Skip to main content

Privacy Policy

Last updated: April 10, 2026

1. Who we are

Dembrandt (dembrandt.com) is an open-source CLI tool and website for extracting design tokens from websites.

2. What data we collect

We collect minimal data:

  • Email address — if you subscribe to our newsletter via the form on this site. Stored and processed by EmailOctopus.
  • Usage analytics — anonymized page views and interactions, collected via Google Analytics only after you give explicit consent. IP addresses are anonymized and no cross-site tracking is performed (client_storage: none).
  • Technical data — standard server logs (IP address, browser, referrer) retained briefly by our hosting provider Vercel for security and debugging purposes.

We do not collect names, payment information, or any sensitive personal data.

3. Legal basis for processing

  • Newsletter — consent (you opted in).
  • Analytics — consent (you accepted cookies).
  • Server logs — legitimate interest (security, uptime).

4. Third-party processors

We use the following sub-processors:

  • Vercel — hosting (USA, EU data transfer covered by DPA)
  • EmailOctopus — newsletter delivery (UK, GDPR compliant)
  • Google Analytics — anonymized analytics, consent-gated (USA, EU data transfer covered by Google's DPA)

5. Cookies

We only set analytics cookies after you give consent via the cookie banner. You can withdraw consent at any time by clicking the cookie settings link in the footer, which clears stored consent and stops analytics from loading.

The newsletter form may load a reCAPTCHA widget from Google to prevent spam. This may set cookies from Google. See Google's Privacy Policy for details.

6. Data retention

  • Newsletter email — kept until you unsubscribe. Every email contains an unsubscribe link.
  • Analytics data — retained for 14 months in Google Analytics, then automatically deleted.
  • Server logs — retained by Vercel per their data retention policy (typically 30 days).

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent at any time
  • Object to processing or request restriction
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, open an issue at github.com/dembrandt/dembrandt/issues. We will respond within 30 days.

8. Children

This service is not directed at children under 16. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this policy occasionally. Material changes will be communicated via the newsletter or a notice on this page. The date at the top of this page reflects the most recent update.

10. Contact

Questions about this policy: github.com/dembrandt/dembrandt/issues