← UNTRAPD

Privacy Policy

Last updated: 9 May 2026 · Français →

This policy explains how UNTRAPD handles your personal data when you use hub.untrapd.com, subscribe to our emails, or download our APK directly. It applies to the website, the newsletter, and the contact channel hub.contact@untrapd.com. The FINDERR Android app has its own dedicated policy at /apps/finderr/privacy/.

1. Data Controller

Davis — operating as UNTRAPD

Paris, France

Contact: hub.contact@untrapd.com

UNTRAPD is a solo independent project. Davis is the sole data controller and processes personal data as defined under the EU General Data Protection Regulation (GDPR, Regulation 2016/679).

2. What we collect, why, and on what legal basis

Email subscribers

Direct APK downloaders

Hub website analytics

People who email us

3. Who we share data with (sub-processors)

We use a small number of third-party services to operate. Each is bound by its own GDPR commitments:

We do not share, rent, or sell your personal data to advertisers, data brokers, or third parties for marketing purposes.

4. How long we keep your data

5. Your rights under GDPR

If you are in the EU, EEA, or UK, you have the following rights regarding your personal data. Most can be exercised in seconds; all are free.

To exercise any of these rights, email hub.contact@untrapd.com. We respond within 30 days as required by Article 12(3).

6. Cookies and tracking

The Hub website uses Google Analytics 4 cookies (_ga, _ga_*) for the legitimate-interest analytics purpose described above. We do not use advertising cookies, third-party tracking pixels, or social-network cookies. Email broadcasts contain no tracking pixels — we genuinely cannot tell whether you opened a specific email.

You can disable cookies in your browser settings. The site works without them; only analytics is affected.

7. Security

Email-subscriber records are stored in Supabase with row-level security policies. Outbound emails authenticate via SPF, DKIM, and DMARC. Unsubscribe links are signed with HMAC-SHA256 to prevent tampering. The website is served over HTTPS only.

8. International transfers

Some sub-processors (Netlify, Google) are based in the United States. These transfers are covered by the EU-US Data Privacy Framework or by Standard Contractual Clauses (SCCs) as appropriate. We minimize data sent to non-EU services and use EU regions where available.

9. Children

UNTRAPD's services are not directed at children under 16. We do not knowingly collect data from children. If you believe a child has submitted personal data, contact us and we will delete it.

10. Changes to this policy

If we materially change how we process data, we will update this page (with the new "Last updated" date at the top) and notify active email subscribers in their next regular email. Cosmetic edits won't trigger a notification.