DRK NYT Labs - Policies

Privacy Policy

How we handle data across drknyt.com, the basement Lab, and .world products. Built for clarity, not legal theater.

Back to the Lab
Scope

This policy covers drknyt.com, the DRK NYT Lab properties, and the .world stack (including experiments and private betas). By using these services or submitting information, you consent to this policy.

Updated: 2025-12-19

Data we collect (minimum viable)

  • Contact details you provide (name/handle, email, company) when you submit a signal, request access, or buy something.
  • Content you share with us: messages, briefs, attachments, and any other context you send to the Lab.
  • Operational telemetry: device/browser basics, timestamps, IP-derived region, and event logs used for abuse prevention and debugging.
  • Payments flow through Stripe. We see receipts and the last 4/card brand; Stripe processes the sensitive card data.

How we use that data

  • To run drknyt.com and .world products, ship updates, and respond to signals you send.
  • To prevent fraud or abuse, keep uptime steady, and investigate bugs across the Lab stack.
  • To improve the experience: measuring anonymized usage patterns to decide what to build next.
  • To satisfy legal, tax, and accounting obligations when we charge for work or products.

Third parties & infrastructure

  • Hosting and deployment: Vercel (and its CDNs) may log requests for reliability and security.
  • Payments: Stripe processes cards and ACH; we never store raw payment credentials on our systems.
  • Communications: email is handled via standard providers; files you send may be stored in encrypted cloud storage.
  • We do not sell personal data. We only share it with vendors acting on our behalf under contractual safeguards.

Storage, retention, deletion

  • We keep account and billing records while you have an active relationship with us and as required by law.
  • Operational logs are retained for a limited window for security, then rotated or anonymized.
  • You can ask us to delete or update your data. Some records (like invoices) must stay for compliance.
  • Backups exist for disaster recovery; removal requests propagate to backups on their normal rotation.

Security & confidentiality

  • Access to production systems is limited to the Lab team on a least-privilege basis.
  • Data in transit is encrypted (HTTPS). Sensitive secrets stay in managed vaults, not in code or tickets.
  • We review vendors for security posture and only grant them scoped access to the data they need.
  • Incidents are investigated promptly; if your data is involved, we will notify you when required.

Your choices

  • Request access, correction, or deletion by emailing the Lab. We respond as quickly as possible.
  • Opt out of non-essential comms; we already avoid spam and only send operational or high-signal updates.
  • Disable cookies in your browser if you prefer; certain features may degrade or stop working.
  • If you represent someone else's data, ensure you have the right to share it before sending it to us.

Children & sensitive data

  • Our products are built for professionals and teams. They are not directed at children under 13.
  • Please do not send health, financial account numbers, or other regulated sensitive data unless explicitly requested for a project.
Questions or data requests

If you want to access, correct, or delete your data - or you have concerns about how we handle privacy - reach out. The same applies if you think someone sent us data they shouldn't have.

Email the LabReturn to drknyt.com