What we do with your email address
The short version: we email you about the Amevola launch, we never sell or share your address, and you can have it deleted whenever you like by replying to any email or writing to us.
Last updated 15 July 2026
The whole thing in one table
| What we collect | Your email address. Nothing else that identifies you. |
| Why | To tell you when Amevola launches, and nothing else. |
| Legal basis | Your consent, given by submitting the form. You can withdraw it at any time. |
| Who else sees it | Nobody. It is not sold, rented, shared or passed to an advertiser. |
| Where it lives | A database we run on Cloudflare, hosted in Western Europe. |
| How long | Until you unsubscribe, or two years after launch if we never actually launch. |
| Cookies | None. Genuinely none, which is why there is no cookie banner to dismiss. |
| Third-party trackers | None. No Google Analytics, no pixels, no external scripts of any kind. |
| Our own counter | We count visits, using a code that is scrambled fresh every day and cannot be traced back to you or linked to yesterday. |
Who is responsible
Amevola is run by Hugo Marinho from Basel, Switzerland. If you want anything on this page actioned, or you just want to ask a question, write to [email protected] and a person will answer you.
What we actually store
When you join the list, we store:
- Your email address. Obviously. It is the only way to email you.
- The date and time you signed up. Submitting the form is how you consent, so this is our record that you did, if we are ever asked to prove it.
- Which form you used and the language of the page, so we know which part of the site is doing its job.
- A two-letter country code that Cloudflare works out from your connection. Country only. We do not store your IP address, and we could not find your town from this if we wanted to.
That is the complete list. We do not store your name, because we did not ask for it. We do not store your IP address. We do not build a profile of you, we do not know what else you looked at, and we do not want to.
The visit counter, in full
We want to know whether anyone is reading this, and roughly how many people that is. So we count. Here is exactly what the counter records:
- Which page was opened, the path only, never the query string.
- Whether you scrolled past halfway and near the end. That is how we learn whether the ingredients list is worth the space it takes.
- Which site sent you, as a bare domain. We record that a search engine or a forum sent you, never which page or which search.
- A two-letter country code, and whether the screen was phone, tablet or desktop sized.
- A scrambled code that lets us count you once instead of four times. It is worth explaining properly, so it has its own section below.
The scrambled code, explained properly
To say "40 people visited today" rather than "there were 140 page views", we need to recognise that four of those views were one person. Most sites do that by putting a cookie on your device that follows you around for a year or two. We do not, and we are not going to.
Instead, each day we generate a long random number, which we call the salt, and keep it for that day only. When you load a page, our server takes that day's salt, your IP address and your browser's user agent, mashes all three together and runs them through a one-way scrambler. What comes out is a short code like a3f9c21b04e7d558. We store that code. We never store your IP address or your user agent anywhere.
Two things make this genuinely different from a cookie:
- It is one-way. The code cannot be turned back into your IP address. It is not encryption, there is no key that reverses it.
- It dies every night. The next day we generate a brand new random salt and delete the old one. Once that salt is gone, that day's codes can never be recreated, not by us and not by anyone who took the database. Your code today and your code tomorrow are unconnectable, even for us. So we can see that 40 people came on Tuesday. We cannot see that you were one of them, and we cannot tell that you came back on Wednesday.
This is the same technique used by privacy-focused analytics tools like Plausible and Fathom. It is also why you have not been asked to accept anything. The law that produces cookie banners is about storing or reading things on your device. We store nothing on your device, so there is nothing to ask you to accept. The counter is our own code on our own domain, and nothing is sent to an analytics company, because there isn't one.
What we give up by doing it this way: our numbers are rougher than a normal analytics tool's, we cannot follow anyone through the site, and we cannot connect a visit to your email address even after you join the list. That is the trade, and we think it is the right one.
What this site does not do
Most sites say something like this and then quietly load nine trackers. So, specifically:
- No cookies. The site sets none, which is also why you were not shown a cookie banner. We would rather not need one than design a prettier way to nag you.
- No third-party analytics. No Google Analytics, no Meta pixel, no heatmaps, no session recording. See the counter above for the one thing we do count, and what it cannot see.
- No third-party fonts. The fonts are served from this domain. Loading them from Google would have sent your IP address to Google on every visit, which a German court has already held unlawful, so we host them ourselves.
- No embedded anything. No YouTube, no chat widget, no social buttons phoning home.
Your browser talks to amevola.com and to nothing else. You can check that in your own developer tools, and we would rather you did than take our word for it.
Where your data sits, and who processes it
The site and the mailing list run on Cloudflare, which is our only processor. The database is provisioned in Cloudflare's Western Europe region. Cloudflare operates a global network, so a request may be routed through infrastructure outside Switzerland or the EU, and Cloudflare offers standard contractual clauses covering that. If and when we start actually sending emails, we will use an email provider, we will name it on this page before we send anything, and we will not pick one that treats your address as its own asset.
Your rights
Under the Swiss Federal Act on Data Protection, and under the GDPR if you are in the EU or the UK, you can ask us to:
- Show you what we hold about you. For almost everyone that will be one email address and a timestamp.
- Correct it if it is wrong.
- Delete it. No reason needed, no retention pitch, no "are you sure?" three times.
- Withdraw consent at any point. Every email we send will have a working one-click unsubscribe, and unsubscribing deletes you rather than moving you to a quieter list.
- Complain to the Swiss Federal Data Protection and Information Commissioner, or to your national supervisory authority in the EU or UK.
Email [email protected]. We will do it, and we will not make you fill in a form to get it done.
Changes to this page
If we change how any of this works, we will update the date at the top. If the change is one that actually affects you, we will email the list rather than hope you re-read a policy page.