What we collect, why, and how to get rid of it.

My Dark Lab is a one-person studio. When you submit the intake form on this site, we collect what you typed plus some basic technical metadata so we can follow up about your project. We don't sell it, share it, or add you to a mailing list. Email Brandon@mydarklab.com and we'll permanently delete your record.

From the intake form, the things you typed:

• Name, business name, email, phone
• Website and social profile URLs (whatever you provided)
• Service interest, budget range, timeline, business stage, business type
• Your written pain-point answer
• Where you're based (if you filled that field in)
• The fact that you ticked the consent box, with a timestamp

Automatically, by visiting or submitting:

• IP address and user-agent (used to triage spam and to log who submitted)
• UTM parameters and referrer (so we know which channel sent you)
• The landing URL you arrived on

We do not set our own tracking cookies. The form uses Cloudflare Turnstile for spam protection — Turnstile sets its own technical cookies and may collect a one-time challenge token. See Cloudflare's privacy policy.

• To respond. Email, phone, and pain point are what we use to write you back.
• To scope and price. Budget, timeline, services, and stage let us draft a proposal that fits your reality instead of guessing.
• To remember. If we talk again in six months, we want context.
• To filter spam. IP, user-agent, and the Turnstile token block automated submissions.

Just the operator — that's Brandon. No team, no contractors, no resale.

The data lives in these third-party services:

• Supabase (Postgres database) — stores the lead record. Hosted in their secure infrastructure with row-level security enabled.
• Vercel (web hosting) — serves this site. Vercel sees the same request metadata your browser sends to any website.
• Resend (email delivery) — sends the new-lead notification email to us so we know to reach back out.
• Anthropic / Claude (optional AI assist) — when we click an in-app button to get a second opinion on a lead, the lead's submitted text is sent to Anthropic's API for analysis. Anthropic does not train on our API data.
• Cloudflare (spam protection) — Turnstile sees that you submitted the form, scores you as human or bot.

None of these vendors are given the data for any purpose other than the one above.

Until you ask us to delete it, or until we decide you're a stale prospect (typically 24 months of no contact). Email Brandon@mydarklab.com at any time to ask for deletion and we'll do it within a few business days.

Depending on where you live, you may have the right to:

• Get a copy of what we have about you
• Correct anything that's wrong
• Have it deleted
• Withdraw consent for future contact

Email Brandon@mydarklab.com with any of these requests. We do it manually, no portal.

Lead records are stored encrypted at rest. Connections to and from the database are encrypted in transit. The admin dashboard is locked behind email magic-link authentication and only specific allowlisted addresses can sign in. The service keys that let our server write to the database never reach the browser.

That said: no system is breach-proof. If a security incident affects your data we'll email you within 72 hours of confirming it.

This site isn't intended for anyone under 16. Don't submit the form if you're a minor.

If we change anything material, we'll update the effective date at the top of this page. For anyone whose record we still hold, we'll email a heads-up before the change takes effect.

Anything privacy-related goes to Brandon@mydarklab.com. We'll reply within a few business days.