Privacy Policy.

Effective: 27 April 2026 Plain English where possible Legal English where unavoidable

This page explains what data Frustrated.io collects when you visit, who we share it with, and what rights you have over it. We have tried to write it in English a human can read. Where we have failed, the law made us do it.

Frustrated.io is operated from the United Kingdom. The site is intended for a global audience and complies with UK GDPR, EU GDPR, the California Consumer Privacy Act (CCPA/CPRA), and applicable U.S. federal law. If you are reading this from somewhere we have not specifically named, the same rights probably apply to you anyway. We have tried not to treat anyone differently based on geography.

1. The Short Version

We do not collect personal data directly. We use Google Analytics 4 to count how many people visit the site and which pages are most popular, and Google AdSense to serve a single ad slot per page. Both are owned by Google and both place cookies on your device, which is why a cookie banner appears on your first visit.

You can reject those cookies at any time. The site continues to work either way. We do not run any other tracking, fingerprinting, or third-party data collection. We do not have a database of your data because we have not built one.

2. Who Operates Frustrated.io

The data controller for the purposes of UK and EU GDPR is the operator of frustrated.io, based in the United Kingdom. For all privacy questions, requests, and complaints, contact us at [email protected]. We answer everything that comes in. We answer some things faster than others.

3. What Data We Collect

3.1 Data You Provide Directly

Almost none. Frustrated.io has no user accounts, no signups, no required forms. The only places you can submit information voluntarily are:

The Suggest page (a Google Form). If you submit a suggestion you may optionally include your first name and email. We use these only to credit you on a built experience or to ask follow-up questions about your suggestion. The form is hosted by Google; their privacy policy applies to the submission itself.
Direct emails to us at [email protected]. We retain these for as long as it takes to respond and a reasonable period afterward in case you reply. We do not add email addresses to mailing lists, marketing databases, or any kind of contact list.

3.2 Data Collected Automatically

When you visit any page on the site, the following is collected by the third-party services we use:

Service	Purpose	Data Collected	Cookie Required
Google Analytics 4	Counting site traffic, identifying popular pages	IP address (truncated), device type, browser, country, pages visited, time on page, referrer	Yes (with consent)
Google AdSense	Serving the single ad slot per page	IP address, device type, browser, prior ad interactions, broad interest categories for personalised ads	Yes (with consent)
Cloudflare (if used)	Hosting, content delivery, DDoS protection	IP address, browser fingerprint for bot detection (transient)	No (essential)
Google Fonts	Loading the site's display fonts	IP address (loaded once per session)	No (essential)

That is the complete list. We do not run pixel-tracking from social networks, customer-data platforms, retargeting networks, session-replay tools, or any other category of analytics or marketing technology beyond what appears in the table above.

4. Why We Collect It (Legal Bases)

Under UK and EU GDPR, every piece of personal data must have a documented legal basis. Ours are:

Consent (Article 6(1)(a)) — for Google Analytics and Google AdSense. The cookie banner is the consent mechanism. You can withdraw consent at any time via the Cookies link in the site footer.
Legitimate interest (Article 6(1)(f)) — for essential hosting, content delivery, font loading, and security. The legitimate interest is keeping the site online and the bots off it. The impact on your privacy is low. You can object via the contact email below.
Performance of a service (Article 6(1)(b)) — for emails you send to us at [email protected], where you have asked us to do something and we need your contact details to do it.

5. Cookies and Similar Technologies

The cookies set by Frustrated.io fall into three categories:

Category	Examples	Set By	Consent Required
Strictly Necessary	Cloudflare bot detection, your cookie consent decision itself	Frustrated.io / Cloudflare	No
Analytics	_ga, _ga_*, _gid (Google Analytics 4)	Google	Yes
Advertising	IDE, NID, __gads, __gpi (Google AdSense)	Google	Yes

The cookie banner appears on your first visit and gives you three options: Accept All, Reject All, and Choose What's Okay (granular preferences). You can change your decision at any time using the Cookies link in the site footer. Rejecting analytics and advertising cookies does not break the site, hide content, downgrade features, or otherwise punish you. We are aware that several of our parody experiences satirise sites that do exactly that. We are not those sites.

Note on Do Not Track and Global Privacy Control. If your browser sends a DNT or Sec-GPC signal, we treat it as an active rejection of analytics and advertising cookies and suppress the banner entirely. This is required by California's CCPA/CPRA and is good practice everywhere else.

6. How Google Uses the Data

Both Google Analytics 4 and Google AdSense are services operated by Google LLC (United States) and Google Ireland Limited (European Economic Area). When you consent to their cookies, you are sharing data with Google under their own privacy policies and terms.

Google Analytics 4 privacy: policies.google.com/privacy
Google AdSense personalised ads: adssettings.google.com (you can opt out of personalised ads here even if you accept cookies on this site)
How Google uses data when you use partner sites: policies.google.com/technologies/partner-sites

Google shares aggregated, anonymised statistics with us through the Google Analytics dashboard. We do not have access to data about specific identifiable users. We see numbers on a chart, not people on a list.

7. Data Sharing

We do not sell your data. We have nothing to sell. The third parties that receive data when you visit the site are:

Google (Analytics 4 and AdSense) — only if you have consented to non-essential cookies
Cloudflare — for hosting and DDoS protection (essential)
Our hosting provider — for the same reason

Aside from these, we do not transfer or disclose data to anyone, with two exceptions: (a) where required by a valid legal request from a competent authority, and (b) where necessary to investigate suspected fraud or abuse of the site. Both happen rarely. Both have not yet happened.

8. International Data Transfers

Google operates servers globally, including in the United States. When you accept analytics or advertising cookies, your data may be transferred outside the UK and EEA. Google relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses to make these transfers compliant with UK and EU GDPR. We rely on Google's compliance for the transfer chain.

Cloudflare also operates globally with similar safeguards. Our hosting may be located in the UK, EU, or U.S. depending on the provider; we will update this page if the location changes meaningfully.

9. Data Retention

Google Analytics 4 data: retained for 14 months by default in the GA4 dashboard. After that, only aggregated reports remain.
Google AdSense data: retained per Google's policies, generally up to 13 months for personalisation cookies.
Suggestion form responses: retained indefinitely in our Google Forms / Sheets archive, because we use them as inspiration for future experiences. If you want yours deleted, email [email protected].
Direct emails: retained for as long as the conversation is active plus a reasonable period afterward (typically 12–24 months).
Cookie consent decisions: stored in your browser's localStorage for 12 months, then re-prompted.

10. Your Rights

10.1 If You Are in the UK or EU (UK GDPR / EU GDPR)

You have the right to:

Access the personal data we hold about you (Article 15)
Correct inaccurate data (Article 16)
Erase your data ("right to be forgotten") (Article 17)
Restrict our processing of your data (Article 18)
Port your data to another service (Article 20)
Object to processing based on legitimate interest (Article 21)
Withdraw consent at any time without affecting the lawfulness of past processing (Article 7(3))
Lodge a complaint with your national supervisory authority. In the UK that is the Information Commissioner's Office (ICO). In the EU it is your national Data Protection Authority.

10.2 If You Are in California (CCPA / CPRA)

You have the right to:

Know what personal information we collect about you and how we use it
Delete personal information we hold about you
Correct inaccurate personal information
Opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising. (Note: under CPRA's broad definition, AdSense's use of cookies for personalised advertising can constitute "sharing" even without payment changing hands. The cookie banner's Reject All option is the opt-out for this. The Global Privacy Control browser signal is also honoured.)
Limit the use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA, so this right does not have anything to limit, but you have it nonetheless.
Non-discrimination — exercising any of these rights does not change the level of service we provide. The site does not have tiers.

10.3 If You Are Anywhere Else

The same rights apply, exercised through the same email. We have not built separate processes for separate jurisdictions because we do not have separate processes for separate users.

11. How to Exercise Your Rights

Email [email protected] with the request you want to make. Include enough information for us to identify the data (your IP range, your approximate visit dates, the email address you used to contact us — whatever applies). We will respond within 30 days, often sooner. We do not charge for these requests. We do not require photo ID or notarised letters mailed to Burbank.

If you are unsatisfied with our response, you can lodge a complaint with the relevant authority listed in section 10. We would prefer you did not, but we are not going to pretend the option does not exist.

12. Children

Frustrated.io is not directed at children under 13 (or under 16 in some EU jurisdictions). We do not knowingly collect personal data from children. The site contains no content explicitly aimed at children, but the parody experiences are written for an adult sensibility. If you are a parent or guardian who believes a child has submitted personal information through the site, contact [email protected] and we will delete it.

13. Security

We use standard transport-layer encryption (HTTPS) for all pages. The site is served via Cloudflare which adds DDoS protection and bot mitigation. We have not built any user accounts or databases of personal information, which means there is very little to be breached. The most sensitive data we hold is the contents of emails sent to [email protected] and the suggestions submitted through the Google Form, both of which sit inside Google Workspace with standard Google account protections.

14. Changes to This Policy

If we change this policy materially, we will update the "Effective" date at the top of the page and, where the change is significant, post a notice on the homepage for at least seven days. Trivial changes (typos, clarifications, link updates) we will just make.

15. Contact

For all privacy-related questions, requests, or complaints, email [email protected].

For everything else — feedback, suggestions, accidental love letters — that is also the address. There is only one address. The bit is having one address.