Privacy Policy
Last updated: 1 October 2025
This Privacy Policy explains how YANGOT Technologies UG (haftungsbeschränkt) ("we", "us", "our") collects and processes your personal data when you visit https://yangot.studio (the "Site") and use our services, including signing up for the Cursor Craft Kit waitlist and emails (together, the "Services").
If you have any questions, contact us at privacy@yangot.studio.
Short version (human-readable)
We collect your email if you ask us to. With your consent, we use privacy-friendly analytics to improve the page. You can unsubscribe and change cookie settings any time. We won't sell your data. We only work with processors we trust, under GDPR contracts.
1) Controller
Controller: YANGOT Technologies UG (haftungsbeschränkt)
Address: Fasanenstraße 67i, 82008 Unterhaching, Germany
Email: privacy@yangot.studio
Data Protection Officer: YANGOT Technologies UG (haftungsbeschränkt) — privacy@yangot.studio
2) What data we collect
2.1 Data you provide directly
- Email address (waitlist/newsletter signup).
- Consent preferences (e.g., analytics, marketing).
- Self-reported attribution (e.g., "Where did you hear about us?") when you submit it.
- Replies to our emails (content of your message).
2.2 Data collected automatically (when you visit)
- Device and usage data: IP address (short-lived/ephemeral where possible), user-agent, pages viewed, timestamps, referrer/UTM parameters, and events like form starts/submits.
- First/last touch source: stored in your browser (e.g., localStorage) to attribute visits and signups.
- Consent state: whether you accepted or declined optional cookies/analytics.
2.3 Cookies & similar
We use essential cookies for site functionality and, with your consent, analytics cookies. See Section 10 (Cookies).
We do not intentionally collect special categories of data (GDPR Art. 9). We do not conduct automated decision-making that produces legal or similarly significant effects (GDPR Art. 22).
3) Purposes & legal bases (GDPR Art. 6)
| Purpose | Data | Legal basis |
|---|---|---|
| Deliver waitlist/newsletter emails | Email, consent | Consent (Art. 6(1)(a)); alternatively Contract when you request the free kit (Art. 6(1)(b)) |
| Run the Site & prevent abuse | Technical logs, IP (short-term) | Legitimate interests in operating a secure service (Art. 6(1)(f)) |
| Analytics & product improvement | Event data, UTM, session info | Consent (Art. 6(1)(a)) via cookie banner |
| Attribution/measurement | UTM, first/last touch source | Consent (Art. 6(1)(a)) |
| Respond to inquiries | Email content, metadata | Legitimate interests in customer support (Art. 6(1)(f)) |
| Legal compliance | Records necessary under law | Legal obligation (Art. 6(1)(c)) |
You can withdraw consent at any time (see Section 9).
4) Where data comes from
- Directly from you (forms, emails).
- From your browser (referrer, UTM parameters, device data).
- From our processors listed in Section 6 (e.g., email platform reporting opens/clicks).
5) Retention
- Email list data: until you unsubscribe or request deletion.
- Analytics events: typically 14 months (or shorter if configured).
- Server/edge logs: typically ≤ 30 days, unless needed to investigate security issues.
- Support emails: up to 24 months after last contact, unless deletion is requested.
We may anonymize/aggregate data for longer-term trend analysis.
6) Processors & data sharing
We use trusted processors to operate the Site. Each processes data solely on our behalf and under a contract (GDPR Art. 28).
- Hosting & deployment: Vercel — serves the Site and static assets (may capture transient logs like IP and request metadata).
- Analytics & experimentation: PostHog — privacy-friendly analytics, funnels, and (optionally) session replay. Only activated with your consent. We mask inputs and respect consent choices.
- Email delivery & list management: Loops — stores your email, manages double opt-in and sequences, tracks link clicks (for deliverability and engagement).
- Link management & attribution: Dub.co — short links with UTM parameters and click metrics when you use our shared links.
- Consent management: Cookiebot/ConsentManager — displays consent banner and stores your choices.
We may disclose data if required by law or to protect our rights, users, or the public.
7) International transfers
Some processors may process data outside the EEA/UK (e.g., the United States). Where this occurs, we rely on:
- Adequacy decisions (if applicable), and/or
- Standard Contractual Clauses (SCCs) approved by the European Commission, plus supplementary measures as needed.
You can request details of transfer safeguards at privacy@yangot.studio.
8) Your rights (EEA/UK)
You have the right to:
- Access your personal data.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict processing in certain cases.
- Object to processing based on legitimate interests.
- Data portability (receive your data in a machine-readable format).
- Withdraw consent at any time (affects future processing).
- Lodge a complaint with a supervisory authority.
Primary supervisory authority (Bavaria, Germany):
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
To exercise your rights, email privacy@yangot.studio. We may need to verify your identity.
9) How to manage consent & marketing
- Cookie/analytics consent: Use the banner on first visit or the "Cookie Settings" link (if present) to change your choices at any time.
- Emails: Click Unsubscribe in any email, or write to privacy@yangot.studio. Unsubscribing stops marketing emails but we may still send essential service messages (e.g., double opt-in confirmations).
10) Cookies & similar technologies
We categorize cookies as follows:
- Essential (strictly necessary): Required for the Site (e.g., security, basic functionality).
- Analytics (consent-based): Helps us understand usage and improve the Site (e.g., PostHog).
- Attribution (consent-based): Stores UTM and first/last touch information for accurate measurement.
| Category | Example | Purpose | Duration |
|---|---|---|---|
| Essential | __Host-next, session flags | Keep pages functional/secure | Session / short-term |
| Analytics | ph_* (PostHog) | Event analytics & funnels | Up to 14 months (configurable) |
| Consent | CookieConsent | Store your choices | As configured by CMP |
| Attribution | cv_firstTouch, cv_lastTouch (localStorage) | Remember first/last traffic source | Until cleared or 12 months |
A current cookie list is available via the consent banner and may update as we change our stack.
11) Children's privacy
Our Services are not directed to children under 16. If you believe a child has provided personal data, contact us at privacy@yangot.studio and we will delete it.
12) Security
We use reasonable technical and organizational measures (encryption in transit, access controls, least-privilege, processor due diligence). No method is 100% secure; please report any concerns to privacy@yangot.studio.
13) Changes to this policy
We may update this policy to reflect changes to our Services or legal requirements. We'll post the new version with the "Last updated" date. For material changes, we may notify you by email or on the Site.
14) Contact
Email: privacy@yangot.studio
Postal: YANGOT Technologies UG (haftungsbeschränkt), Fasanenstraße 67i, 82008 Unterhaching, Germany