Skip to content
SmartasaurusSMARTASAURUS
Join
· Legal

Privacy Policy

Last updated: June 2026

1. Who we are

Smartasaurus is a science-media brand operated as a sole proprietorship registered in Sweden. For privacy matters, contact us at hello@smartasaurus.com. We are the data controller for personal data described below, under the EU General Data Protection Regulation (GDPR).

2. What we collect

  • Newsletter & waitlists: your email address (and optional name) when you sign up.
  • Account data: if you create an account, your email, display name, and avatar (if provided).
  • Reading activity: anonymous page views and on-site interactions (article views, quiz answers, saves) tied to a session ID.
  • Contact messages: the name, email, and message you submit via our contact form.
  • Future purchases: when we sell digital or physical products, our payment provider will process billing data on our behalf.

3. Why we use it (legal basis)

  • Newsletter & waitlists: consent (Art. 6(1)(a) GDPR). You can withdraw any time via the unsubscribe link.
  • Account & purchases: performance of a contract (Art. 6(1)(b)).
  • Analytics & site improvements: legitimate interest (Art. 6(1)(f)) in operating and improving the site, balanced against your privacy.
  • Legal obligations: bookkeeping, tax, and consumer law where applicable (Art. 6(1)(c)).

4. Cookies & analytics

We use privacy-friendly, cookieless analytics (Plausible) that do not track you across sites or build personal profiles. We use strictly-necessary local storage to remember things like your session, saved articles, and quiz progress. We do not use advertising cookies or third-party tracking pixels.

5. Who we share data with

We use a small number of trusted processors, bound by data-processing agreements:

  • Supabase — database, authentication, and file storage.
  • Resend — transactional and newsletter email delivery.
  • ElevenLabs — on-demand article narration (text only, no personal data).
  • Plausible — privacy-friendly site analytics.
  • A payment provider (e.g. Stripe) once paid products launch.

Some processors may be located outside the EU/EEA. Where this is the case, transfers rely on Standard Contractual Clauses or equivalent safeguards.

6. How long we keep it

  • Newsletter subscribers: until you unsubscribe.
  • Waitlist entries: until the product launches or you ask us to delete them.
  • Account data: until you delete your account.
  • Contact messages: up to 24 months, then deleted.
  • Order/billing records: as long as Swedish bookkeeping law requires (currently 7 years).

7. Your rights under GDPR

You have the right to access, correct, delete, restrict, port, and object to processing of your data, and to withdraw consent at any time.

To exercise any of these, email hello@smartasaurus.com. We aim to respond within 30 days.

You may also lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY).

8. Children

Smartasaurus is intended for a general adult audience. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

9. Changes

We may update this policy as the site evolves. Material changes will be announced via the newsletter or a notice on this page.

See also: Terms · Refunds · Contact