Privacy policy
Last updated: 17 July 2026
This policy explains what we do with personal data. We are the controller for that data under the GDPR. We have tried to write it in plain language rather than legalese.
The short version
You can read this entire website without giving us anything and without being followed around. We count how many people read which stories, using a cookieless tool that cannot identify you and never tracks you across other websites. We run no advertising trackers, we sell nothing, and we build no profiles of readers. If you give us your email address for the newsletter, we use it to send you the newsletter and nothing else.
What we collect
If you just read: nothing that identifies you. Two things happen. Our host processes standard server logs (IP address, browser type, page requested) to deliver pages and keep the site up — necessary for the service to work at all. And we count page views using Vercel Web Analytics, which sets no cookies, stores no personal data, and does not follow you to other sites. We use it to learn which stories readers actually find useful. We cannot tell who you are from it, and neither can Vercel.
If you subscribe to the newsletter: your email address, the date you asked, and the date you confirmed. That is all we ask for. We use double opt-in: after you enter your address we email you a link, and you are only subscribed once you click it. Until then we hold the address as an unconfirmed request and delete it automatically after 24 hours if you never click. That click is how we can prove the consent was really yours.
If you email us: whatever is in your email, so we can reply.
Why we are allowed to
For serving the website: our legitimate interest in operating it securely. For the newsletter: your consent, which you give by subscribing and can withdraw at any time. For replying to you: our legitimate interest in answering your message.
Cookies
We set no advertising or tracking cookies, and our analytics are deliberately cookieless for that reason. The only thing we may store in your browser is your own cookie preference, so we do not ask twice — that one is strictly necessary and does not require consent under ePrivacy rules. If we ever add anything that does use tracking cookies, it will be off until you say yes.
Who else sees your data
Only the suppliers who make the site work: Vercel (hosting and cookieless analytics), Upstash (the database holding newsletter addresses, hosted in Frankfurt so subscriber emails stay inside the EU), Cloudflare (our domain, and forwarding mail sent to us), and Resend (sending the confirmation and the brief). They act on our instructions under a data-processing agreement. Some are outside the EU; where that is the case we rely on the EU Standard Contractual Clauses or an adequacy decision. We do not sell or rent your data to anyone, ever.
How long we keep it
Newsletter addresses: until you unsubscribe, then we delete them. Unconfirmed signup requests: 24 hours, then they delete themselves automatically. Emails to us: as long as needed to deal with your query. Server logs: a short period, then they are rotated away.
Your rights
You can ask us for a copy of your data, ask us to correct or delete it, object to how we use it, or ask for it in portable form. Email info@instantwhy.com and we will action it. Every newsletter carries a one-click unsubscribe. If you think we have mishandled your data you can complain to the Dutch DPA (Autoriteit Persoonsgegevens), or the authority where you live.
People we write about
This policy covers you as a reader. Personal data that appears inside our journalism (the names of executives, regulators and companies in the news) is handled under our editorial standards and the journalistic exemption in Dutch data protection law — accuracy, fairness, and fast correction.
Contact
InstantWhy — info@instantwhy.com