Privacy Policy
Effective Date: May 10, 2026 · Last Updated: May 10, 2026
01 Introduction
Baumhaus AI (“we,” “us,” or “our”) operates baumhausai.com, a personal portfolio site that also publishes the AI Builder Signal weekly email newsletter and hosts the Signal & Noise AI build-idea generator. This Privacy Policy explains what information is collected when you visit the site, what we do with it, and your choices regarding it.
Short version: The only personal information we collect is your email address — and only if you subscribe to the newsletter. We do not run analytics, ad tracking, or third-party scripts. We do not sell or share data. The Signal & Noise generator runs entirely in your browser and sends nothing back to us.
02 Information We Collect
Information you provide directly
- Email address — newsletter subscription only. If you sign up for AI Builder Signal, we store your email address in our database (Supabase) so we can send you the weekly digest. No other personal information is requested or stored.
Information collected automatically
- IP address — rate limiting only. When you submit the subscription form or click an unsubscribe link, your IP address is held in the serverless function’s memory for up to 15 minutes to prevent abuse (no more than 5 requests per IP per 15-minute window). It is not written to any database and is discarded when the function instance restarts.
- Standard server access logs. Our hosting provider (Vercel) records standard request logs — IP address, timestamp, requested URL, user-agent, response code — for operational and security purposes. These logs are retained according to Vercel’s policies (see the table below).
Information we do not collect
- We do not use cookies for analytics or advertising.
- We do not run third-party analytics scripts (no Google Analytics, no pixels, no fingerprinting).
- We do not collect names, billing information, or any data beyond what is described above.
- The Signal & Noise generator runs entirely client-side in your browser and never sends your inputs or generated outputs to any server.
03 How We Use Your Information
- Email address: solely to deliver the weekly AI Builder Signal newsletter and, if needed, to honor an unsubscribe request.
- IP address (rate limiting): to prevent automated abuse of the subscribe and unsubscribe endpoints.
- Server access logs: to debug errors, investigate abuse, and maintain operational health of the site.
We do not use any of this information for advertising, profiling, behavioral targeting, or any other secondary purpose.
04 Third-Party Services
The site relies on the following third-party providers. Each has its own privacy policy.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Vercel | Site hosting, edge delivery, and serverless function execution. Receives all HTTP requests. | vercel.com/legal/privacy-policy |
| Supabase | Stores newsletter subscriber email addresses. | supabase.com/privacy |
| Brevo | Sends the weekly AI Builder Signal email digest. | brevo.com/legal/privacypolicy |
No third-party analytics, advertising, or tracking services are integrated into the site. The Signal & Noise generator makes no third-party requests at all.
05 Data Storage and Security
Newsletter subscriber emails are stored in Supabase with row-level security (RLS) enabled, restricting database access to scoped, anonymous keys with the minimum permissions required (insert a new subscriber, mark a subscriber as inactive via a one-time unsubscribe token). Connections between the site, Supabase, and Brevo use HTTPS.
No method of electronic storage or transmission is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.
06 Data Retention
- Email addresses: retained until you unsubscribe. Unsubscribed records are marked inactive and removed from the active sending list immediately. We may retain a record of the unsubscribe to honor your preference.
- Rate-limit IP records: held in serverless-function memory for at most 15 minutes; not persisted to disk or any database.
- Vercel server access logs: retained per Vercel’s standard log retention.
07 How to Unsubscribe or Delete Your Data
- Unsubscribe: every newsletter email contains an unsubscribe link with a unique, single-use token. Clicking it marks your subscription inactive immediately.
- Full deletion: if you would like your record fully deleted (rather than marked inactive), contact us via the address in Section 11 and we will remove it.
08 Children’s Privacy
The site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided their email through our subscription form, please contact us and we will delete the record promptly.
09 Your Rights (GDPR / CCPA)
Depending on where you live, you may have rights under applicable privacy laws (including the EU General Data Protection Regulation and the California Consumer Privacy Act) regarding your personal data, including the right to:
- Access — request a copy of the data we hold about you (effectively just your email and subscription status).
- Correction — request correction of inaccurate data.
- Deletion — request deletion of your record.
- Objection / Restriction — object to or restrict processing.
- Portability — receive your data in a portable format.
To exercise any of these rights, contact us using the information in Section 11. We do not sell personal information and do not share it with third parties for cross-context behavioral advertising.
10 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.
11 Contact Us
For privacy questions, deletion requests, or any other concerns related to your data, contact us at brian@baumhausai.com.