Privacy

Last updated 2026-04-18

This site collects the minimum it needs to send you a plugin and, if you tick the second box on the download form, a newsletter. That's the whole story. Longer version below.

Who we are

Hyperfocus DSP is operated by an individual based in Spain, publicly known online as Hornfisk (see the GitHub organisation hosting all our plugin source code). For any data-protection question, email hello@hyperfocusdsp.com — privacy requests get the same inbox.

If you submit a formal GDPR data-subject request and require the controller's full legal identity (as we are required to provide under Art. 15), we will include it in the response. We do not publish full legal identity on this page while the site offers only free software and an opt-in newsletter; this will change when we launch a commercial product, at which point a registered business identity and address will be disclosed here.

What we collect, and why

Download form (plugin pages)

When you request a free plugin we ask for your email address. We use it for exactly two things, each with its own checkbox:

• Send the download link. Legal basis: performance of a contract (GDPR Art. 6(1)(b)) — you asked for the file, we deliver it.
• Newsletter (optional). Only if you tick the second box. Legal basis: consent (Art. 6(1)(a)). You can unsubscribe from any newsletter email or by writing to us. Withdrawing consent does not affect the lawfulness of processing before you withdrew it.

We never bundle these two purposes. Ticking "send me the download" is not ticking "send me the newsletter."

Server logs

Cloudflare (our hosting + CDN provider) processes request-level data transiently — IP address, user agent, timestamps — to serve the site and stop attacks. We do not look at these logs. Legal basis: legitimate interest in keeping the site up (Art. 6(1)(f)).

Analytics

We use Cloudflare Web Analytics. It is cookieless, does not fingerprint visitors, and sends only aggregate counts to us (page views, referrer, rough country). No personal data, no per-visitor tracking, no banner required. If this ever changes we will say so on this page first.

Cookies

We do not set cookies. No advertising, no session tracking, no third-party embeds that would. That's why there is no cookie banner.

Who processes data on our behalf

We use the following service providers ("processors" under GDPR Art. 28). Each only handles what they need to do their job:

• Cloudflare, Inc. — site hosting (Cloudflare Pages), CDN, analytics, DDoS protection, binary hosting (R2). Processes IP addresses transiently for request routing. Data Processing Addendum: cloudflare.com/cloudflare-customer-dpa.
• Loops Inc. — email list and transactional delivery for download links and the newsletter. Stores your email address and whatever engagement metadata Loops generates (opens, clicks) so the list works. Privacy policy: loops.so/privacy.

Where your data goes

Cloudflare and Loops are US companies. Transfers outside the EEA are covered by the European Commission's Standard Contractual Clauses, referenced in each provider's DPA. Cloudflare's edge network stores request logs regionally; binary downloads are served from Cloudflare R2 (set to WEUR, Western Europe).

How long we keep it

• Email addresses collected for download links but without newsletter consent: deleted after 30 days.
• Newsletter subscribers: kept until you unsubscribe or ask us to delete you.
• Server request logs at Cloudflare: retained per Cloudflare's policy (typically days to weeks, transiently).

Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Correct inaccurate data (Art. 16).
• Have your data erased (Art. 17).
• Restrict how we process it (Art. 18).
• Receive your data in a portable format (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time for anything you consented to.

Email hello@hyperfocusdsp.com from the address on file and we will act within one month (GDPR Art. 12(3)).

Complaints

If you think we are mishandling your data, you can complain to the Spanish supervisory authority, the Agencia Española de Protección de Datos (AEPD), at aepd.es. We would appreciate a chance to fix it first — reach out to hello@hyperfocusdsp.com and tell us what happened.

Changes to this page

We update this when something actually changes. The "last updated" date at the top tracks that. No surprise policy shifts — if we add a new processor or purpose, we will email newsletter subscribers first.