Privacy Policy

Last updated: March 13, 2026

1. Who we are

SunsetProof (sunsetproof.com) is an independent publication that tracks SaaS product shutdowns and publishes free migration guides. We are not a registered company — this is an individual project. For privacy matters, contact us at hello@sunsetproof.com.

The site has no user accounts, no paywalls, no newsletter, and no advertising. It exists entirely to help people navigate software shutdowns.

2. What data we collect

We collect no personal data directly. There is no sign-up, no login, no contact form, and no comment system. Visiting the site does not require you to provide any information about yourself.

We use Cloudflare Web Analytics to understand site traffic. This tool is privacy-first by design:

• No cookies used for analytics
• No cross-site tracking or fingerprinting
• Data is aggregated — we see page view counts and top pages, not individual sessions
• IP addresses are not stored or associated with analytics data
• Country-level data only (no city-level)

We also receive standard server log data through Cloudflare's infrastructure (see Third-party services below), which Cloudflare processes to serve pages and protect against abuse. We do not have access to individual-level server logs.

3. Third-party services

SunsetProof uses the following third-party services. Each is governed by its own privacy policy.

All fonts are self-hosted. No requests are made to Google Fonts, Adobe Fonts, or any other external font service.

4. Cookies

We do not set any first-party cookies. We do not use advertising cookies, tracking pixels, or session cookies.

Cloudflare, as our infrastructure provider, may set a cookie (__cf_bm) for bot management purposes. This is a security/infrastructure cookie, not an analytics or advertising cookie. It does not track you across sites. You can block it via your browser settings without affecting your ability to read the site. More information: Cloudflare cookie documentation.

5. Affiliate links

Some pages include affiliate links to third-party software vendors. When you click an affiliate link:

• You are taken to a third-party website (e.g., Monday.com, ClickUp, Survicate)
• That site may set its own cookies or tracking parameters to attribute the referral
• We may earn a commission if you purchase or sign up — but we receive no personal data about you
• Affiliate links are clearly labelled on pages where they appear
• Affiliate relationships do not influence our editorial coverage or migration guide ratings

Each affiliate partner's data practices are governed by their own privacy policy. We recommend reviewing those policies before purchasing.

6. Legal basis for processing (GDPR)

For visitors from the European Economic Area (EEA), the relevant legal basis for any data processing associated with SunsetProof is legitimate interests (Article 6(1)(f) GDPR) — specifically, operating a publicly accessible website and protecting it from abuse.

This applies to infrastructure-level data processed by Cloudflare (IP address, request metadata) to deliver the site and block malicious traffic. We have no interest that overrides your privacy rights, and the data involved is minimal and handled by a reputable processor under Standard Contractual Clauses.

Cloudflare Web Analytics does not constitute personal data processing under GDPR, as it produces only aggregated, anonymised data with no ability to identify individual visitors.

7. Data retention

We do not store personal data ourselves. Data retention policies are determined by our processors:

• Cloudflare infrastructure logs: Retained for a short period per Cloudflare's policies (typically hours to days for raw request data)
• Cloudflare Web Analytics: Aggregated analytics data retained per Cloudflare's retention schedule; no personal data is stored

If you contact us via email, we will retain that correspondence only as long as necessary to respond and resolve any issues. We don't add email addresses to any mailing list.

8. Your rights

Under GDPR, if you are located in the EEA, you have the following rights:

• Access: Request confirmation of whether we hold personal data about you, and a copy of it
• Rectification: Request correction of inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Portability: Receive your data in a structured, machine-readable format
• Complaint: Lodge a complaint with your national supervisory authority (e.g., the German Federal Commissioner for Data Protection and Freedom of Information — bfdi.bund.de — or your local equivalent)

Since we collect no personal data directly, most of these rights apply primarily to Cloudflare's infrastructure processing. To exercise rights related to Cloudflare's processing, you can contact Cloudflare directly via their privacy portal at cloudflare.com/privacypolicy.

For anything related to our own (email-based) records, contact us directly.

9. Contact

For privacy questions, requests, or concerns, contact us at:

Email: hello@sunsetproof.com

We aim to respond to privacy-related enquiries within 30 days.

10. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We may add new third-party services (e.g., if we introduce a newsletter), and we will update this policy to reflect those changes before they go live.

We will not introduce advertising, sell data, or add personal data collection without clearly updating this policy first.

This policy was written for SunsetProof, an independent site. It is not legal advice. If you have compliance questions for your own site, consult a qualified professional.