Holy infa on top of the city wallpaper

Newsletter Policy

Privacy policy for Holy Infa™ newsletter subscribers — how we handle your data and your rights under GDPR.

Merch Store PolicyNewsletter Policy

Last updated: 15.05.2026

Holy Infa™ ("we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you subscribe to our newsletter or interact with our website.

1. Information We Collect

When you subscribe:

  • Email address (required to send updates).
  • Consent preferences (agreements to receive emails and policy).
  • Technical data: consent timestamp, verification status, and source path.
  • Security data: CAPTCHA responses, honeypot validation.
  • Unsubscribe data: when and how you unsubscribe.

When you browse the site (analytics, opt-out available):

  • A first-party visitor identifier and session identifier stored in cookies on your device (see Section 2).
  • Pages visited, referring page, link clicks, and campaign or UTM parameters from the URL.
  • Approximate country derived from your IP address (using MaxMind GeoIP). Your IP address itself is hashed with a daily-rotating salt before storage — we never keep the raw IP.
  • Browser type, operating system, device class, screen size, and preferred language.

2. Cookies & Tracking Technologies

We use the following cookies and storage on your device. You can review and change your preferences at any time through our cookie banner.

Essential (always on — required for the site to work):

  • cookie_consent — stores your cookie preferences (1 year).

Analytics (loaded only with your consent — opt-out available):

  • _hi_vid — first-party visitor identifier for our own analytics dashboard (1 year). Never shared with third parties.
  • _hi_sid / _hi_sid_t — session identifiers that reset after periods of inactivity.
  • Google Analytics: _ga, _gid, _gat.
  • Session storage keys (_hi_utm, _hi_campaign_code, meta_utm_params) that remember which campaign brought you to the site for the current browsing session.

Marketing (loaded only with your consent):

  • Meta (Facebook) Pixel cookies: fr, _fbp,_fbc.

Opt-out behaviour: If you decline analytics or marketing cookies, we delete the corresponding cookies and session storage on your device. We still record aggregate counts (e.g. how many times a button is clicked) but stop persisting any identifier that would link those counts back to you across sessions.

3. How We Use Your Information

We use your data to:

  • Send newsletters and confirm your subscription.
  • Record your consent for compliance purposes.
  • Let you unsubscribe at any time.
  • Protect our forms against spam, abuse, and bots.
  • Measure how well our music pages, links, and campaigns perform — for example, which song page led to a streaming-platform click or a newsletter signup. This is aggregated marketing analytics for our own use.

We do not sell your information. We do not share your email address with third parties for their own marketing.

4. Visitor Identity Linking

If you subscribe to the newsletter while our analytics cookie is active on your browser, we link your anonymous visitor identifier to your email address in our database so we can understand which campaign or page led to your signup. This linking only happens at the moment you subscribe and is contained to your same browser. You can sever this link at any time by unsubscribing or by emailing us a deletion request.

5. Campaign Tracking Codes

Some of our music links contain a short campaign code (for example /music/her-pheromone/hp01). When you visit a link like that, we remember the code for the duration of your browsing session so we can attribute any subsequent actions (page views, streaming-platform clicks, newsletter signups) to the campaign that brought you in. The code is not personal information — it identifies the campaign, not you.

6. Third-Party Services

We use a small number of well-known services that may receive some of your data:

  • Google reCAPTCHA — protects our subscribe form against bots. Google receives your IP address and browser information during verification.
  • Google Analytics — only if you accept analytics cookies. Provides aggregate visitor statistics.
  • Meta Conversions API — only if you accept marketing cookies and arrived from a Meta (Facebook or Instagram) ad. We send a SHA-256 hash of your email plus your IP and user-agent so Meta can attribute the conversion to its ad campaign. This is the standard Meta CAPI flow.
  • MaxMind GeoIP — used server-side only to convert your IP to a country code for our own analytics. No data is shared back with MaxMind beyond the lookup.
  • IONOS — our email delivery provider for confirmation and newsletter emails.

7. Legal Basis for Processing

  • Consent (GDPR Art. 6(1)(a)) — newsletter subscription, analytics cookies, marketing cookies.
  • Legitimate Interest (GDPR Art. 6(1)(f)) — anti- spam, abuse prevention, aggregate website performance measurement.

8. Your Rights & Opt-Out

You may at any time:

  • Withdraw your cookie consent through the cookie settings on this site. This deletes our analytics and marketing cookies + session storage from your device.
  • Unsubscribe from the newsletter via any email we send you.
  • Request access, correction, or deletion of your data by emailing us.
  • Lodge a complaint with your local data protection authority.

Right to erasure (GDPR Art. 17): You can ask us to delete your personal data by emailing contact@holyinfa.com. We respond to verified requests within 30 days, in line with GDPR Art. 12(3). To prevent abuse, we first confirm the request comes from the email address being erased. Some records (audit logs, invoices kept under German bookkeeping law HGB §257) are anonymised rather than deleted; see our internal erasure runbook for the full scope.

9. Data Retention

  • Newsletter subscribers: for as long as you remain subscribed. After unsubscribe, we keep a minimal record (email + unsubscribe date) to prevent re-contact.
  • Analytics events: up to 90 days. Aggregated daily rollups may be kept longer.
  • IP hashes: tied to a daily-rotating salt, so older hashes become un-correlatable across days.

10. Security

We secure your data with HTTPS encryption, hashed verification tokens, hashed IPs, anti-spam protections, and access controls on our infrastructure.

11. Contact Us

For questions or data requests, email us at contact@holyinfa.com.