Privacy Policy

Last Updated: January 7, 2026

Effective Date: January 7, 2026

Introduction

Welcome! We care about your privacy as much as we care about love.

This Privacy Policy explains how 100 Reasons (“we,” “us,” or “our”) collects, uses, and protects your information when you visit our website and get early access to our pre-launch updates. We’re committed to transparency and protecting your data rights under the General Data Protection Regulation (GDPR) and other privacy laws.

If you have any questions about this policy, please contact us at [email protected].

Table of Contents

  1. Who We Are
  2. What Data We Collect
  3. Why We Collect Your Data
  4. How We Use Your Data
  5. Third-Party Services
  6. Your Data Rights
  7. Data Retention
  8. Data Security
  9. Cookies and Tracking
  10. International Data Transfers
  11. Children’s Privacy
  12. Changes to This Policy
  13. Contact Us

Who We Are

Data Controller: 100 Reasons

Contact Email: [email protected]

Purpose: We’re building a platform for couples to share daily reasons why they love each other. This policy covers both our website (100reasons.love) and our early access program for people who want to be notified when we launch.

What Data We Collect

When you get early access, we collect:

Information You Provide:

  • Email Address - So we can notify you when we launch
  • Consent Confirmation - That you agreed to receive updates

Information We Collect Automatically:

  • Consent Timestamp - When you got early access
  • Form URL - Which page you signed up from
  • Source Tag - Identifies you as an early access member (“pre-launch-early-access”)
  • Referrer URL - Where you came from (optional, helps us understand how you found us)

Information from Email Verification:

  • Confirmation Status - Whether you clicked the confirmation link in your email
  • Confirmation Timestamp - When you confirmed your subscription

We do NOT collect:

  • Passwords (early access doesn’t require accounts)
  • Payment information (early access is free)
  • Relationship data (that’s only in the app after launch)
  • Browsing history or cookies

Why We Collect Your Data

We collect your email address and related information for these specific purposes:

  1. To notify you when 100 Reasons launches (Primary Purpose)

    • Legal Basis: Consent (you explicitly opted in via checkbox)

  2. To send occasional updates before launch (2-4 emails maximum)

    • Examples: Behind-the-scenes development updates, sneak peeks, launch countdown
    • Legal Basis: Consent + Legitimate Interest (you expressed interest by joining)

  3. To measure interest in our product (How many people are excited?)

    • Legal Basis: Legitimate Interest (helps us plan capacity and marketing)

  4. To prevent fraud and abuse (Ensure real signups)

    • Legal Basis: Legitimate Interest (protects service integrity)

We will NEVER:

  • Sell your email to third parties
  • Rent your email to marketers
  • Use your email for purposes other than launch notifications
  • Send spam or excessive emails

How We Use Your Data

Your email address is used exclusively to:

  1. Send a confirmation email asking you to verify your email address (double opt-in)
  2. Send a welcome email once you confirm (explains what to expect)
  3. Send 2-4 milestone emails before launch (optional updates about progress)
  4. Send the launch notification when 100 Reasons goes live
  5. Track whether you opened or clicked emails (for measuring engagement only)

After launch, if you create an account with the same email address, we may:

  • Mark you as an “early supporter” in our database
  • Send a thank-you recognition (optional, one-time)

Third-Party Services

We use trusted third-party services to operate our early access program. Your data is shared with:

Buttondown (Email Service Provider)

What they do: Store your email, send confirmation and notification emails

What data they receive: Email address, consent metadata, confirmation status

Why we use them: They handle email delivery, double opt-in confirmation, and unsubscribe management

Their privacy policy: https://buttondown.email/legal/privacy

Data location: United States (Buttondown is GDPR-compliant)

Cloudflare Pages (Website Hosting)

What they do: Host our landing page where you signed up

What data they receive: Minimal access logs (IP addresses, page views) stored temporarily for performance and security

Why we use them: Fast, secure, global content delivery

Their privacy policy: https://www.cloudflare.com/privacy/

Data location: Global edge network (GDPR-compliant)

Future Services (Not Yet Active)

We plan to add analytics (Google Analytics or similar) after launch to understand user behavior. If we do:

  • We’ll update this policy BEFORE implementing
  • We’ll notify you via email
  • You’ll have the option to opt out

Your Data Rights

Under GDPR and other privacy laws, you have these rights:

Right to Access (Article 15)

You can request a copy of all data we hold about you.

How to exercise: Email [email protected] with subject “Data Access Request”

Response time: Within 30 days

Cost: Free (first request per year)

Right to Rectification (Article 16)

You can correct inaccurate or outdated information.

How to exercise: Email us with the correction, or update your email by unsubscribing and re-subscribing

Right to Erasure - “Right to be Forgotten” (Article 17)

You can request deletion of your data at any time.

How to exercise:

  • Easy way: Click “Unsubscribe” in any email we send
  • Manual way: Email [email protected] with subject “Delete My Data”

What happens: Your email is removed from our list within 7 days. Buttondown may retain a hash of your email to prevent re-subscription (GDPR permits this for legitimate interests).

Right to Restrict Processing (Article 18)

You can ask us to temporarily stop processing your data.

For our simple service: Since the only processing we do is sending emails, the practical way to restrict processing is to unsubscribe. You can re-subscribe anytime (requires email confirmation again).

How to exercise: Click “Unsubscribe” in any email, or email [email protected]

Right to Data Portability (Article 20)

You can request your data in a machine-readable format (JSON or CSV).

How to exercise: Email [email protected] with subject “Data Export Request”

What you’ll receive: JSON file with your email, signup date, confirmation status, consent metadata

Right to Object (Article 21)

You can object to us processing your data for marketing purposes.

How to exercise: Click “Unsubscribe” in any email, or email us

What happens: Immediate removal from all marketing communications

You can withdraw consent at any time (this doesn’t affect the lawfulness of processing before withdrawal).

How to exercise: Click “Unsubscribe” in any email

Right to Lodge a Complaint

If you’re unhappy with how we handle your data, you can complain to your data protection authority.

EU users: Contact your national Data Protection Authority

  • UK: Information Commissioner’s Office (ICO)
  • Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
  • France: Commission Nationale de l’Informatique et des Libertés (CNIL)
  • Full list

To exercise any of these rights, email: [email protected]

Data Retention

We keep your data only as long as necessary:

While You Have Early Access:

  • Duration: From signup until launch + 30 days
  • Reason: To send launch notification and follow-up

After Launch:

  • If you create an account: Data transferred to app database (separate privacy policy applies)
  • If you don’t create an account: Deleted 30 days after launch
  • If you unsubscribe: Deleted within 7 days (Buttondown may retain email hash to prevent re-subscription)

Backups:

  • Backups are encrypted and automatically deleted after 30 days

Data Security

We take security seriously:

  • Encryption in Transit: All data sent between you and our services uses HTTPS/TLS encryption
  • Encryption at Rest: Buttondown encrypts stored data
  • Access Control: Only authorized personnel can access email lists
  • No Passwords: Early access doesn’t require passwords (reduces risk)
  • Third-Party Security: We only use GDPR-compliant, SOC 2 certified providers (Buttondown, Cloudflare)
  • Breach Notification: If a data breach occurs, we’ll notify you within 72 hours as required by GDPR

Cookies and Tracking

Good news: We currently do NOT use cookies or tracking pixels on our landing page.

What We Don’t Do:

  • ❌ No Google Analytics (deferred to app launch)
  • ❌ No Facebook Pixel
  • ❌ No advertising cookies
  • ❌ No cross-site tracking

What Buttondown Does:

  • Buttondown may use a tracking pixel in emails to measure open rates
  • You can disable email tracking in your email client (most email clients block tracking by default now)

Future Changes:

If we add analytics before launch, we’ll:

  1. Update this policy
  2. Email you about the change
  3. Implement cookie consent banner if required
  4. Give you option to opt out

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence:

  • Buttondown: Servers in the United States
  • Cloudflare: Global edge network (data processed at nearest location to you)

GDPR Compliance: We ensure all international transfers comply with GDPR through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where available
  • Third-party GDPR compliance certifications

Children’s Privacy

100 Reasons is intended for adults (18+). We do not knowingly collect data from children under 16.

If we discover we’ve collected data from a child under 16, we’ll delete it immediately.

If you’re a parent and believe your child provided us data, contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy as we develop 100 Reasons.

How we’ll notify you:

  • Update “Last Updated” date at the top
  • If changes are significant, we’ll email you
  • Continued use of early access after changes means you accept the new policy

Major changes we anticipate:

  • Adding analytics tracking (GA4 or similar)
  • Expanding data collection when the app launches
  • Adding payment processing (for paid subscriptions post-launch)

Contact Us

Questions, concerns, or data rights requests?

Email: [email protected]

Subject Lines:

  • Data Access Request
  • Data Export Request
  • Delete My Data
  • Privacy Policy Question

Response Time: We aim to respond within 2 business days (GDPR requires 30 days maximum).

Thank you for trusting us with your email. We’re building something special, and we can’t wait to share it with you.

More than 100 reasons to love,

The 100 Reasons Team

This Privacy Policy applies to the pre-launch website and early access program. A separate, more comprehensive privacy policy will apply to the 100 Reasons app after launch.