Privacy at a glance

This site is built to learn whether a small group of developers find Reality Graph useful — not to track people. Its public pages use no cookies and set no identifiers of any kind, and there is no way to tie two visits, or two events, back to the same person. The one exception is the invite-only private briefing, which uses a single strictly-necessary session cookie to keep your access after you enter an invite key — never for analytics or tracking (see below).

The provider responsible for this website — and for any information you submit through it — is Philip Schenk-Hana. The full provider details are set out in the Impressum.

For any privacy question or request, you can reach the provider at impressum@realitygraph.dev.

• No cookies on the public pages. The invite-only private briefing uses one strictly-necessary session cookie for access control only — never for analytics or tracking.
• No localStorage or sessionStorage identifiers.
• No device or browser fingerprinting.
• No IP addresses are stored.
• No raw user-agent strings.
• No full referrer URLs.
• No third-party tracking scripts, pixels, tag managers, or ad networks.

If aggregate analytics are enabled, the site records a small number of coarse, server-side events — for example a page view, or a click on an early-access / contact link. Each event may contain only:

• The event type and a timestamp.
• The page path (e.g. /).
• The referrer host only (e.g. news.ycombinator.com) — never the full URL.
• A coarse browser family (e.g. “Chrome”, “Safari”) derived on the server — never the raw user agent.
• A two-letter country code, when the hosting platform provides one — derived from request headers, never from a stored IP.
• UTM campaign parameters (utm_source, utm_medium, etc.) if present in the link you arrived from, so we can tell which channels are working.

These events are aggregate signals about the site as a whole. They are not a profile of you, and they are intentionally too coarse to identify anyone. Analytics can also be fully switched off, in which case nothing is recorded at all.

The early-access and contact buttons pass through an internal redirect so a single, anonymous click can be counted and any UTM campaign tags can be carried through to the destination. No cookie or client-side script is involved, and no personal data is added.

If you reach this site through a campaign link and then voluntarily submit a form, we may store the campaign parameters that were already in that link — together with that one request. This helps us understand which channels bring relevant enquiries. It happens only at the moment you submit, never on a normal page view and never across pages.

What may be stored alongside a submission:

• UTM campaign parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) if present in your link.
• A Google Ads click identifier (gclid) if it was in your link — stored only for our own first-party reporting and never uploaded to any advertising network.
• The referrer host only (e.g. news.ycombinator.com) — never the full URL.
• The path of the page you submitted from (e.g. /early-access), with any query string removed.
• The language of the page and which form you used.

This is campaign attribution, not visitor tracking. The site does not create a profile of you. There are no cookies for this, no localStorage or sessionStorage, no fingerprinting, and no third-party analytics. Because nothing follows you between pages, we only ever see the page you submitted from and the referrer host — never your full journey or true entry page. No data is sent to advertising networks for conversion tracking in this version.

The early-access page hosts a first-party form on this site — there is no iframe and no third-party form embed. When you submit it, we receive only what you typed: your name, email, role, the AI coding tools you use, the workflow pain that matters most to you, your intent, and the optional company/project, link, and message fields. We may also keep the cookie-free campaign attribution described above (UTM tags and a gclid from the link you arrived on, plus the referrer host only).

It is used only to evaluate early-access fit and to respond to you. As with the rest of the site, the form sets no cookies, stores no IP address, takes no device fingerprint, and uses no tracking pixels.

Where submissions go depends on how the provider has configured the site. They may be stored in the provider’s own database. If a notification webhook or email provider is configured, a short summary of your submission may be sent to that provider so the site provider is alerted to respond. If instead an external waitlist URL is configured, that provider’s own privacy terms apply and this page would be updated to reflect it before public use.

If you email us directly, we receive whatever you choose to send (such as your email address) and use it only to talk with you about early access.

You can reach us at impressum@realitygraph.dev.

We process the information you submit only for clear, limited reasons:

• To answer a contact or early-access request. When you send the contact or early-access form, we use your details to take the steps you asked for, to reply, and to evaluate early-access fit. We rely on Art. 6(1)(b) GDPR (steps taken at your request) together with our legitimate interest in responding to enquiries (Art. 6(1)(f)).
• To understand the site at an aggregate level. The coarse, cookie-free events described above rest on our legitimate interest (Art. 6(1)(f)) in learning whether the site is useful — kept proportionate by collecting no identifiers and storing no IP address.
• To run the site securely. Operating and protecting the site — hosting and normal server-side request handling — also rests on our legitimate interest (Art. 6(1)(f)).

We do not use your data for advertising, profiling, or automated decision-making, and there is no newsletter.

We keep form submissions only as long as we need them to handle your request and to manage early access — for example, to reply to you and to decide on access. When a submission is no longer needed for that purpose we delete it, unless we are required to keep it longer to meet a legal obligation. You can ask us to delete your data sooner at any time. The aggregate analytics events contain no identifiers and are not linked to you.

The site is hosted on Vercel, which processes requests on the provider’s behalf to serve the pages. When storage is enabled, form submissions are kept in a managed PostgreSQL database used only for this site. If lead notifications are enabled, a short summary of an early-access submission may be sent so the provider is alerted to respond — by email through an email-delivery provider (currently Resend) or to a configured webhook. These providers act as processors and handle only what is described here. Normal hosting may also create short-lived technical logs; these are not used to build a profile of you.

Access to stored submissions is restricted to the provider through a password-protected admin area, and submissions are never shown publicly.

Under the GDPR you can ask us to give you access to the data we hold about you, to correct it, to delete it, to restrict or object to its processing, and to provide it in a portable form. To exercise any of these, email us at impressum@realitygraph.dev.

You also have the right to lodge a complaint with a data-protection supervisory authority — in particular in the EU member state where you live, work, or where you believe an issue occurred.

The site has a separate, invite-only “Private Briefing” area for selected investors, partners, and supporters. It is not a public investment offer, not an offer to sell securities, and not investment advice — anything indicated there is a non-binding indication of interest only.

Access is controlled by an invite key. After a valid key, the site sets a single strictly-necessary session cookie — httpOnly, SameSite=strict — so you stay signed in while you read the briefing. It exists only for access control; it carries no personal data, is not used for analytics or tracking, and there is no third-party cookie involved. Your invite key itself is never stored.

Before the briefing opens, a short Confidential Briefing Acknowledgement records your name, email, the time and version you accepted, and your language — together with a label for the invitation used (never the key itself). If you then submit the optional interest form, we receive what you typed: your name, email, how you describe yourself, an optional non-binding interest range, how you might help, and an optional message.

This is used only to provide access to the private briefing and to follow up on the interest you submit. As with the rest of the site, no payment, bank, or financial-account details are requested or stored, no IP address is stored, and no device fingerprint is taken. You can ask us to delete this data at any time.

Any future paid-marketing or advertising measurement — the kind that relies on cookies or third-party tags — would be a separate, consent-based setup, clearly disclosed and switched on only with your agreement. It is not part of this site today.