Privacy Policy
Last updated: 23 June 2026
This policy explains how Cridin (“Cridin”, “we”, “us”) processes personal data when you visit cridin.com or join our early-access list. We are committed to the EU General Data Protection Regulation (GDPR) and to keeping data within the European Union.
1. Who is responsible
Cridin is an early-stage, pre-launch project and is not yet operated by an incorporated company. For any privacy or data-protection inquiry, contact [email protected]. Formal controller details will be added once Cridin is incorporated.
2. What data we process
- Email address — when you submit it to join the early-access list.
- Limited technical data — to deliver and secure each page, standard request information is processed in transit. We do not store your IP address: it is handled transiently by our CDN / security provider (Cloudflare) to route and protect traffic, as is inherent to serving any website, and our cookieless analytics (Umami) anonymizes it without retaining it. We keep no visitor IP addresses in our database or server logs.
We do not request or store names, payment details, IP addresses, or any special-category data.
3. Why we process it, and our legal basis
- Early-access list (your email): to contact you about Cridin’s launch. Legal basis: your consent (Art. 6(1)(a) GDPR). You may withdraw it at any time.
- Bot protection: to prevent spam and abuse of the signup form. Legal basis: our legitimate interest in security (Art. 6(1)(f) GDPR).
- Audience measurement: aggregated, cookieless analytics to understand traffic. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
4. Where your data is stored, and who processes it
We keep data in the EU and rely on a small number of processors:
- Resend — delivers your confirmation email. Email processing in the EU.
- NocoDB on Hetzner — your email is stored in our database, self-hosted on Hetzner infrastructure in Germany (EU).
- Hetzner — hosting provider; our servers are located in Germany (EU).
- Cloudflare — content delivery, TLS, and bot protection (Turnstile). Routes and protects traffic and processes IP addresses transiently. Cloudflare is a US company; any transfer is covered by the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses.
- Umami — self-hosted, privacy-friendly analytics that is cookieless and does not track individuals across sites.
5. Retention
We keep your early-access email until Cridin launches or until you ask us to delete it, whichever comes first. Aggregated analytics contain no identifying data.
6. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected, or your data erased;
- restrict or object to processing;
- data portability;
- withdraw consent at any time, without affecting prior processing.
To exercise any of these, email [email protected]. You also have the right to lodge a complaint with a data-protection supervisory authority.
7. No automated decision-making
We do not use your data for automated decision-making or profiling.
8. Changes to this policy
We may update this policy as Cridin develops. The “last updated” date above reflects the current version.
Contact
Questions about this policy or your data: [email protected].