Privacy Policy

Last updated: April 15, 2026

Summary

Product Impact is built to be low-tracking by default. The website is a static site — we do not run advertising networks, we do not set tracking cookies of our own, and we do not sell or share your personal information. The sections below describe exactly what is collected and by whom.

Who operates this site

Product Impact Podcast is operated by Arpy Dragffy. For privacy inquiries, contact [email protected] .

Data we collect

When you read the website

Our pages are served from Cloudflare Pages. Cloudflare automatically logs standard request information — IP address, user agent, page requested, timestamp, and referrer — for security, rate limiting, and performance purposes. This data is retained by Cloudflare according to their privacy policy . We do not receive individual-level analytics from Cloudflare for website reads.

When you subscribe to our newsletter

Our newsletter is hosted on Substack. If you subscribe, Substack collects your email address and any optional profile information you provide. We can see aggregate subscriber counts and individual email open/click rates. Substack's data practices are described in the Substack privacy policy . You can unsubscribe at any time via the link in every email.

When you listen to the podcast

Our podcast is distributed via a third-party hosting provider (e.g. Spotify for Podcasters, Libsyn, or similar) and listened to through platforms like Spotify, Apple Podcasts, and YouTube. Each platform has its own privacy and listening-analytics practices. We receive aggregate listening statistics from our hosting provider — we do not identify individual listeners.

When you email us

If you email an address at productimpactpod.com, we retain the correspondence for as long as reasonably needed to respond and to maintain records of editorial tips, corrections, or partnership inquiries. We do not add your email address to a marketing list unless you explicitly subscribe.

Cookies and local storage

The Product Impact website does not set any first-party analytics or advertising cookies. A minimal set of technical cookies may be set by Cloudflare for security and bot detection purposes — these are not used for advertising or cross-site tracking.

If you click a link that takes you to a third-party site (Substack, Spotify, LinkedIn, YouTube, etc.), that site's own cookie and tracking practices apply.

Third-party services

We rely on the following third-party services to operate:

  • Cloudflare — hosting, DNS, CDN, and bot protection.
  • Supabase — database that stores published article content. Article data served to readers is public. Supabase does not receive your personal data from ordinary site visits.
  • Substack — newsletter delivery and hosting. Substack receives your data only if you subscribe.
  • Podcast platforms — Spotify, Apple Podcasts, YouTube, and our podcast host. These platforms receive data from you only when you actively listen on them.
  • Email providers — if you email us, our email provider processes the message.

What we do not do

  • We do not run display advertising or ad networks.
  • We do not sell, rent, or share your personal information with data brokers.
  • We do not set first-party analytics trackers (no Google Analytics, Plausible, Fathom, or similar cookie-based trackers on the site itself).
  • We do not use cross-site tracking pixels on our pages.
  • We do not fingerprint visitors or build behavioural profiles.

Your rights

Depending on where you live, you may have rights under privacy laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), or similar jurisdictions. These may include the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate personal data;
  • Delete personal data (subject to lawful retention needs);
  • Object to or restrict certain processing;
  • Withdraw consent for optional processing (e.g. newsletter);
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected] . For rights that apply to data held by third-party services (Substack, podcast platforms), those services have their own process — we can point you in the right direction.

Do Not Sell or Share (CCPA): we do not sell or share personal information as those terms are defined under the CCPA.

Retention

We retain data only as long as needed for the purpose it was collected. Email correspondence is retained for editorial records and business operations. Aggregate analytics and server logs are retained per our providers' default retention windows.

Children

Product Impact is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

International transfers

Our infrastructure providers (Cloudflare, Supabase, Substack) operate globally. Your data may be processed in countries other than your own, including the United States. These providers use standard contractual clauses and other lawful transfer mechanisms.

Changes to this policy

We may update this policy as the site evolves. Material changes will be noted at the top of this page with a revised "Last updated" date. Continued use of the site after changes take effect means you accept the updated policy.

Contact

Questions about this policy or our data practices: [email protected]