Privacy Policy

Olfactory Labs Ltd ("we", "us", "our")

Last updated: 20 May 2026

Who we are

Olfactory Labs Ltd is a company registered in England and Wales (company number 17140736) with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

This policy covers the Olfactory waitlist website. It does not cover future app features that are not available yet. We will update this policy or publish app-specific privacy terms before those features launch.

What we collect

When you sign up to our waitlist, we collect your email address, the form source, source page URL, language preference, marketing email consent choice, the time consent was given, your IP address at the time of consent, confirmation email metadata, unsubscribe or reactivation token metadata, and unsubscribe or bounce status needed to send emails and respect your choices.

We also collect campaign attribution attached to the signup, such as UTM source, medium, and campaign parameters, browser referrer domain, approximate country from Cloudflare request headers, and a pseudonymous waitlist identifier derived from your email address. The waitlist page does not load PostHog in the browser.

Cloudflare Turnstile runs when the waitlist form loads and when you submit it. Cloudflare may process anti-abuse signals such as your IP address, TLS fingerprint, User-Agent header, sitekey, origin, and related browser or network signals. We use Turnstile only to protect the waitlist from spam, automated submissions, and abuse.

Why we collect it

We use your email address to notify you when Olfactory is available to download and to send occasional early access updates. We rely on your consent as our legal basis for marketing email processing under the UK General Data Protection Regulation (UK GDPR).

We use signup attribution and PostHog analytics to understand which channels bring people to the waitlist, measure signup funnels, build launch cohorts, and plan invite or early access segments. We rely on our legitimate interests in understanding and improving the waitlist and launch process for this analytics processing.

We process anti-abuse signals to protect the waitlist from automated or fraudulent submissions, control email delivery cost, and preserve the integrity of consent records. We rely on our legitimate interests in operating a secure and abuse-resistant service for this processing.

How we store it

We do not sell your personal information. We do not share your email address, waitlist status, or consent records with third parties so they can market to you. We use service providers where necessary to operate the waitlist. Cloudflare hosts the site, provides security controls, and provides Turnstile verification. Our API service processes waitlist submissions and stores waitlist records in the application systems used to operate the waitlist. Resend acts as our email delivery provider and data processor. PostHog acts as our analytics provider for waitlist signup events, attribution, cohorts, and funnel analysis.

Where our providers transfer personal data outside the UK, we use appropriate safeguards such as data processing agreements, standard contractual clauses, the UK Addendum, adequacy regulations, or applicable UK-US Data Bridge certifications.

How long we keep it

We keep your active waitlist record until you unsubscribe, ask us to delete it, or the waitlist is no longer active, whichever comes first.

We keep waitlist analytics events and related person properties while they are needed to understand the waitlist and launch funnel. If you ask us to delete your waitlist data, we will also delete or anonymize the related analytics profile where we can identify it.

If you unsubscribe, we keep a suppression record so we can respect that choice and audit consent. That record can include your email address, unsubscribe time, suppression status, consent evidence, source and attribution metadata, pseudonymous waitlist identifier, and unsubscribe token metadata. If an email bounces, the existing waitlist or suppression record can retain those same fields, plus bounce time, bounce type, bounce subtype, and bounce message so we can avoid future sends and diagnose delivery issues. We rely on our legitimate interests in preventing unwanted or undeliverable email for this suppression processing, and keep suppression records while the waitlist email programme operates.

Cookies and local storage

We use local storage to remember your theme and language preference. Cloudflare Turnstile may use cookies or similar technologies that are necessary for security and bot detection. The waitlist page does not load advertising cookies, analytics cookies, or tracking pixels. We send a server-side PostHog analytics event only after you submit the waitlist form. If we add browser analytics cookies or tracking pixels later, we will update this policy and ask for consent where required.

Your rights

Under the UK GDPR, you have the right to:

• Access the personal data we hold about you
• Ask us to correct or delete your data
• Withdraw your consent at any time
• Object to processing of your data
• Request a copy of your data in a portable format
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

How to contact us

If you have any questions about this policy or want to exercise your rights, email us at our contact address.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date.