// privacy policy

What we store. Why. How long.

No legalese, no cookie-theatre. This is a pilot — the data footprint is small and transparent. Here is exactly what happens when you use headless.design.

Data controller

Gustaf Garnow, sole trader. Stockholm, Sweden.
Contact: gustaf.garnow@gmail.com

What we store — and why

url

The URL you paste into /scan or /cold-read. Needed to fetch your public page. Stored in my logs (max 30 days) for debugging and evolving the scan agent.

Your email address if you message me via the direct line or email me directly. Stored in my Gmail and — if it becomes a project — in Linear/Notion.

scan result

The spec/output my backend generates for you. Stored anonymously (URL + result) to improve the scan agent's quality. No personal data in this set.

analytics

Vercel Web Analytics — cookie-free. Counts pageviews, country of origin, device type, and referrer. The IP address is hashed and discarded before any data is stored — no fingerprinting, no cross-visit tracking. See dedicated section below.

None. headless.design sets no cookies. No pop-up. No consent banner. Clean page.

Analytics — Vercel Web Analytics

I use Vercel Web Analytics to count visitors and see which pages are working. It's designed to be GDPR-compliant out of the box:

No cookies. The script sets no cookies and does not read localStorage.
No personal data. The IP address is never forwarded — it's converted directly into a daily hash that can't be traced back to you.
No cross-site tracking. The data stays within Vercel and is not linked to any other websites.
Data captured: page URL, status, referrer, country, device type, browser, OS — all at aggregate level.
Data handling: Vercel Inc. (USA) is the data processor. A DPA is in place with EU standard contractual clauses.

Because no personal data is stored, no cookie consent banner is required under ePrivacy. If you'd still rather not be counted, block the script with any tracking blocker — the site works exactly the same.

Third-party services used

Vercel — hosting + anonymous analytics (EU/US data processing agreements).
Google Fonts — fonts loaded directly from googleapis.com. Standard web request.
Gmail — my email, if you write to me.
Claude / Cursor / Perplexity — AI agents in the scan/cold-read pipeline. Your URL is forwarded to these for analysis. No personal info beyond the URL.

How long data is stored

URLs + scan results: 30 days in logs, then anonymized as training data for the scan agent.
Email + project data: for the duration of the project + 12 months for accounting (Swedish accounting law).
Analytics: aggregated, no personal IDs stored.

Automated decision-making & profiling

The scan/cold-read pipeline uses AI models (Claude, Perplexity, Cursor and others) to read your public URL and suggest changes. This is not automated decision-making under GDPR Art. 22 — every recommendation is reviewed, ranked, and signed off by Gustaf personally before delivery. No decision concerning you is made solely by an algorithm.

You are not profiled. The models read the public page you share — not you. No training data is linked to your identity, no inferences are drawn about your traits or behaviour, and results are never used for targeted advertising or scoring.

Want to know exactly which models ran on your scan or cold-read, or opt your URL out of anonymized training data? email me — I'll reply within one working day.

Your rights under GDPR

Access — you can request a copy of all data I hold about you.
Rectification — ask me to correct inaccurate info.
Erasure — ask me to delete all data about you. Done within 30 days.
Data portability — get your data in a machine-readable format.
Complaint — you can always complain to the Swedish Authority for Privacy Protection (IMY).

Write to gustaf.garnow@gmail.com — I reply personally, within one working day.

On this being a pilot

headless.design is a pilot project. I'm testing format, pricing, and pipeline. The data footprint is intentionally small. If something feels off — email me directly, we'll sort it out.

Contact for data requests:
Gustaf Garnow · gustaf.garnow@gmail.com
Stockholm, Sweden

// last updated: 2026-04-24