Privacy Policy

Last updated: 17 April 2026

Stanna respects your privacy. This page explains what data we collect on stanna.io, why, and what you can do about it.

We try to collect as little as possible. The landing page uses no tracking cookies, and our analytics are cookieless.

Data controller

Stanna is being built by [TBD: Business entity name], a Serbian business currently under registration. Until the entity is formally registered, the data controller is the project founder.

For any data-related questions, contact privacy@stanna.io.

What data we collect

  • Email address — when you join the waitlist.
  • Signals — short text fragments you optionally submit for moderation and possible display on the site. You may optionally include your email for attribution.
  • Visit data — via our self-hosted Umami analytics: a hashed fingerprint based on your IP and user agent (not your IP itself), page URL, referrer, country, and city. This data is cookieless and anonymous.
  • Unsubscribe status — if you opt out of emails, we record the date you unsubscribed so we don't email you again.

Why we collect it

  • Email — to send a signup confirmation and let you know when Stanna launches (2–3 emails total).
  • Signals — to publish approved submissions on the landing page, demonstrating how Signals work.
  • Visit data — to understand where visitors come from and improve the site.

Legal basis

  • Email and Signals — your explicit consent, given when you submit the form (Article 12 ZZPL / Article 6(1)(a) GDPR). You can withdraw consent at any time via the unsubscribe link or by emailing privacy@stanna.io.
  • Visit data — our legitimate interest in understanding traffic (Article 6 ZZPL / Article 6(1)(f) GDPR). We use cookieless analytics specifically to minimize impact on your privacy.

Who processes your data on our behalf

  • Supabase, Inc. — database hosting (US/EU regions)
  • Resend, Inc. — transactional email delivery (US)
  • Netlify, Inc. — web hosting and CDN (US)
  • Umami — analytics, self-hosted on our Railway infrastructure (EU)

All processors are bound by data processing agreements. For transfers outside Serbia and the EU, we rely on Standard Contractual Clauses approved by the European Commission.

How long we keep your data

  • Waitlist email — until Stanna launches, plus 90 days to migrate accounts; then deleted unless you create an account.
  • Approved Signals — published indefinitely in anonymous form. Any email you attached is kept separately for up to 12 months, then deleted.
  • Rejected Signals — deleted within 90 days.
  • Visit data — aggregated after 30 days, retained for 12 months, then deleted.
  • Unsubscribe record — kept indefinitely to ensure we don't email you again.

Cookies and browser storage

Stanna's landing page uses no tracking cookies. We store a single item in your browser's localStorage (stanna-theme) to remember your light/dark mode preference. It never leaves your device.

Your rights

Under the Serbian Law on Personal Data Protection (ZZPL) and the GDPR, you can:

  • Access a copy of your data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Port your data to another service
  • Withdraw consent at any time — every email we send includes an unsubscribe link
  • File a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik) at poverenik.rs

To exercise any of these rights, email privacy@stanna.io. We'll respond within 30 days.

Children

Stanna is not intended for anyone under 18. We don't knowingly collect data from minors. If you believe we've received data from someone under 18, please email us and we'll delete it.

Changes to this policy

If we update this policy, we'll post the new version here and update the "Last updated" date. For material changes affecting waitlist subscribers, we'll also send an email.

Contact

Questions about this policy or your data: privacy@stanna.io