Last updated: 26 June 2026 · Policy version 2026-06-26

Privacy Policy

This is the privacy policy for mr.technology (“we”, “us”, “our”). It explains what data we collect when you use mr.technology, why we collect it, who we share it with, and the choices you have. We’ve written it in plain language on purpose.

1. What we collect

We collect the minimum data needed to operate the service. In practice that breaks down into:

  • Account data — if you create an account or subscribe, we store your email address and a hashed password (handled by our auth layer; we never store plaintext passwords).
  • Payment data — subscription payments are processed by Stripe. We receive your Stripe customer id, subscription status, and billing email. We never see or store your card number; Stripe handles PCI compliance on their side.
  • Newsletter data — if you sign up for our newsletter, we store your email address and the signup timestamp.
  • Usage analytics — if you grant analytics consent, we use Google Analytics 4 (property id G-78KFYZMJJZ) to collect pseudonymous events: pages visited, referrer, device class, country (derived from IP, not stored), and approximate city. No personally identifying data is sent unless you are signed in, in which case we attach your user id for retention analysis.
  • Advertising data — if you grant advertising consent, Google AdSense (publisher id ca-pub-7220906769296288) sets cookies and may use your prior visit data to personalize ads. AdSense uses cookies for frequency capping, fraud detection, and ad selection.
  • Server logs — our hosting provider records IP address, user agent, and requested URL in nginx access logs. Logs are retained for 30 days and used only for debugging, abuse mitigation, and aggregate traffic analysis.

2. Cookies and similar technologies

We use a small number of cookies and localStorage entries. They fall into three buckets:

  • Strictly necessary — session, CSRF, and security tokens. Always on.
  • Analytics — Google Analytics 4 cookies (_ga, _ga_*) set only after you consent.
  • Advertising — Google AdSense cookies set only after you consent. Includes __gads, __gpi, and IDEs for personalization and frequency capping.

You can change your consent choices at any time from the in the footer.

3. How we use your data

  • To operate and secure the service (auth, payments, abuse prevention).
  • To send transactional emails (subscription receipts, security alerts).
  • To send newsletter emails only if you opted in. Every email has an unsubscribe link.
  • To measure aggregate traffic and improve the product (analytics data, only if you consented).
  • To show ads via Google AdSense on free-tier pages (advertising data, only if you consented).

We do not sell personal data. We do not rent it either.

4. Who we share data with

We share the minimum necessary with the following processors:

  • Stripe Inc. — payment processing. See stripe.com/privacy.
  • Google LLC — Analytics and AdSense. See policies.google.com/privacy. Google may transfer data to the United States under Standard Contractual Clauses.
  • Hosting provider — our VPS and CDN providers process request data (IP, user agent) for content delivery and DDoS protection.
  • Email service — we use a transactional email provider to deliver account and newsletter emails. They receive your email address and message content.

We do not share data with ad networks beyond Google AdSense, and only when you consent. We do not sell, rent, or trade personal data to data brokers.

5. Data retention

  • Account and subscription data — while your account is active, plus 90 days after deletion.
  • Server logs — 30 days.
  • Newsletter list — until you unsubscribe.
  • Analytics data — 14 months (GA4 default), after which it is auto-deleted by Google.
  • AdSense cookies — set per Google’s published retention (typically 13 months).

6. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — fix inaccurate data.
  • Deletion — ask us to delete your account and associated data.
  • Portability — receive your data in a machine-readable format.
  • Object / restrict — opt out of analytics or advertising processing.
  • Withdraw consent — change your cookie choices at any time via the footer.

To exercise any of these, email privacy@mr.technology. We respond within 30 days. EU/UK residents also have the right to lodge a complaint with their local data protection authority.

7. International transfers

We are operated from the European Union. Some of our processors (Stripe, Google, hosting) may process data in the United States or other jurisdictions. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms for these transfers.

8. Security

We use industry-standard measures: HTTPS everywhere, hashed passwords, CSRF protection on state-changing requests, Stripe’s hosted payment fields (we never touch card numbers), and least-privilege access for any internal tooling. No system is 100% secure, but we work to keep yours safe.

9. Children

mr.technology is not directed at children under 16, and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.

10. Changes to this policy

When we make material changes we bump the policy version (shown at the top of this page) and surface a notice via the consent banner the next time you visit. Continued use after a change indicates acceptance of the updated policy.

11. Contact

Questions, complaints, or data requests: privacy@mr.technology.