What I do with your data.
Last updated 8 May 2026
Who's doing the collecting
YipLabs is a sole proprietorship registered in Belgium, run by Hunter Yip. The site at hunteryip.com and yiplabs.com is self-hosted and self-operated — there's no agency or third party between you and me.
Reach me at privacy@yiplabs.com for any data-related question or rights request.
What I collect
When you submit a form
Contact form, project quiz at /start, and newsletter signup all collect what you type — typically your name, email, and project description. The contact form also captures project type and budget when you provide them.
When you browse the site
Two systems run in parallel:
- Plausible Analytics — cookieless, anonymous page-view counting. Doesn't track you across sites or identify you. Hosted in the EU. GDPR-exempt.
- An in-house session counter — only enabled after you accept the cookie banner. Stores an anonymous random ID in a cookie (
yl_sid) for 30 days. Used to connect your conversion (e.g. clicking through to Fiverr) to the page that brought you in. Country is derived from your IP and stored — but the IP itself is never stored.
What I don't collect
- No advertising cookies
- No social-media tracking pixels
- No fingerprinting
- No data sold or shared with marketing partners
- No collection of children's data (the site isn't aimed at under-16s)
Legal basis under GDPR
- Legitimate interest — site reliability, security, abuse prevention, anonymous analytics
- Consent — session-linked tracking, captured via the cookie banner. Withdraw any time by clearing the
yl_cookie_consententry in localStorage or by replying to a confirmation email. - Contract performance — collecting and storing client information needed to deliver work
- Legal obligation — invoices and tax records kept for 7 years per Belgian tax law
Where data lives
- Replit (hosting) — primary deployment. Data center region is auto-selected; ask me to confirm if it matters to your compliance.
- Supabase (database) — EU region by default for this project. Postgres + storage.
- Resend (email delivery) — US-hosted. Email address + subject lines are processed for delivery and retained for 7 days for diagnostics.
- Cloudflare R2 (backups) — encrypted backups kept for 90 days plus monthly snapshots for 1 year.
How long I keep data
- Contact-form messages and project briefs: 5 years (legal record of business contact)
- Anonymous analytics: 14 months
- Session-linked events: 90 days
- Newsletter subscribers: until you unsubscribe
- Invoices and contractual records: 7 years (Belgian tax law)
- Email logs: 7 days
Your rights
Under GDPR you have the right to:
- Access — get a copy of every byte of data I have on you
- Correct — update anything wrong
- Delete — erase your data, subject to my retention obligations for invoices
- Portability — receive your data in a machine-readable format
- Object — ask me to stop processing your data, except where I have a legal obligation
- Withdraw consent — for anything processed under consent (the session-linked tracking)
- Complaint — if I've done you wrong, you can file with the Belgian Data Protection Authority (APD).
To exercise any right, email privacy@yiplabs.com. I reply within 30 days, usually within 1.
Cookies in detail
| Name | Purpose | Lifespan | Basis |
|---|---|---|---|
| yl_admin | Admin login (only for me) | 14 days | Strictly necessary |
| yl_sid | Anonymous session for conversion attribution | 30 days | Consent |
| yl_cookie_consent | Remembers your banner choice | Until cleared | Strictly necessary |
Children
This site is not aimed at children under 16. I don't knowingly collect data from minors. If you believe a minor has submitted a form, email me and I'll delete it.
Changes to this policy
I update this page when something material changes. The last updated date is at the top. Significant changes get an email to anyone with active business with me.
Contact
Privacy questions: privacy@yiplabs.com
Everything else: hunter@yiplabs.com