Privacy Policy

Last updated: April 25, 2026

This privacy policy explains how badbeat.dev ("we", "us", "our") collects, uses, and protects your personal data when you visit this website or subscribe to our newsletter.

We respect your privacy and are committed to handling your data transparently and in compliance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018).

1. Data Controller

Floppi Oy (Business ID: 3415898-1)

Contact: hello@badbeat.dev

We are the data controller responsible for the personal data processed through this website.

2. What Data We Collect

We collect only the data we need to operate this website and deliver content to subscribers.

Newsletter subscriptions:

  • Email address (required)
  • Subscription date and status
  • Email engagement data (opens, clicks) — collected by our newsletter platform

Comments and member accounts (if you create one):

  • Email address
  • Display name (optional)
  • Comment content
  • Account activity timestamps

Analytics data (only with your consent):

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent
  • Device type
  • Approximate geographic location (country/city level)

Essential technical data:

  • Session cookies for login and security (CSRF protection)

Under GDPR Article 6, we rely on the following legal bases:

  • Consent (Article 6(1)(a)) — for analytics cookies and newsletter subscriptions. You can withdraw consent at any time.
  • Legitimate interest (Article 6(1)(f)) — for essential website operation, security, and fraud prevention.
  • Contract performance (Article 6(1)(b)) — for delivering the newsletter content after you have subscribed.

4. How We Use Your Data

We use your personal data only for the following purposes:

  • Sending you the newsletter you subscribed to
  • Responding to your messages and inquiries
  • Understanding how visitors use the site (with consent)
  • Maintaining website security and preventing abuse
  • Complying with legal obligations

We do not use your data for:

  • Selling to third parties
  • Profiling for advertising purposes
  • Automated decision-making with legal effects

5. Cookies and Tracking

We use the following cookies:

Essential cookies (always active):

  • Session cookies for login functionality
  • CSRF tokens for form security

Analytics cookies (only with your consent):

  • Google Analytics 4 (via Google Tag Manager)
  • Used to measure traffic and improve content

You can accept or reject analytics cookies via the consent banner shown on your first visit. You can change your choice at any time using the "Cookie settings" link in the footer.

If you reject analytics cookies, no analytics data is collected.

6. Third-Party Services

We share data with the following processors who help us operate the site:

Service Purpose Data shared Location
Ghost Website hosting and newsletter delivery Email, account data EU and non-EEA (with appropriate safeguards such as Standard Contractual Clauses)
Google Analytics / Google Tag Manager Website analytics (with consent only) Anonymized usage data USA
ProtonMail Email correspondence Email content Switzerland

Switzerland is recognized by the European Commission as providing an adequate level of data protection.

Some of these services may transfer data outside the European Economic Area (EEA). When this happens, we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

7. Data Retention

We keep your data only as long as necessary:

  • Newsletter subscriptions: until you unsubscribe
  • Comments and member accounts: until you request deletion or close your account
  • Analytics data: according to the retention period configured in Google Analytics (up to 14 months)
  • Email correspondence: up to 2 years after last contact, unless required by law

8. Your Rights

Under GDPR, you have the following rights:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your data
  • Right to restrict processing — limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — at any time, without affecting prior lawful processing

To exercise any of these rights, email hello@badbeat.dev. For sensitive requests, you can use our PGP key to encrypt your message.

We will respond within 30 days. There is no fee unless your request is manifestly unfounded or excessive.

9. Data Security

We protect your data using industry-standard measures:

  • HTTPS encryption for all site traffic
  • Encrypted storage at our hosting provider
  • Two-factor authentication on administrative accounts
  • Regular security updates
  • PGP-encrypted email for sensitive communications

No system is fully secure. If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours where required by GDPR. If the breach is likely to result in a high risk to you, we will also notify affected individuals without undue delay.

10. International Data Transfers

Some of our service providers (e.g., Google) are based outside the EEA. When data is transferred internationally, we rely on:

  • The EU-U.S. Data Privacy Framework (where applicable)
  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for specific countries

11. Children's Privacy

This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. Significant changes will be announced via newsletter or a banner notice.

13. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

  • Postal address: P.O. Box 800, 00531 Helsinki, Finland
  • Visiting address: Lintulahdenkuja 4, 00530 Helsinki
  • Email: tietosuoja@om.fi
  • Phone: +358 29 566 6700
  • Website: tietosuoja.fi

You may also contact the data protection authority of your country of residence within the EU/EEA.

14. Contact

For any questions about this privacy policy or how we handle your personal data:

Email: hello@badbeat.dev

PGP key: Download public key

We respond to all privacy-related inquiries within 30 days.