Legal
Privacy Policy
Last updated: Jun 08, 2026
1. Who is the controller
The controller of your personal data is IT Busters Marcin Rybak, Chrobrego 12, 38-400 Krosno, Poland (NIP PL6842342603, REGON 368728920), operating the HeadFlash service at headflash.news. Contact: [email protected].
2. What we process, why, and on what legal basis
Newsletter (email). When you subscribe we process your email address and the niches you chose. To operate and measure the newsletter we also count delivery and engagement (total sends, opens and clicks) in aggregate and anonymously — these counts are not linked to you as an individual, and we do not profile your reading. Purpose: to send the daily newsletter you requested and to understand, in aggregate, how it performs. Legal basis: your consent (Art. 6(1)(a) GDPR), confirmed by double opt-in; you can withdraw it at any time via the unsubscribe link in every email or by emailing [email protected] — withdrawal does not affect processing carried out before it.
Podcast. When you stream or download an episode, our podcast host and analytics provider receive technical request data (e.g. IP address, user agent) used to produce aggregated download statistics. Legal basis: our legitimate interest (Art. 6(1)(f)) in understanding audience size.
Website. Our hosting/CDN provider (Cloudflare) processes standard server log data (IP address, request metadata) to deliver the site and keep it secure, and we use Cloudflare Web Analytics — a cookieless measurement tool that produces aggregated visit statistics without cookies, fingerprinting or cross-site tracking. Legal basis: legitimate interest (Art. 6(1)(f)) in operating, securing and understanding the audience of the site. The site stores a single theme preference locally in your browser (light/dark) — this contains no personal data; see the Cookie Policy.
We do not use third-party ad networks, behavioural or cross-site tracking, and we do not sell personal data. The newsletter may include clearly-labelled sponsored items — these are part of the email content and do not involve tracking or profiling you.
3. Recipients / processors
We rely on the following providers, who process data on our behalf under data-processing terms:
- Amazon Web Services (Amazon SES) — email delivery, configured in the EU (Frankfurt,
eu-central-1) region, so message data is processed in the EU. - Cloudflare, Inc. — website hosting, CDN, security and cookieless web analytics.
- Hetzner Online GmbH — the EU-based server hosting our newsletter system (Sendy) and its subscriber database.
- Transistor, Inc. — podcast hosting and statistics.
- [OP3.dev] — open podcast download analytics (if enabled).
Our newsletter system (Sendy) runs on our own server at Hetzner; the subscriber database is controlled by us.
4. International transfers
Your newsletter data stays in the EU: the Sendy server is hosted at Hetzner (EU) and email is delivered via Amazon SES in the EU (Frankfurt) region. Amazon’s parent company is in the USA and may, for limited support purposes, rely on the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework. Some other providers (Cloudflare; the podcast host/analytics) are US-based and rely on the same safeguards for any transfer outside the EEA. You may request a copy of the safeguards.
5. Retention
- Newsletter data: until you unsubscribe / withdraw consent, then deleted or anonymised without undue delay.
- Server logs and aggregated statistics: kept for a limited period for security and analytics, then deleted or anonymised.
6. Your rights
You have the right to: access your data, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw consent at any time. To exercise any right, email [email protected]. You also have the right to lodge a complaint with the Polish supervisory authority — Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw.
7. Is providing data required?
Providing your email is voluntary but necessary to receive the newsletter — without it we cannot deliver it. There is no automated decision-making or profiling that produces legal effects.
8. Changes
We may update this policy; the “last updated” date above reflects the current version. Material changes affecting subscribers will be communicated by email where appropriate.