What we collect, and what we don't.

When you join the waitlist we store your email and the segment you picked (Solo PM, Head of Product, Founder). We use it for exactly one thing: to write to you when your city opens.

No newsletter, no drip campaign, no resale. It lives in our EU Supabase project (Frankfurt) and is deleted the moment you ask.

We log page views, CTA clicks, scroll depth and time on page under a random session id plus a visitor id kept in your browser's localStorage — never a cookie, never your IP, never a fingerprint. The visitor id only lets us avoid counting the same person twice.

We also keep the UTM tags and referrer hostname you arrived with, so we know which channel sent you.

Our hosting provider derives a two-letter country code (e.g. “FR”) from your connection at the edge. We store only that coarse code so we can see which countries our visitors come from — never the IP address it was derived from. That's the extent of it.

No Google Analytics, no advertising pixels, no session replay. PostHog stays dormant unless this notice says otherwise. Fonts are self-hosted through Next.js — no Google Fonts CDN, no runtime third-party requests.

Analytics events older than 180 days are purged automatically. Waitlist emails are removed on request, immediately.

Email hi@holonlab.co for any GDPR request — access, rectification or erasure. We answer within 7 days. Holon is built EU-first: regions in the EU, no third-party CDNs at runtime, no raw user content in logs.