Privacy policy.

The Archive Pass is run by Leandro Miguel Vasconcelos Antunes, a sole trader (empresário em nome individual) based in Lisbon, Portugal, with tax number (NIF) 275828476. That person is the data controller for the personal data collected through this site, the waitlist, and our support email.

You can reach us at any time at support@thearchivepass.com.

When you join the waitlist, we ask for your name, email address, and city. If you want, you can also give us your Instagram handle, your TikTok handle, and a short note. You also tick a box to confirm we can email you, and we store the exact wording you agreed to so we have a record of your consent.

When you visit, we automatically pick up some technical and marketing data: how you got here (for example the link, campaign, or ad you came from, through UTM tags and the referring page), and a generated event ID that lets us match one signup to one ad click without double-counting. Our analytics and advertising tools also collect usual things like your IP address, device, and how you move through the site.

When paid memberships open, your card details are entered with and handled by Stripe, our payment processor. The Archive Pass never sees or stores your full card number. We keep a record that you are a member (in our database) so the membership works.

We use your name, email, and city to manage the waitlist, email you launch news, answer your support messages, and understand who wants The Archive Pass and from which cities.

We use product analytics (PostHog) to see how people use the site and what needs fixing. When you join the waitlist, we link that event to your email, name, and city, so PostHog holds data that can identify you, not anonymous numbers.

We use the Meta pixel and Meta's Conversions API to measure and improve our ads. This means some events (a page view, and a Lead when you join) are shared with Meta, including a hashed version of your email, both from your browser and server to server. The marketing data we pick up automatically (UTM tags, referrer, event ID) feeds this so we can tell what is working.

We do not make any decision about you by purely automated means, and we do not profile you in a way that has a legal or similarly significant effect.

We do not sell your information. A few trusted companies process it on our behalf so we can run things, and we only share what each one needs to do its job:

Supabase stores the waitlist (and the members table once memberships open) in a Postgres database.

Vercel hosts the site and serves it, so it handles requests and basic server logs.

Stripe processes payments when memberships open, including your card details, which it handles directly.

PostHog runs our product analytics and receives your email, name, and city tied to your activity on the site.

Meta Platforms (Facebook and Instagram) receives advertising events through the Meta pixel and the Conversions API, including a hashed version of your email, to measure our ads. For this advertising, Meta may act with us as a joint controller rather than only as a processor.

Google runs our support inbox (Gmail), so emails you send to support are processed by Google.

We ask each of these companies to protect your data and to use it only for what we ask. If a court or the law requires it, we may also have to share data, and we would only do so where we are legally obliged.

We keep data in the EU where we can. Supabase (our database) and PostHog (analytics) are set to EU regions. Some providers are US-based, so some data is still processed outside the European Economic Area: Meta (advertising), Vercel (hosting and delivery), and Google (our support inbox).

When data goes outside Europe, the law expects a safeguard. These transfers are meant to be covered by mechanisms such as the EU Standard Contractual Clauses or, where available, the EU-US Data Privacy Framework, which we are putting in place with each provider. If you want to know exactly what protects your data with a given provider, email us and we will tell you what we have.

We use cookies and similar storage. Some are essential, like the local storage that remembers your chosen language. Others are not essential: PostHog (analytics) and the Meta pixel (advertising) set cookies or storage to do their job.

Non-essential analytics and advertising only run with your consent. When you first visit, we ask, and nothing non-essential runs until you accept. You can change your mind at any time on our cookies page at /cookies.

We join you to the waitlist and send you launch emails based on your consent, given through the checkbox on the form. PostHog analytics and the Meta pixel and Conversions API also run on your consent, given through the cookie banner. You can withdraw any of these at any time, and that does not affect anything we did lawfully before.

We answer your support messages and prepare to offer you a paid membership based on our legitimate interest in helping you and getting ready to launch, and to take steps before a contract at your request.

Paid memberships and card processing run on the contract between us. Keeping accounting and tax records runs on a legal obligation.

We keep your waitlist details (in Supabase) while The Archive Pass is launching and while you still want to hear from us. If you withdraw consent or ask us to delete them, we remove them, except anything we are legally required to keep.

We keep support emails for as long as we need to handle your request and a reasonable time after.

Once memberships open, accounting and tax records have to be kept for the period Portuguese law requires, which is generally around ten years.

Analytics and advertising data held by PostHog and Meta is kept according to those companies' own retention settings, which we configure to be as short as we reasonably can.

You can ask us to access, correct, export (data portability), restrict, object to, or delete your personal data. If you are on the waitlist, you can also ask us to take you off the list. Where we rely on your consent, you can withdraw it at any time, and withdrawing it does not undo anything we did lawfully before.

To change your cookie and tracking choices, including analytics and the Meta pixel, use our cookies page at /cookies.

Just email support@thearchivepass.com and we will get back to you, normally within 30 days.

If you are in Portugal or the EU and you think we have got something wrong, you have the right to complain to your data protection authority. In Portugal that is the CNPD (Comissão Nacional de Proteção de Dados).

The Archive Pass is meant for adults (18 and over) and is not directed at children. We do not knowingly collect data from children. If you think a child has given us their data, email us and we will delete it.