The Tooth Labs

Privacy

Privacy notes

Last updated: 14 June 2026

The short version

The Tooth Labs is a static editorial site. We do not run Meta Pixel, advertising networks, behavioral retargeting, fingerprinting, or session-replay tools. We run a privacy-light analytics setup to count visits, and we do not sell data. We do not collect data worth selling.

What loads when you visit

  1. The page itself, served as static HTML from our hosting (Argonaut, Frankfurt EU). Your browser sends standard HTTP request headers (IP, user-agent, referrer) to the web server, which writes them to short-retention server access logs used only for diagnostics.
  2. Google Fonts, loaded from fonts.googleapis.com and fonts.gstatic.com. Google sees your IP when fonts load. We use this for the Fraunces and Geist Mono font families.
  3. Google Analytics 4, used to count page views and outbound clicks in aggregate. We do not use it for cross-site advertising audiences. See the section below on what we do not load.

What we do NOT load

  • Meta Pixel, Facebook Connect, any Meta property
  • X / Twitter conversion pixels, TikTok pixel
  • Display ad networks (AdSense, Mediavine, Ezoic, AdThrive, Raptive)
  • Hotjar, FullStory, Mouseflow, LogRocket session-replay
  • Customer.io, Segment, Mixpanel, Amplitude analytics
  • Heatmap or scroll-depth trackers, fingerprinting libraries

Affiliate links

Some product reviews contain affiliate links. When you click one, the destination merchant may set its own cookies and record the referral so any commission can be attributed to us. That is the merchant's processing, governed by their privacy policy, not ours. We do not pass any personal information to merchants; the link simply carries a referral tag. We may earn a commission at no extra cost to you, and it never changes our editorial verdict.

Newsletter

If you subscribe to our newsletter, we collect your email address. The form posts to sendsimple.site/api/public/subscribe, our self-hosted email infrastructure on a Frankfurt EU server. SendSimple stores your email in a PostgreSQL database, sends a confirmation email, and (after you confirm) periodic broadcasts.

The email list is not sold, rented, or shared. There is a one-click unsubscribe link in every email and an RFC 8058 unsubscribe header. Unsubscribing is immediate. If you ask us to delete your record entirely, write to contact and we will purge it.

Cookies

We do not set our own tracking cookies. Google Analytics may set its own first-party measurement identifiers; you can block these in your browser. Our service worker (used for PWA / offline support) is not a tracking mechanism, it is a local cache. You can disable it in your browser's site settings.

Server access logs

Our hosting provider records standard HTTP access logs (IP, request path, status code, user-agent, response time). These are retained for 30 days for diagnostic and abuse-prevention purposes. After 30 days they are rotated out.

GDPR + UK GDPR rights

If you are in the EU/UK, you have the following rights regarding your personal data: access, rectification, erasure ("right to be forgotten"), restriction, portability, objection, and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, write to contact. We respond within 30 days.

Our lawful basis for processing newsletter emails is consent. Our lawful basis for processing server access logs is legitimate interest.

Children

The Tooth Labs is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Changes to this notice

For material changes, we update the "Last updated" date at the top. For substantial changes (for example, adding any new third-party tracker), we notify newsletter subscribers in advance.