transmits standard request metadata to Google.

Each provider has its own privacy framework and security practices. None of them receive content from the survey or newsletter in a way that lets them reconstruct individual users beyond what's listed above.

§ 07Sharing

I do not sell, rent, or trade your data. I do not share it with third parties beyond the processors named in section 06 (Supabase, Cloudflare, Google Fonts).

I may disclose data if legally required to do so by a valid court order or law enforcement request. If that ever happens and the law allows, I will notify you.

§ 08Retention

Newsletter emails: kept until you unsubscribe.
Survey responses: kept indefinitely in aggregate form for ongoing research. Because responses are anonymous, I cannot identify your specific submission unless you provide identifying details with your request.
Hosting logs: governed by Cloudflare's retention practices, typically short.

§ 09Your rights

Under UK GDPR and EU GDPR, you have the right to:

access the personal data I hold about you
ask for it to be corrected
ask for it to be deleted
object to processing
ask for it to be transferred to you in a portable format
withdraw consent at any time
complain to the UK Information Commissioner's Office (ico.org.uk) or your equivalent national authority

To exercise any of these rights, email hello@lubosdusek.com. I will respond within one calendar month, and earlier where possible.

§ 10Newsletter unsubscribe

Each newsletter edition includes an unsubscribe link in the footer. Clicking it removes your email from the list. You can also email hello@lubosdusek.com to be unsubscribed manually.

§ 11Changes to this policy

This policy may be updated. The version date is at the top of this page. Material changes (for example, new categories of data collected) will be reflected here, and where reasonable, communicated in a newsletter edition.

§ 12Contact

Questions, concerns, or requests: hello@lubosdusek.com.