Privacy Statement

This is a small site with a newsletter. We don't sell data, we don't run advertising trackers, and we collect the minimum needed to serve pages, keep them secure, and send you the newsletter if you ask for it. The few companies that help us run it are listed in section 04.

Automatically, when you visit

Like every website, our hosting and security providers process basic technical data so pages load and stay protected:

• Your IP address and approximate region
• Browser and device type, and the pages you request
• Date, time, and referring page

This is handled in server logs by GoDaddy (our host) and in security logs by Cloudflare. We don't tie it to your identity. Our legal basis is legitimate interest (GDPR Art. 6(1)(f)) - serving the site, keeping it secure, preventing abuse.

Only when you give it to us

If you subscribe to the newsletter, you provide your email address (and optionally a name). That's the only personal information we deliberately collect, and it's handled by Substack - see section 03.

Our newsletter is published on Substack at combinedcultures.substack.com. Subscriptions are handled entirely on Substack's own site. When you click through to subscribe, your email address is collected and stored by Substack as part of its own service, under Substack's privacy policy. We can see open and click engagement in the Substack dashboard. We use it only to send the newsletter and gauge whether issues are landing - we don't build subscriber profiles, target off-platform advertising, or cross-reference engagement with other sources. Your subscription consent is our legal basis (GDPR Art. 6(1)(a)).

You can unsubscribe at any time using the link in the footer of every email, or by emailing us.

These are our service providers (sub-processors). Each has its own privacy policy governing the data it handles:

We don't share your data with anyone beyond what's needed for these services to function, and we never sell it.

International transfers. Our sub-processors are US-based or operate globally. Personal data we share with them may be transferred outside the EU under their own GDPR safeguards - EU-US Data Privacy Framework participation and/or Standard Contractual Clauses.

We don't use advertising or analytics-tracking cookies.

• Essential security cookies may be set by Cloudflare (e.g. __cf_bm) to tell humans from bots. These are strictly necessary and don't track you across sites.
• No Substack cookies are set on this domain. Subscribing happens entirely on substack.com; cookies that Substack sets only apply there.

Technical logs are retained by our host and Cloudflare for short periods under their own policies. Your newsletter email is kept by Substack until you unsubscribe, after which Substack removes you from the active list.

You can:

• Unsubscribe (withdraw your consent) instantly via the link in any newsletter email, with immediate effect.
• Ask what we hold about you, and ask us to correct or delete it, by emailing [email protected].

KAI HACKS AI operates from the EU (Denmark), so the GDPR applies to how we process your data. Under the GDPR you may ask us to access, correct, delete, restrict, or port your data, and you may lodge a complaint with your local data-protection authority - in Denmark that's Datatilsynet. Visitors from the UK or California may have additional or analogous rights (UK GDPR, CCPA); contact us at the address above to exercise any of them.