toldyou.to

Privacy & cookies.

Your privacy matters. Here's exactly what we collect, where it lives, and how to control it — in plain English.

Our commitment

toldyou.to is a small, independent app. We process personal data in line with the EU General Data Protection Regulation (GDPR) and Norwegian data protection law. We collect only what we need to run the app, use it responsibly, and keep it secure.

What we collect

We only store personal data when you actively use toldyou.to:

When you create an account

Your email address and a display name.

When you use the app

The households, lists, headings and items you create, and who's in your household.

When you invite someone

The email address you choose to invite, so we can send the invite.

When you visit the site

Anonymous, cookie-free usage analytics by default — no cookies, and nothing that identifies you. If you opt in via the cookie banner, analytics then use cookies, link to your account, and we may record sessions to debug the experience.

Where your data lives

Supabase (database, EU)

Stores your account, households, lists and items. Data is encrypted in transit and protected by row-level security so households can't see each other's data.

Resend (email delivery)

When you invite someone, Resend delivers that invite email. Your data passes through it only during sending.

Vercel (hosting)

Serves the website and app. Standard server logs may briefly record request metadata (e.g. IP) for security and reliability.

PostHog (product analytics, EU)

Powers our product analytics, hosted in the EU. Runs cookie-free and anonymous unless you opt in — only then are events linked to your account and sessions recorded.

Google Analytics (marketing stats)

Aggregate stats for our marketing pages and sign-up funnel. Runs in Google Consent Mode — cookieless and anonymous unless you opt in to analytics cookies.

Your browser's local storage

Remembers your cookie choice and can keep a draft list you start on the homepage before you sign up. This stays on your device.

Cookies & consent

We keep cookies to a minimum. Our default analytics are anonymous and cookie-free, so they need no consent. You're always in control of the rest: turn on full (cookie-based) analytics, keep only the essentials, or change your mind anytime.

TypePurposeConsent
EssentialKeeps you signed in and remembers your cookie choice. Required for the app to work.Always on
FunctionalRemembers a draft list you start before signing up. Stored locally on your device.Always on
Analytics (anonymous)Cookie-free, anonymous usage stats (PostHog + Google Analytics) so we can improve. No cookies, and not linked to you.Always on
Analytics (full)Cookies that link usage to your account and enable session recordings, so we can debug and improve faster.Opt-in

Your rights

Under the GDPR you can:

  • Access the data we hold about you
  • Correct anything inaccurate
  • Delete your data (“right to be forgotten”)
  • Withdraw consent at any time
  • Restrict or object to processing
  • Receive your data in a portable format

You can delete your account or leave a household at any time, which removes your membership and personal data. To exercise any right, email hei@haakonjensen.noand we'll respond within 30 days. You can also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Security

We take appropriate technical and organisational measures to protect your data from loss, misuse, or unauthorised access. Access to the database is controlled and household data is isolated by row-level security.

Changes to this policy

We may update this policy from time to time. If we make significant changes we'll make it clear on the site and re-ask for consent where required.

Contact

Data controller: Mollo

Email: haakon@mollo.no

Last updated: 20 June 2026