Skip to main content
lëtzbuzz.lu

Privacy policy

Last updated: June 20, 2026

**LëtzBuzz Privacy Policy** — Last updated: 24 June 2026. This policy explains what personal data is collected on LëtzBuzz (https://letzbuzz.lu), why, on what legal basis, with whom it is shared, how long it is kept, and how you can exercise your rights. We follow a simple principle: transparency and GDPR compliance are our best protection. We never seek to "take away" your rights; on the contrary, we commit to making them easy to exercise.

**Who is responsible for your data (data controller)** — LëtzBuzz is published by Mickaël Barbier, a natural person acting in a personal capacity (there is no company and no registration with the Trade and Companies Register). The data controller within the meaning of the General Data Protection Regulation (GDPR, EU Regulation 2016/679) is therefore Mickaël Barbier. For any question regarding data protection or to exercise your rights, you may contact him at contact@letzbuzz.lu. The applicable law is Luxembourg law, and the competent supervisory authority is the National Commission for Data Protection (CNPD), Luxembourg.

**Our operating principle: embed-only and compliance by design** — LëtzBuzz is a "social-first" media outlet: it comments on and contextualises Luxembourg's trends, viral content and public figures. Social media content is NEVER re-hosted: it is displayed exclusively through the official integration (embed) provided by the platforms themselves (X, Instagram, TikTok, Facebook, etc.). No sensitive topic and no unverified private individual is ever published or relayed automatically. When we use artificial intelligence to draft certain articles, those articles always remain grounded in factual data (data-grounded) and concern non-sensitive topics.

**What data we collect** — Depending on how you use the site, we may process: (1) your email address and a hashed password (never stored in plain text) if you create an account; (2) session cookies to keep you logged in; (3) for creators, the metadata and access tokens of the social media accounts you connect, kept securely on the server side; (4) your name or username and the content of the comments you post; (5) your email address if you subscribe to the newsletter; (6) a consent log (date, scope and proof of your choices regarding trackers and the newsletter); (7) your IP address, processed for security, anti-spam and rate-limiting purposes; (8) audience measurement data (via Umami, only with your consent); (9) data related to advertising display (via Google AdSense, only with your consent).

**Purposes: why we process this data** — We use your data to: create and manage your user account and the creator space; enable the secure connection of your social accounts and, where applicable, the tag-based auto-publishing described below; display and moderate comments; manage the newsletter; handle content submissions ("Propose a buzz"); ensure the security of the site, prevent spam and abuse; measure audience to improve the site; display advertising; and keep proof of your consents. We do not carry out any solely automated decision producing legal effects concerning you, and we never resell your data.

**The creator space, OAuth connection and tag-based auto-publishing** — If you are a creator, you can create an account (via Supabase Auth, with email and password) and connect your social media accounts via the official OAuth protocol (X is live; Instagram, TikTok and Facebook are planned). This connection allows us to store, on the server side, the technical tokens needed to relay your content. The tag-based auto-publishing mechanism works as follows: when you, a connected creator, tag @LetzBuzz or use the hashtag #LetzBuzz, your content MAY be relayed on LëtzBuzz as an official embed, after passing through an automatic safety filter. You remain in control: you can disconnect your accounts at any time, which deletes the associated tokens and ends any future relaying.

**The "Propose a buzz" form** — Anyone can submit a link to a piece of content via the "Propose a buzz" form. On this occasion we only collect the proposed link (and, where applicable, the information you choose to add). No submission is published automatically: every submission is reviewed and moderated manually before any possible featuring, in line with our principle of protecting unverified private individuals and sensitive topics.

**Legal basis for each processing activity (Article 6 GDPR)** — We rely on: (1) your CONSENT (Art. 6(1)(a)) for non-essential trackers — Umami audience measurement and AdSense advertising — as well as for newsletter subscription, collected via double opt-in; (2) PERFORMANCE OF THE CONTRACT (Art. 6(1)(b)) for the creation and management of your account, the creator space and the connection of your social accounts, which constitute the service you ask us to provide; (3) our LEGITIMATE INTEREST (Art. 6(1)(f)) for site security, spam and abuse prevention, rate limiting and comment moderation, an interest we have balanced against your rights and freedoms. You may at any time withdraw a consent (without retroactive effect) or object to processing based on legitimate interest.

**Processors and recipients of your data** — To run the site, we use technical providers (processors within the meaning of Art. 28 GDPR), who act on our instructions: Vercel (site hosting, in the United States, covered by the European Commission's Standard Contractual Clauses); Supabase (database and authentication, hosted in the European Union, in Frankfurt); Resend (email sending, planned); Umami (audience measurement, subject to your consent); and Google (AdSense advertising network, subject to your consent). The social media platforms (X, Instagram, TikTok, Facebook) operate via their official embeds, and their own privacy policies apply to the content you view on them. We neither sell nor rent your data to third parties.

**Data transfers outside the European Union** — Some of our providers, notably Vercel and Google, may process data in the United States. Where a transfer outside the European Economic Area takes place, it is governed by appropriate safeguards within the meaning of Chapter V of the GDPR, in particular the Standard Contractual Clauses adopted by the European Commission, supplemented where necessary by additional technical and organisational measures. Supabase hosts the database within the European Union (Frankfurt). You may request further information about these safeguards at contact@letzbuzz.lu.

**Retention periods** — We keep your data only as long as necessary for the purposes described: account and creator-space data is kept while your account is active, then deleted within a reasonable period (at most 30 days) after its closure; the tokens of connected social accounts are deleted as soon as the relevant account is disconnected; the newsletter email address is kept until you unsubscribe; comments remain published until you request their deletion or moderation removes them; consent logs are kept for as long as needed to demonstrate legal compliance (generally up to 3 years after your last choice); IP addresses processed for anti-spam and security are kept for a short period (generally a few days to a few weeks); Umami audience data is kept on a limited basis. Beyond these periods, data is deleted or anonymised.

**Cookies and trackers: your prior consent** — Cookies and trackers strictly necessary for the site to function (for example the session cookie that keeps you logged in) are placed without consent, as they are essential to the service. By contrast, all non-essential trackers — audience measurement (Umami) and advertising (Google AdSense) — are only activated AFTER your free, informed and specific consent, collected via our in-house Consent Management Platform (CMP) which appears as soon as you arrive. You can accept, refuse or customise your choices, and change or withdraw them at any time, as easily as you gave them. Until you have consented, no advertising or audience-measurement tracker is placed.

**Your rights under the GDPR** — You have the following rights at any time: the right of ACCESS to your data; the right to RECTIFICATION of inaccurate data; the right to ERASURE ("right to be forgotten"); the right to RESTRICTION of processing; the right to PORTABILITY (to receive your data in a structured, reusable format); the right to OBJECT to processing based on legitimate interest; and the right to WITHDRAW your consent at any time, without affecting the lawfulness of processing already carried out. To exercise any of these rights, write to us at contact@letzbuzz.lu; we respond within one month. If you believe your rights are not being respected, you may lodge a complaint with the National Commission for Data Protection (CNPD), 15 boulevard du Jazz, L-4370 Belvaux, Luxembourg (www.cnpd.lu).

**Security of your data** — We implement reasonable technical and organisational measures to protect your data: passwords are hashed and never stored in plain text, the tokens of social accounts are kept securely on the server side, exchanges are encrypted (HTTPS), and access to data is restricted to what is strictly necessary. As no system is infallible, we undertake, in the event of a data breach likely to result in a risk to your rights, to notify the CNPD and, where applicable, the data subjects, in accordance with Articles 33 and 34 of the GDPR.

**Minors (16 and over)** — LëtzBuzz is intended for an audience aged 16 and over. In Luxembourg, the age from which a minor can validly consent to the processing of their data in the context of online services is set at 16. We do not knowingly collect data concerning persons under 16. If you are a parent or guardian and believe that a minor under 16 has provided us with data, please contact us at contact@letzbuzz.lu so that we can delete it.

**Changes to this policy and contact** — We may update this policy to reflect new processing activities (for example the activation of Resend or the connection of Instagram, TikTok and Facebook) or legal developments. Any significant change will be flagged on the site and the "last updated" date will be revised. For any question about your personal data or to exercise your rights, there is a single address: contact@letzbuzz.lu. Data controller: Mickaël Barbier, in a personal capacity, Luxembourg.