Skip to main content
Hidden Hour ← Back to the guide

Privacy

Last updated: 2026-06-03

The short version: we don't track you, we don't sell anything to anyone, and you can browse the whole site without giving us anything. Accounts are optional and only useful for a couple of specific things (see below). Here's the longer version.

The basics

Hidden Hour is a static city guide. No sponsored listings, no display ads, no required accounts. You can browse every part of the site without giving us anything except a page view. If you choose to sign in — to sync favorites across devices, or to submit a report tied to your account — we use a magic-link flow with no passwords; details below.

How we count visits

We use Umami to count how many people visit the site and which pages get used. Umami doesn't use cookies, doesn't store IP addresses, and doesn't share data across sites. We only see aggregate numbers — never anything tied to one person.

Email signups

If you sign up for emails — from the footer prompt, the homepage form, or the "Unlock Vibe Filters" prompt — your email address is sent to Kit (formerly ConvertKit), which we use to send the occasional update. Their privacy policy is here. You can unsubscribe with one click from any email we send.

What lives in your browser

When you favorite a venue or open a detail panel, the site saves that to your browser's local storage so it can remember next time. That data never leaves your device. Clear it any time by clearing site data in your browser settings.

If you install Hidden Hour to your home screen, or just visit on a modern browser, a service worker caches site assets and data on your device for offline access; cached data older than 30 days is discarded automatically. Clear site data to remove. None of it is sent to us — it's all local, and it's what lets the guide keep working when you're offline.

If you sign in (optional)

The guide works fully without an account, and we never gate browsing behind a login. If you choose to sign in, we use a magic-link flow: enter your email, we send a one-time sign-in link, you click it, and you're signed in. No passwords.

Auth + storage runs on Supabase. The first time you sign in, two records are created on our database:

Sessions live in your browser's local storage (no cookies). Sign out from the chip in the top right and the session is cleared. If you don't return for about a week, the session expires and you'll click another magic link to re-sign-in. We never ask you to click a sign-in link on every visit.

Magic-link emails are sent via Resend from noreply@hiddenhour.guide. Resend processes the message and discards the content per their privacy policy; we don't retain the inbox anywhere.

What we don't do

Reporting outdated info

If you spot stale prices, schedules, or a closure, the "Info outdated?" button on any venue's detail panel — and the inline "Spotted a change?" link on venues that haven't been verified recently — opens a short form (what changed, optional details, your email). Submissions go to a private form processor (Netlify Forms). The only people who see them are us, and we use the report to update the listing or follow up on edge cases. We never publish reports.

The form also offers an optional "Also subscribe me to occasional Hidden Hour updates" checkbox. It is off by default. Leaving it unchecked means your email is used only for the report itself; checking it adds you to our newsletter via Kit (ConvertKit) and you can unsubscribe with one click from any email. Either way, the report goes through.

Report data is retained until we've acted on it plus roughly 30 days for follow-up, then deleted from the Netlify Forms inbox. Newsletter subscribers (consent path only) are retained until unsubscribe per Kit's standard retention.

Your rights

Delete browser-stored data any time via your browser's site-data settings. Unsubscribe from emails using the unsubscribe link in any email we send. To request deletion of your account or email-list data, write to hello@hiddenhour.guide. Account-deletion calls the delete_user_pii function on our database — it removes your email from profiles_pii and deletes the operational profiles row. We process within 30 days of request.

If this page changes

We update the "Last updated" date at the top whenever we change anything substantive. We don't email about minor edits.