Privacy Policy
Privacy Policy
Last updated: June 2026
The protection of your personal data is of paramount importance to us. We process your data exclusively on the basis of applicable legal provisions, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), and the Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG). In this Privacy Policy, we inform you pursuant to Art. 13 and 14 GDPR about the key aspects of data processing in connection with our website harbingertribune.com.
1. Controller
The controller within the meaning of Art. 4 No. 7 GDPR is:
Harbinger Bros. LLC
1309 Coffeen Avenue, Sheridan, WY 82801, United States
Email: support@harbingerpressmedia.com
Contact form: /contact
Although the controller is based outside the European Union (in the United States), the GDPR applies to this website as the offering is directed at persons in the EU (Art. 3 para. 2 GDPR).
2. Data Protection Officer
Due to the limited scale of data processing and the nature of this offering, there is no statutory obligation to appoint a Data Protection Officer pursuant to Art. 37 GDPR. For all data protection enquiries, please contact the controller directly at the address stated above.
3. Principles of Data Processing
We process personal data in strict accordance with the principles set out in Art. 5 GDPR:
- Lawfulness, fairness, and transparency: Personal data is processed only on a clear legal basis, and data subjects are transparently informed.
- Purpose limitation: Data is collected only for specified, explicit, and legitimate purposes and is not processed in a manner incompatible with those purposes.
- Data minimisation: We collect only the data that is actually necessary for the respective purpose.
- Accuracy: We take reasonable steps to ensure that inaccurate personal data is corrected or erased without delay.
- Storage limitation: Data is not retained for longer than necessary for the processing purpose.
- Integrity and confidentiality: We implement appropriate technical and organisational measures (TOMs) to protect your data against unauthorised processing, loss, or destruction.
- Accountability: The controller is able to demonstrate compliance with the foregoing principles.
We use a single, cookie-less, anonymous analytics tool to measure aggregate visitor numbers (see Section 8 below); beyond that, we do not create user profiles, do not integrate advertising networks, and do not use social media plugins that transmit data automatically. Data processing on this website is therefore kept to a minimum.
4. Data Processing When Visiting Our Website (Server Logs)
When you access our website, your browser automatically transmits technical connection data to the server of our hosting provider. This transmission is technically mandatory to display the website to you.
Categories of data processed:
- IP address of the requesting device
- Date and exact time of the request
- URL of the requested page and referring URL (if any)
- Volume of data transmitted
- HTTP status code (e.g. 200 OK, 404 Not Found)
- Browser type and version (user agent string)
- Operating system and device type
Purpose: This data is processed solely for the secure and stable operation of the website, detection and defence against cyberattacks (e.g. DDoS attacks), error diagnosis, and ensuring the technical functionality of the offering. No personal evaluation or disclosure to third parties for other purposes takes place.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest). The legitimate interest consists in the necessity of maintaining technical operation and protecting against misuse.
Hosting provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR is in place with Vercel, obligating Vercel to process personal data solely according to our instructions and to implement appropriate security measures.
Third-country transfer: As Vercel is based in the USA, server data is transferred to a third country. The transfer is based on EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 para. 2 lit. c GDPR (Implementing Decision (EU) 2021/914) and within the framework of the EU-US Data Privacy Framework (Adequacy Decision of the European Commission of 10 July 2023, (EU) 2023/1795). Further information: Vercel Privacy Policy.
Retention period: Server logs are typically retained by Vercel for up to 30 days and then automatically deleted, unless specific security incidents or legal requirements necessitate longer retention.
5. Database (Editorial Content)
Editorial content such as articles, categories, countries, and metadata is stored in a relational database with our database service provider.
Database provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992. A Data Processing Agreement is in place with Supabase. Supabase uses Standard Contractual Clauses for international data transfers. Further information: Supabase Privacy Policy.
Visitor data: Only editorial content is stored in this database, with one exception: if you use the contact form, your name, email address, and message are stored here too — see the Contact Form section below.
Image Delivery
Article images may be hosted on and served directly from Unsplash (Unsplash Inc., Montreal, QC, Canada). When your browser loads an image from Unsplash servers, Unsplash may receive your IP address and standard browser request headers as part of the HTTP connection. We have no control over Unsplash’s data processing. Unsplash’s privacy policy: unsplash.com/privacy
6. Fonts (Self-Hosted)
For the typographic presentation of our website, we use fonts stored exclusively on our own servers and delivered from there. No connections are established to external font services such as Google Fonts, Adobe Fonts, Typekit, or similar services. When loading our pages, your IP address is therefore not transmitted to third parties via font requests.
7. Local Storage – Cookie Consent Storage
When you visit our website, a single entry is stored in your browser's local storage:
| Name | Technology | Provider | Content | Purpose | Legal Basis | Retention |
|---|---|---|---|---|---|---|
hpm_cookie_consent |
Browser Local Storage | First-Party (own operation) | JSON object: consent status and timestamp | Storing your cookie consent decision | § 25 para. 2 No. 2 TDDDG; Art. 6 para. 1 lit. c GDPR in conjunction with Art. 7 para. 1 GDPR | Until manually deleted by the user |
Technical explanation: Local Storage is a browser area in which websites can store data locally on your device without this data being automatically transmitted to the server with every page request (unlike traditional HTTP cookies). The hpm_cookie_consent entry remains exclusively in your browser and is never transmitted to our servers or third parties.
Deletion: You can delete this entry at any time via your browser's developer tools. Navigate to: Developer Tools (F12) → Application → Storage → Local Storage → harbingertribune.com → delete hpm_cookie_consent.
8. Anonymous Web Analytics and Other Tracking Technologies
We use Vercel Web Analytics, a cookie-less, anonymous analytics service provided by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA), to measure aggregate visitor numbers. It collects only aggregated, non-personal metrics (e.g. page views, referrers, approximate country-level location), sets no cookies, does not permanently store IP addresses, and does not re-identify visitors across sessions. Legal basis: our legitimate interest in understanding website usage (Art. 6(1)(f) GDPR); no consent is required as no information is stored on or read from your device (§ 25 TDDDG / Art. 5(3) ePrivacy Directive). More information: Vercel Web Analytics privacy documentation.
Beyond this single tool, we do not use any of the following:
We expressly do not use any of the following on this website:
- Other web analytics services: No Google Analytics, no Google Tag Manager, no Matomo/Piwik, no Plausible, no Fathom, no Simple Analytics, or comparable cookie-based or profiling services
- Advertising networks: No Google AdSense, no Google Ads conversion tracking, no Facebook Ads, no programmatic advertising of any kind
- Social media plugins: No embedded social media buttons or widgets that automatically transmit data to social networks
- Tracking pixels: No Facebook Pixel, no Google Remarketing Tag, no Pinterest Tag, no TikTok Pixel
- Session replay tools: No Hotjar, no Mouseflow, no FullStory, no Microsoft Clarity
- Browser fingerprinting: No technologies for cross-device user identification without cookies
- Cross-site tracking: No mechanisms to track your behaviour across multiple websites
9. Third-Country Transfers at a Glance
| Recipient | Country | Transfer Basis | Data Processed |
|---|---|---|---|
| Vercel Inc. | USA | SCCs (Art. 46 para. 2 lit. c GDPR) + EU-US DPF (Decision (EU) 2023/1795) | Server log data |
| Supabase Inc. | Singapore | SCCs (Art. 46 para. 2 lit. c GDPR) | Editorial content (no visitor data) |
10. Technical Security Measures
We implement technical and organisational measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons:
- Encrypted data transmission via TLS/HTTPS (currently TLS 1.3)
- HSTS (HTTP Strict Transport Security) to prevent downgrade attacks
- Regular security updates to deployed software and dependencies
- Access restrictions to production systems based on the least-privilege principle
- Encrypted database connections
11. Minors
This offering is not specifically directed at children under 16. We do not knowingly collect personal data from minors. Should we become aware of unintentional collection of data from minors, we will delete such data immediately.
12. Your Rights as a Data Subject
12.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you is being processed by us, and if so, access to that data and the information specified in Art. 15 GDPR.
12.2 Right to Rectification (Art. 16 GDPR)
You have the right to demand immediate rectification of inaccurate personal data concerning you and completion of incomplete data.
12.3 Right to Erasure (Art. 17 GDPR – "Right to be Forgotten")
You have the right to demand immediate erasure of personal data concerning you, provided one of the grounds in Art. 17 para. 1 GDPR applies and processing is not based on an exception under Art. 17 para. 3 GDPR.
12.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to demand restriction of processing of your personal data when one of the conditions in Art. 18 para. 1 lit. a–d GDPR is met.
12.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller, provided processing is based on consent or a contract.
12.6 Right to Object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you that is based on Art. 6 para. 1 lit. e or f GDPR.
12.7 Right to Withdraw Consent (Art. 7 para. 3 GDPR)
Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
12.8 Exercising Your Rights
To exercise your rights, please contact: support@harbingerpressmedia.com. We will respond within one month as required by Art. 12 para. 3 GDPR.
13. Right to Lodge a Complaint (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. You may contact the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement.
14. Additional Notices for Other Jurisdictions and Data Breaches
14.1 United Kingdom (UK GDPR)
The rights described in Section 12 apply equally to visitors in the United Kingdom under the UK GDPR and the Data Protection Act 2018. The supervisory authority is the Information Commissioner's Office (ICO).
14.2 California, USA (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”) grants you the following rights: the right to know what personal information we have collected about you, its sources, and the purpose of collection; the right to delete personal information we have collected from you, subject to certain exceptions; the right to correct inaccurate personal information; and the right to non-discrimination for exercising your rights. We do not sell or share your personal information, so no opt-out mechanism is required. We do not collect sensitive personal information as defined under the CPRA. To submit a request, email support@harbingerpressmedia.com with the subject line “California Privacy Request.” We respond within 45 days, with a possible 45-day extension where reasonably necessary. Categories of personal information collected in the preceding 12 months: internet or electronic network activity information (server log data including IP addresses and browser identifiers). We have not sold or shared any personal information.
14.3 Canada (PIPEDA)
Visitors from Canada have rights under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial legislation, including the right to access your personal information held by us and to challenge its accuracy. To exercise these rights, contact support@harbingerpressmedia.com.
14.4 Australia (Privacy Act 1988)
If you are located in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) apply to our processing of your personal information. You have the right to access and seek correction of your personal information, and to lodge a complaint about a potential breach of the APPs. Complaints may be directed to us at support@harbingerpressmedia.com and, if unresolved, to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
14.5 India (DPDP Act 2023)
If you are located in India, the Digital Personal Data Protection Act, 2023 (“DPDP Act”) applies to our processing of your personal data. As a Data Principal, you have the right to obtain a summary of the personal data we process about you, the right to correction and erasure of your personal data, and the right to grievance redressal. To exercise these rights or raise a grievance, contact support@harbingerpressmedia.com. Unresolved grievances may be escalated to the Data Protection Board of India.
14.6 South Korea (PIPA)
If you are located in South Korea, the Personal Information Protection Act (“PIPA”) applies to our processing of your personal information. You have the right to access, correct, delete, and suspend the processing of your personal information. To exercise these rights, contact support@harbingerpressmedia.com. Complaints may also be directed to the Personal Information Protection Commission (PIPC) of the Republic of Korea.
14.7 Notification of Personal Data Breaches (Art. 33–34 GDPR)
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it (Art. 33 GDPR). Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Art. 34 GDPR), describing the nature of the breach and the measures taken or proposed.
15. Automated Decision-Making and Profiling (Art. 22 GDPR)
We do not use automated decision-making processes including profiling pursuant to Art. 22 GDPR. No decisions are made that are based solely on automated processing and that produce legal effects or similarly significantly affect you.
16. Journalistic Media Privilege
As a journalistic-editorial offering, Harbinger Tribune invokes the exemptions in data protection law provided for journalistic purposes (media privilege, Art. 85 GDPR), insofar as this is necessary for journalistic work and the protection of sources.
17. Contact Form
If you use the contact form at /contact, we collect and store your name, email address, and message content in our application database in order to respond to your inquiry. This data is stored via our database provider, Supabase Inc., and is accessible only to authorised personnel who handle correspondence. Legal basis: Art. 6(1)(b) GDPR (necessary to respond to your request) or, where no contractual relationship is established, Art. 6(1)(f) GDPR (legitimate interest in handling incoming communications). We retain contact form submissions for as long as necessary to address your inquiry and for a reasonable period thereafter for documentation purposes, typically no longer than 12 months, unless a longer retention period is required by law. You may request earlier deletion of your message at any time by contacting us.
18. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in legal requirements or our services. The date of the last update is shown at the top of this document.