Privacy

Use of your data

We use your information to build and send the report, to operate and protect the service (for example, brief IP-based rate-limiting), and to improve the aggregate insight we produce. At signup we collect your email, and optionally your name, LinkedIn, organization and lab, role, coarse location (country and region only — not a street address or precise location), and the platforms and vendors you care about. In the quarterly check-in we ask for sentiment and direction of change — how relationships and momentum are shifting — not hard numbers, prices, spend, or revenue, and we don’t ask for anything confidential. Every question is optional, with a “Prefer not to say” choice throughout, so you can skip anything you don’t want to answer.

This is a named check-in, not an anonymous survey: your answers are stored linked to your account so you can edit or withdraw them and so we can send you your report. When we publish, we publish aggregated, group-level results — we don’t publish individual labs, people, or named companies, and we report only at a level where the published picture reflects the group, not any single contributor (for example, by withholding or combining results where too few people have responded). We don’t collect passwords, payment details, or sensitive personal data. We use your IP address only for short-window rate-limiting (a few minutes) and to prevent abuse; we don’t retain it long-term.

Our lawful basis (GDPR/UK GDPR Art. 6) is your consent for keeping your account, storing your answers linked to you, and emailing you — which you can withdraw at any time. Separately, we rely on our legitimate interest (Art. 6(1)(f)) for two narrow things: producing and publishing the aggregated, de-identified report, and keeping your IP address briefly to prevent abuse — you can object to that processing at any time. We do not sell your personal information and we don’t use it for advertising.

Storage & retention

Your data lives in a managed Postgres database, with row-level security so the public site can only read aggregate, non-confidential data. Privileged access paths are restricted to our server and designed not to be reachable from the browser. We use a small number of service providers that process data on our behalf under our instructions, currently including Supabase (database), Vercel (hosting), Resend (email), and Cloudflare (backup storage and email routing). A daily backup of the database is stored separately as a backstop, kept only for a short period — normally about 30 days — before being deleted on a rolling basis. No system is perfectly secure, but we take reasonable measures to protect your information.

Your data is stored and processed in the United States. The US does not have a general EU/UK “adequacy” decision, so US data-protection law may offer less protection than your home country; because of this we transfer your data on the basis of your explicit consent (GDPR/UK GDPR Art. 49(1)(a)), which you give when you join and can withdraw at any time. We keep your data for as long as you’re part of ReaDepth and delete it when you ask us to (or if the project winds down).

Your rights & deleting your data

You can delete your data at any time using the link in any email we send you. That link opens your account page, where you can unsubscribe from emails or delete your data; to delete, you confirm by typing your email back. Deletion removes your personal record and your check-in answers, and strips your name from anything you reported — the de-identified facts you contributed stay in the dataset, but the link to you is dissolved. One caveat: deletion does not rewrite past backups, so a copy may remain in a daily snapshot until it ages out, within about 30 days.

You also have the right to access, correct, export, restrict, or object to our use of your data (including objecting to any processing we base on legitimate interest), to erase it, and to withdraw consent at any time — just email us. If you’re in the EU or UK, you have the right to complain to your local data-protection supervisory authority.

Cookies

We keep cookies to a minimum. ReaDepth uses only strictly necessary cookies — to keep you signed in to your own pages and to help prevent abuse. We do not use advertising cookies or third-party analytics or tracking services, so there’s no cookie banner to click through.

Questions

ReaDepth is run by Alex Dickinson. Questions about your data? Email alex@readepth.com.