Privacy Policy

Effective: 2026-05-17 · Last updated: 2026-06-15

This policy explains what personal information consalsa.app ("we", "our", "us", "the Site") collects, why we collect it, how long we keep it, who we share it with, and your rights over it. It is written in plain English but addresses the requirements of the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA") and other US state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and similar), as well as the EU and UK GDPR for visitors from those jurisdictions.

consalsa.app is operated by a United States company (Data Sauna LLC), its audience is primarily in the United States, and all personal information is stored and processed in the United States. US federal and state privacy law is therefore our primary framework, and the rights and disclosures below are written with US visitors in mind first. We also extend the core privacy rights to visitors from the EU, the UK, and elsewhere — those provisions are flagged where they apply. If you are outside the United States, by using the Site you understand that your information is transferred to and processed in the US.

This site is designed for adults, not children. The content covers colloquial and sometimes adult Mexican Spanish slang, and the Site is intended for users who are at least 18 years old. See Section 9 for details.

1. Who we are (data controller / business)

consalsa.app is operated by Data Sauna LLC, a single-member limited liability company formed in the State of Wyoming, United States, with a registered office at 30 N Gould St, Ste R, Sheridan, WY 82801, USA. For the purposes of this policy, Data Sauna LLC is the "business" under CCPA/CPRA and the "data controller" under GDPR and UK GDPR. The easiest way to reach us about anything in this policy is to email hola@consalsa.app.

2. Notice at collection: what we collect and why

We try to collect as little as possible. The full inventory, mapped to the CCPA's enumerated categories of personal information:

Newsletter signup

CCPA category: identifiers (email address, IP address) and internet/network activity (signup source page).

Purpose of processing: sending the newsletter you signed up for and preventing abuse of the signup form. Retention: see Section 6. Legal basis for EU / UK visitors (GDPR Art. 6): your consent under Art. 6(1)(a) for sending the newsletter, and our legitimate interest under Art. 6(1)(f) in keeping the signup form free from spam and abuse.

Analytics

CCPA category: internet/network activity (aggregated and not linked to you).

We use Vercel Analytics, which is cookieless and privacy-friendly. It records page views, referrer, country, device type, and browser — but no cookies are set, no localStorage is written, and no personal identifier (IP, user ID) is stored in a way that can be linked back to you. We use this to understand aggregate traffic patterns. Legal basis for EU / UK visitors: legitimate interest under Art. 6(1)(f) GDPR.

Server logs

CCPA category: identifiers (IP), internet activity (URLs, user-agent).

Like any website, our host (Vercel) generates short-lived server logs that include request IP, user-agent, timestamp, and the URL requested. These are used for delivery, performance debugging, and abuse prevention, and are retained according to Vercel's standard log retention. Legal basis for EU / UK visitors: legitimate interest in operating and securing the Site.

"Cookies" notice

The Site does not set tracking cookies. The only client-side storage we use is a small set of values in your browser's localStorage:

None of these contain personal information — they are timestamps or boolean flags. The exit-intent popup logic is gated on the cookie-consent flag, so the cs_* entries are only written after you've dismissed the cookie notice. See our cookie policy for the full breakdown, legal basis, and how to clear them.

3. Sale and sharing of personal information

We do not sell personal information for money or other valuable consideration. We do not share personal information for cross-context behavioral advertising (often shortened to "targeted advertising"). Because we don't sell or share, there is nothing for you to opt out of in those categories — but if you submit a Global Privacy Control (GPC) signal, we treat it as a valid opt-out request consistent with applicable law.

We do not knowingly sell or share the personal information of consumers under 16 (or under any other age that may apply under state law).

4. How we use your information

We do not use your personal information for automated decision- making or profiling that would produce legal or similarly significant effects on you (GDPR Art. 22). We do not process "sensitive personal information" as that term is used under the CPRA.

5. Who we share information with (service providers)

We rely on a small set of vendors ("service providers" under CCPA/CPRA; "processors" under GDPR) that process information on our behalf, under contract. Each only sees what it needs to do its job.

We don't add or change vendors casually. If we do, we'll update this list and the "Last updated" date at the top.

6. International data transfers and retention

Our service providers are based in the United States. When personal information is transferred from the EEA, UK, or Switzerland to the US, we rely on appropriate safeguards under GDPR Art. 46 — typically the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and/or the EU–US Data Privacy Framework where the provider is certified. Each provider's privacy page (linked above) describes the transfer mechanism they offer.

How long we keep things:

7. Your rights

You have rights over the personal information we hold about you. We honor these rights for everyone, regardless of jurisdiction:

To exercise any of these, email hola@consalsa.app from the address subscribed (or otherwise reasonably identify yourself). We aim to respond within 45 days (CCPA/CPRA) or 30 days (GDPR/UK GDPR). You may also designate an authorized agent to make a request on your behalf in accordance with applicable law. You can unsubscribe from the newsletter at any time using the link in any email we send.

8. Right to lodge a complaint

If you believe we've mishandled your personal information, you can lodge a complaint with the relevant authority:

We'd appreciate the chance to address concerns directly first, but you're under no obligation to come to us before contacting an authority.

9. Children

The Site is designed for adults, not children. It is intended for users who are at least 18 years old, and we do not knowingly collect personal information from anyone under 18. The newsletter is not directed at children, and we comply with the Children's Online Privacy Protection Act (COPPA) by not knowingly collecting personal information from children under 13 in the United States, and with applicable digital-consent rules in other jurisdictions. If you believe a minor has provided us with personal information, contact us and we will delete it.

10. Security

Information is transmitted over HTTPS. Newsletter records are stored in our service provider's database (Postgres on Supabase) with access restricted to authenticated server requests. No system is perfectly secure, but we take reasonable steps to protect the small amount of information we hold. If we ever experience a security incident that affects your personal information, we will notify you and any relevant authority where required by law.

11. About AI-assisted content

We use AI tools to draft and research the words, examples, and blog posts on the Site. All content is fact-checked and edited by a human before publication. AI is not used to make decisions about you, to profile you, or to process your personal information — it is used to help write the content you read on the Site.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Effective" and "Last updated" dates at the top, and significant changes will be flagged in the newsletter. Continued use of the Site after changes take effect means you accept the updated policy.

13. Contact

Questions, requests, or complaints? Email hola@consalsa.app, reply to any newsletter email, or reach out via the social links in the footer.