Skip to main content
Groundrun
Waitlist

Privacy Notice

Last updated: 21 April 2026

This notice explains how we handle personal data collected through groundrun.dev. The data controller is Carlos Diaz Melian, trading as Groundrun, a sole trader based in the United Kingdom. For general questions, email [email protected]. For privacy and data-rights requests, email [email protected] (mail forwarding pending).

What we collect

When you join the waitlist, we collect:

  • Your email address — required, stored in our database.
  • Your IP address — used only in-memory to rate-limit the signup form. It is not persisted with your waitlist record.
  • A Cloudflare Turnstile token — a transient verification value, used once to confirm you are human and then discarded.

We do not use cookies for analytics or advertising. The site runs without any tracking or ad partners.

Why we collect it

  • To notify you when Groundrun launches and whether you are eligible for waitlist pricing.
  • To prevent abuse of the waitlist signup form (rate-limiting and bot-check).

Legal basis

We rely on your consent under Article 6(1)(a) of the UK GDPR. You chose to join the waitlist. You can withdraw that consent at any time — see Your rights below.

Who processes it

We use a small number of processors to run the site and send email:

  • Resend Inc. (United States) — sends waitlist and launch emails. See Resend’s DPA at resend.com/legal/dpa.
  • Cloudflare Inc. (United States) — verifies the Turnstile token that protects the signup form.
  • Railway Corp. (United States) — hosts the marketing site and processes request logs.

We do not share your data with advertising networks or analytics providers.

How long we keep it

Your waitlist entry is kept until 30 days after Groundrun’s public launch (currently targeted for late May 2026), or until you ask us to delete it — whichever is sooner. IP addresses used for rate-limiting are never persisted to the database; they live in memory only, and are cleared on a short rolling window.

Your request logs (HTTP method, path, timestamp, IP, user-agent) are retained by Railway Corp. — our hosting provider — for up to 30 days as part of their standard service. We do not export or separately store these logs.

International transfers

Resend, Cloudflare, and Railway process data in the United States. Transfers to the US rely on the EU Standard Contractual Clauses together with the UK International Data Transfer Addendum, as set out in those providers’ Data Processing Agreements.

Your rights

Under the UK GDPR you have the right to:

  • access the data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to processing;
  • receive your data in a portable format;
  • withdraw your consent at any time;
  • complain to the UK Information Commissioner’s Office at ico.org.uk.

The quickest way to delete your waitlist entry is to reply to any waitlist email with the word “unsubscribe”, or to email [email protected].

We do not use automated decision-making or profiling.

How to contact us

General queries: [email protected].
Privacy and data-rights requests: [email protected].

Back to home