Skip to main content

Privacy Policy

Last updated: June 3, 2026

Hobby Ledger isn't live yet. This pre-launch site collects two things: waitlist signups and messages sent through the contact form. The sections below spell out what we collect, why, and how we handle it. As we launch the catalog, accounts, portfolio tracking, and billing, this policy will grow to cover each one, and we'll re-date the page every time it changes. We won't quietly broaden what we collect.

Overview

Hobby Ledger is the trade name of Collector Technologies, LLC, a Colorado limited liability company ("we," "our," or "us"). This Privacy Policy explains how we collect, use, and protect information when you use our website and services. We limit data collection to what is necessary to operate the service.

Information We Collect

We collect only what the site needs to operate. Today that means:

  • What you submit on a form. For the waitlist, that's your email address, the personas and priorities you choose, and any optional notes you add. For the contact form, that's your name, email, and message. Anything optional is clearly marked as optional.
  • Basic technical information sent with your submission. Standard details your browser provides (such as user-agent and locale), referral information, and a one-way hash of your IP address that we use to prevent abuse. We do not store your raw IP address, and the hashes for different forms are computed separately so they cannot be linked to each other.

We also record the timestamps needed to run the service — for example, when you signed up, confirmed, or unsubscribed, and when you sent us a message.

We do not use third-party advertising trackers, and we do not sell or share this data with anyone outside the service providers described below.

How We Use Your Information

  • To run the waitlist and let you know when Hobby Ledger launches.
  • To read and respond to messages you send us, and to email you a receipt confirming we received yours.
  • To prioritize what we build first, based on the personas and priorities you share.
  • To keep the forms secure and prevent abuse.

We never sell your personal information to third parties, and we do not run behavioral advertising, ad-network pixels, or social tracking on this site.

Cookies

Pre-launch, we run cookieless by default. We set no analytics, advertising, social, or session-tracking cookies. The browser SDK for our analytics provider never initializes on this site, and the error-monitoring SDK we use for crash reporting is configured to set no tracking cookies (no session replay, no performance tracing).

The single cookie we may set is hl-waitlist-status, written only after you successfully submit the waitlist form. It stores the value signed-up so we can render the right state on later visits without re-querying the database. It is HttpOnly (your browser does not expose it to JavaScript), SameSite=Lax, and expires after one year. Under ePrivacy Art. 5(3), this cookie is "strictly necessary" for the service you requested and does not require consent — but we disclose it here so you know it exists.

When we launch the catalog, accounts, and analytics at general launch, this section will grow to cover each new cookie, and we will add a consent banner with granular controls (essential, functional, analytics, marketing). We will not quietly broaden what we set.

Service Providers

To run the site we rely on a small number of service providers — for hosting and infrastructure, database storage, transactional email, error monitoring, and network security and bot protection. Each receives only the data it needs for its role, and each is bound by its own privacy and security obligations.

Some providers process your raw IP address momentarily at the network layer to route and protect requests; we do not store it. We scrub identifiers like email and IP address from our error reports before they leave our systems, keeping only the technical context we need to debug.

We do not currently use a behavioral analytics provider on this site. When we add one at launch, we will disclose it and ship a consent banner at the same time.

International Data Transfers

We process data in the United States. If you are located outside the United States, your personal data is transferred to and processed in the U.S. Where your local data protection law requires a specific legal basis for that transfer (for example, if you are in the European Economic Area, the United Kingdom, or Switzerland), we rely on Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. By using the site, you acknowledge this transfer.

Data Retention

We keep your information only as long as we need it for the purpose you gave it to us. A waitlist signup or a contact message is kept for up to twenty-four (24) months, then deleted. Aggregated counts that do not identify you (for example, "how many vintage-collector signups by month") may be retained beyond this period for reporting purposes. Where the law requires us to retain something — for example, tax or fraud records — we keep it for that period and no longer.

Your Rights

You have the right to access, correct, port, or delete your personal data, and (for EU/EEA, UK, and Swiss residents) the right to object to processing or to lodge a complaint with your local supervisory authority. To exercise any of these rights, email us at privacy@hobbyledger.com.

How we verify you are the data subject. For unauthenticated requests (which today means every request, because we have no accounts yet), we reply to the email address on file with a one-time confirmation link. Clicking the link confirms you control the email and authorizes us to act on the request. Once accounts launch, authenticated requests are confirmed in-app by re-authenticating.

Response timeline. We acknowledge requests within five (5) business days of receipt and respond within thirty (30) days. Complex requests may take up to an additional sixty (60) days; we will tell you within the initial thirty if we need the extension and why.

Exceptions. We may decline or delay a deletion request when applicable law requires us to retain the data — for example, in connection with active or anticipated litigation, regulatory record-keeping (such as tax records), or an ongoing fraud or security investigation. We will tell you specifically which exception applies and how long the retention is expected to continue.

Children

Our forms are not directed to children. You must be at least 13 years old to use them (16 in the European Economic Area, the United Kingdom, or Switzerland, unless a parent or legal guardian has consented). We do not knowingly collect data from anyone below the applicable age, and we will promptly delete any such data that we discover, whether reported to us or detected through our own monitoring. To report a suspected submission by a minor, email privacy@hobbyledger.com.

Contact

For questions about this policy, email privacy@hobbyledger.com.