Privacy Policy

Last updated

Effective from

On this page · 5 sections
  1. What HypnoNews is
  2. What we collect and why
  3. Who handles your data
  4. Your rights
  5. Contact and operator

What HypnoNews is

HypnoNews is an independent editorial publication covering hypnotherapy research, written in plain language. This Policy explains how we handle your data when you visit hypnonews.com.

HypnoNews is operated by Lab 106, MB, a limited liability company registered in the Republic of Lithuania. We are the data controller for the personal data we collect through this Website. Full registration and contact details are at the bottom of this page.

For all privacy questions: [email protected].

What we collect and why

We collect the minimum necessary to operate this Website responsibly:

  • One first-party cookie (_hc_aid) — set server-side, HttpOnly, 2-year lifetime, scoped to hypnonews.com. It is an anonymous identifier we use to understand returning visits and protect against abuse. It contains no personal data and is never read by third-party JavaScript.
  • Server access logs — IP address, user agent, request timestamp, referring URL. Used for security, abuse mitigation, and aggregate analytics. Retained for 30 days, then aggregated and stripped of IP.
  • Error reports — when a page errors, our error tracker captures the URL path and browser metadata. It does not capture personal data, form contents, or cookies.
  • Contact data — if you email us, we keep your message for as long as needed to respond and meet our legal record-keeping duties.

Legal bases under the GDPR: legitimate interest (Art. 6(1)(f)) for analytics and security; legal obligation (Art. 6(1)(c)) for tax and accounting record-keeping; consent (Art. 6(1)(a)) for any future newsletter signup or non-essential cookies, recorded explicitly when introduced.

Who handles your data (sub-processors)

The Website runs on infrastructure provided by these third parties, who act as our data processors under signed DPAs. None of them receive personal data beyond what is technically necessary to operate the service:

Sub-processorRoleRegionDPA
Cloudflare, Inc.Hosting, CDN, edge security, DNSGlobal (EU edges preferred)SCC + DPF certified
Functional Software, Inc. (Sentry)Application error trackingUSA (SCC + DPF)sentry.io/legal/dpa/

We do not use third-party advertising networks, behavioural-targeting cookies, or cross-site trackers. We do not sell personal data. We will update this list whenever we add a new sub-processor.

Your rights

If you are in the EU/EEA, you have rights under the GDPR to access your data, correct it, delete it, port it, restrict its processing, object, and withdraw any consent (Art. 12–22). California residents have equivalent rights under the CCPA/CPRA, including the right to know what we collect and to opt out of any future sale (we do not sell).

To exercise any of these rights, email [email protected] with the request. We typically respond within 30 days. You also have the right to lodge a complaint with the relevant supervisory authority (GDPR Art. 77).

We do not knowingly collect data from anyone under 16. If we learn that we have, we will delete it.

Contact and operator

Material changes to this Policy are announced via an updated dateModified at the top of the page. For all privacy requests, write to [email protected].

Lab 106, MB
Registration code: 306577111
VAT: LT100016937410
Išganytojo g. 4-8, LT-01125 Vilnius
Republic of Lithuania

Email: [email protected]