· —
GUSTUX— PRIVACY —
Open the Journal → 🔔3
·
Sign out
Apply →
— PRIVACY —

What we know, and what we do with it.

EFFECTIVE MAY 15, 2026 · VERSION 1.2
— THE SHORT VERSION — We collect the data we need to run your account and ship the magazine. We don't sell anything to advertisers. We don't run ad tracking. Your journal, photos, and notes are yours — export and walk at any time. The full text below explains how, in legal-grade English. If anything here surprises you, write to [email protected].

— I — Who we are.

GUSTUX ("we", "us", "the magazine") is a small membership publication operated by GUSTUX LLC. We're the data controller for the information described in this policy.

Our office is in the United States. Our membership is global. We've drafted this policy to align with GDPR, CCPA, and the principles we'd want anyone collecting our data to follow.

— II — What we collect.

When you visit the public site.

Standard server logs (IP address, user agent, page requested, timestamp) kept for 30 days, then deleted. We don't keep these for analytics; we keep them for security and debugging.

When you apply.

Everything you put in the application form: name, email, the prose you write, your travel background. The editors read it; that's the whole point.

When you become a member.

— III — Why we collect it.

The honest list:

We do not collect data to "improve your experience" via behavioural targeting. We don't have behavioural targeting.

— IV — How we store it.

Account data and journal content live on managed databases hosted in the US and EU (depending on where you sign up). Backups are encrypted at rest and rotated every 7 days, kept 30 days, then deleted.

Photos are stored in object storage with the same encryption posture. Photo originals are kept; thumbnails are derived.

Passwords are hashed with bcrypt; we never see the plaintext. Resetting requires email access — we'll never ask for your password.

— V — What we share, and don't.

We do not sell your data. Not to advertisers, not to data brokers, not to "marketing partners," not to anyone.

We use the following sub-processors, each for a specific operational purpose:

Each sub-processor sees only the data needed for its function. None of them are allowed to use it for their own purposes. Contracts include GDPR-standard data processing terms.

If we ever change this list, we'll update this page and email members.

— VI — Cookies and tracking.

We use cookies for two things:

No analytics cookies. No third-party trackers. No pixels. The site loads zero third-party scripts beyond Google Fonts (which we serve over a privacy-conscious domain).

If you've ever wondered why GUSTUX feels fast — this is part of why. There's nothing slowing the page down behind your back.

— VII — Your rights.

Regardless of where you live, you have the following rights with respect to your data:

Use settings inside the app for export and deletion. For anything else, email [email protected] — a real person reads it.

— VIII — Children.

GUSTUX is for adults. We do not knowingly collect data from anyone under 18. If you're a parent and believe your child has signed up, write to us and we'll delete the account.

— IX — International transfers.

If you sign up from outside the US, your data may be transferred to and stored on servers in the US. Where that happens, we rely on Standard Contractual Clauses and the EU-US Data Privacy Framework. You can object to this transfer by emailing us, and we'll discuss alternatives.

— X — Changes to this policy.

We may update this policy from time to time. If we make a material change, we'll email members before it takes effect and post a notice at the top of this page for 30 days. The version number and effective date at the top of this page will always reflect the current state.

— XI — Get in touch.

Privacy questions, concerns, or requests: [email protected]

For everything else: the contact form

Mailing address: GUSTUX LLC, [address forthcoming], United States.