Psycron.app — Website Privacy Policy

Last updated: April 29, 2026

Psycron ("we", "our", "us") operates the informational website psycron.app.
This Privacy Policy describes how we process visitor data strictly for website functionality, analytics (optional), and newsletter sign-ups (optional).

This Privacy Policy applies only to the public psycron.app website. It does not apply to any future Psycron applications or platforms that may process health or psychological data.

1. Data We Collect

We only collect minimal information necessary for the website to function and improve.

We never collect special-category data (health, mental health, biometrics, etc.) or identifiable data from website visitors, as this Privacy Policy applies only to the public informational psycron.app website.

1.1 Essential Technical Data (No Consent Required)

Under GDPR, strictly necessary cookies and local storage items related to website functionality may be used without consent. These items ensure the website operates correctly. They do not identify you and do not require consent.

Therefore:

  • We use localStorage to store your cookie consent preferences (key: psycron-cookie-consent). This item never contains personal data and is only used to remember your choice so we do not ask you again on every visit;

  • We may use sessionStorage to store purely functional navigation state. These items never contain personal data and are cleared automatically when you close the browser tab.

You can change your cookie preferences at any time using the cookie settings link in the banner or footer. For more information on how we use cookies, please visit our Cookie Policy.

1.2 Optional Analytics Data (Requires Consent)

We use PostHog for product analytics — only after you give explicit consent through our cookie banner. If you do not accept analytics cookies, PostHog will not load and no data will be sent.

If you accept analytics cookies, PostHog may collect:

  • Pages visited and time spent on each page
  • Scroll depth and interactions with buttons and links
  • Device type, browser, operating system, and screen resolution
  • Approximate geographic location (country/city level, derived from IP address — IP is not stored)
  • Referral URL and UTM campaign parameters

PostHog is configured with person_profiles: 'identified_only', meaning no personal profile is created for anonymous website visitors.

1.3 Optional Marketing Data (Requires Explicit Consent)

a) Newsletter / Waitlist Submission

If you voluntarily enter your email into our newsletter or early-access form, we collect:

  • Email address
  • Consent timestamp
  • Consent purpose ("Receive updates about Psycron")

Submitting the form counts as explicit consent.
We do not collect names, IP addresses, or any other personal information at sign-up.

b) Contact and Careers Forms

If you send a message via our contact or careers form, we collect the information you voluntarily provide (name, email, message). This is used solely to respond to your enquiry.

c) Advertising Pixels (Future — Not Currently Used)

We currently do not use Meta Pixel, Google Ads, LinkedIn Insight Tag, or retargeting tools.

If added later, we will request separate marketing consent.

2. How Your Data Is Used

Type of Data Purpose Legal Basis (GDPR) Legal Basis (LGPD)
Essential cookies / localStorage Website functionality Legitimate interest (Art. 6(1)(f)) Legitimate interest (Art. 7, IX)
Analytics (PostHog) Improve UX and understand usage Consent (Art. 6(1)(a)) Consent (Art. 7, I)
Newsletter email Send product updates Explicit consent (Art. 6(1)(a)) Consent (Art. 7, I)
Contact / careers form data Respond to enquiries Legitimate interest (Art. 6(1)(f)) Legitimate interest (Art. 7, IX)

We do not perform profiling, automated decision-making, or combine data to identify users.

3. International Data Transfers

PostHog processes analytics data on servers located in the European Union (Frankfurt, Germany). No cross-border transfer of analytics data outside the EU/EEA occurs.

Email delivery is handled by Resend, Inc., which operates under GDPR-compliant data processing agreements including Standard Contractual Clauses (SCCs).

Our website infrastructure is hosted by Vercel, Inc. under a GDPR-compliant DPA.

For Brazilian residents, all processors are contractually bound to comply with LGPD Art. 33–36 requirements for international data transfers.

4. Data Retention

Data Retention period
Cookie consent preference (localStorage) Until you clear your browser storage
PostHog analytics data Up to 12 months, then deleted
Newsletter / waitlist email Until you unsubscribe or request deletion
Contact / careers form data Up to 6 months after responding

5. Third-Party Processors

Processor Purpose Privacy policy
PostHog, Inc. Website analytics posthog.com/privacy
Resend, Inc. Transactional email delivery resend.com/legal/privacy-policy
Vercel, Inc. Website hosting and CDN vercel.com/legal/privacy-policy

All processors are bound by data processing agreements and are required to handle data in accordance with applicable data protection law. We never sell or share data with advertisers.

6. Your Rights

Under GDPR (EEA / UK residents)

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data
  • Restriction — ask us to stop processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior lawful processing

You also have the right to lodge a complaint with your national Data Protection Authority.

Under LGPD (Brazilian residents)

You have the right to:

  • Confirm whether we process your data
  • Access the data we hold about you
  • Correct incomplete or inaccurate data
  • Anonymisation, blocking, or deletion of unnecessary data
  • Portability of data you provided
  • Information about third parties with whom we share data
  • Withdraw consent at any time
  • Object to processing carried out without a legitimate basis
  • Lodge a complaint with the ANPD (Autoridade Nacional de Proteção de Dados) at gov.br/anpd

Because we do not identify visitors through essential cookies or analytics, most rights apply primarily to newsletter and form subscribers.

Contact: ask@psycron.app

7. Children's Privacy

The website is not intended for children under 16.
We do not knowingly collect any data about children.

8. Updates to This Policy

If we introduce new features such as user accounts, app access, or health-related tools, we will update this Privacy Policy, create more specific policies to handle those data, and request new consent if required.

9. Contact Information

Psycron (Pre-Incorporation Entity)
Email: ask@psycron.app

A Data Protection Officer (DPO) / Encarregado is not required at this stage because the website does not process sensitive or large-scale personal data.

We use cookies to understand how our site is used and to improve your experience. Analytics cookies are only set with your consent. Learn more