Last updated: 28 May 2026 · This site operates under the EU General Data Protection Regulation (GDPR).
Systems Fail Lab is a free preparedness resource. We offer a 21-question readiness test, a personal kit-list builder, a library of field guides, and a weekly briefing. If you create an account (one-click sign-in by email), we save your assessment results, action checklist and personalised kit list in your private Cabinet so you can come back to them.
Operated by an independent project based in Europe. A registered legal entity will follow before public launch on 19 September 2026.
Privacy contact: privacy@systemsfaillab.com.
(a) Account data — when you sign in via magic-link. Your email address; your saved kit lists, assessment scores, and action-list state. Stored in our own Supabase database.
(b) Telemetry — first-party, server-side. Which step of the assessment or kit builder you reached; how long ago; the answer to our one-line "do you feel more prepared" micro-survey; download events. We do not include personally identifying detail in anonymous-visitor events. Stored in our own Supabase database, never transferred to a third party.
(c) Analytics & advertising — third-party, only with your consent.
Account data: so your kit list and saved progress sync between devices and survive between sessions.
Telemetry: so we know which questions confuse people, which scenarios trigger drop-offs, and whether our content actually helps users feel more prepared. We aggregate; we act on patterns, not individuals.
Analytics & advertising (consent-based): so we know what content brings traffic, which channels work, and where to spend the small marketing budget that supports this site.
Supabase (EU-region data processor — Frankfurt, eu-central-1) — necessary for the site to function. Acts under a Data Processing Agreement.
Google (only if you consent to Analytics or Advertising) — US-based.
Meta (only if you consent to Advertising) — US-based.
MailerLite (newsletter sending provider; data stored in the European Union, ISO 27001 certified, GDPR-compliant). Subscribers consent explicitly via the newsletter signup form; unsubscribe is one-click in every email.
Nobody else. No data brokers, no email-list sales, no resale.
Where data goes to Google or Meta (with your consent), it travels under Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework adequacy decision. You can withdraw consent any time and stop the transfer for future events.
As an EU/EEA resident you have the right to: access a copy of your data, rectify inaccuracies, erase it (Cabinet → "Clear my data" or email us), export it in a portable format, restrict processing, object to legitimate-interest processing, and withdraw consent at any time (cookie banner reopens from the footer link).
To exercise any right, email privacy@systemsfaillab.com. We respond within 30 days at no charge.
You also have the right to lodge a complaint with your national data protection authority. Find yours at edpb.europa.eu.
We use cookies in three explicit categories. You control them in the cookie banner.
| Category | Default | What runs |
|---|---|---|
| Strictly necessary | Always on | Sign-in session, language preference, your saved settings. Legitimate interest under GDPR — the site cannot work without these. |
| Analytics | OFF | Google Analytics 4 — pageviews, sources, devices. |
| Advertising | OFF | Google Ads conversion tag + Meta Pixel. |
Open the banner any time from the link in the footer.
This site is recommended for adults aged 16 and over. We do not knowingly collect data from children under 16. In jurisdictions with a higher digital age of consent, that local age applies and verifiable parental consent is required below it.
Last updated: 28 May 2026. Material changes will require fresh consent — the banner reopens automatically when policy version bumps. For everything else: privacy@systemsfaillab.com.