Privacy Policy.
1. Controller
Tim Baßmann & Jeremias Mattc/o MDC#755
Welserstraße 3
87463 Dietmannsried
Email: info@usegramm.app
Website: usegramm.app
gramm. is currently operating in a pre-incorporation phase.
2. What We Collect
We collect as little personal data as possible. The following table provides an overview of all personal data we process:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Waitlist registration and launch notification | Art. 6(1)(a) GDPR — your consent |
| Email address (interview) | Scheduling and conducting user research interviews | Art. 6(1)(a) GDPR — your consent |
| Server logs (IP address, browser, timestamp) | Secure technical operation of the website | Art. 6(1)(f) GDPR — legitimate interest |
| Email correspondence | Responding to your inquiry | Art. 6(1)(f) GDPR — legitimate interest |
We do not collect names, addresses, phone numbers, payment data, or any sensitive personal data as defined in Art. 9 GDPR. We do not profile users or use automated decision-making.
3. How We Use Your Data
Your email address is used exclusively to:
- Confirm your waitlist registration via double opt-in
- Notify you when gramm. launches and early access becomes available
- Contact you for scheduling a user research interview (if you opted in)
We will not send marketing emails beyond gramm. launch communications. We will never sell, rent, share, or transfer your email address to third parties for their own marketing purposes.
When gramm. launches, waitlist subscribers will be given the option to create a user account. If you do not convert to a user account within a reasonable period after launch, your email address will be deleted from the waitlist. You will be informed about this in advance.
4. User Survey
We conduct a user survey to better understand the problem we are building a solution for. The survey is fully anonymous by default.
- We do not collect any personal data through the survey questions themselves.
- We only see aggregated, anonymised responses. No individual response can be traced back to a specific person.
- If you voluntarily choose to provide your email address at the end of the survey (for interview participation or launch notification), that email address is handled separately as described in Sections 2 and 3.
- Your survey answers and your email address are never linked, combined, or cross-referenced.
The legal basis for processing anonymous survey responses is Art. 6(1)(f) GDPR (legitimate interest in product research and development). Since no personal data is involved, GDPR obligations for anonymous data do not apply to survey content.
5. Third-Party Processors
We use the following service providers to operate this website and manage our waitlist. Each provider processes data on our behalf under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Netlify, Inc. | Website hosting and CDN | USA | EU Standard Contractual Clauses (DPA) |
| Brevo (Sendinblue SAS) | Email delivery and waitlist management | France (EU) | Data stored in EU, DPA in place |
| IONOS SE | Email forwarding for info@usegramm.app | Germany (EU) | GDPR directly applicable, DPA in place |
No other third parties receive your personal data.
Netlify
Our website is hosted by Netlify, Inc. 101 2nd Street San Francisco, CA 94105, USA. Server logs are automatically stored and deleted after 7 days. Data transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR.
Privacy Policy: netlify.com/privacy
Brevo
We use Brevo GmbH, a subsidiary of Sendinblue SAS, 17 rue de Salneuve, 75017 Paris, France, to manage our waitlist and send launch notifications. Your email address is stored on Brevo's servers within the EU. We use Brevo's double opt-in feature to verify your consent before adding your address to our list.
Privacy Policy: brevo.com/legal/privacy-policy
IONOS
We use IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, to forward emails sent to info@usegramm.app to our personal email accounts. IONOS processes the content and metadata of incoming emails solely for the purpose of forwarding. As a German company, IONOS is subject to GDPR directly. No transfer of data outside the EU takes place.
Privacy Policy: ionos.de/terms-gtc/datenschutzerklaerung
Fonts
This website uses the typefaces Playfair Display and Space Grotesk. Both fonts are served locally from our own server. No data is transferred to Google Fonts or any other third party as a result of font loading.
6. Cookies & Analytics
This website does not use cookies of any kind — not for tracking, not for analytics, not for advertising. A cookie consent banner is therefore not required.
We do not use Google Analytics, Google Tag Manager, Meta Pixel, or any other tracking or retargeting technology that collects personal data or identifies individual users.
The only data processing that occurs during your website visit is the server log collection by Netlify, as described in Section 2. This is technically necessary and does not involve cookies.
7. Data Retention
We retain personal data only as long as necessary for the stated purpose:
- Waitlist/Newsletter email addresses: Until you withdraw your consent (unsubscribe via email link, our unsubscribe page, or by emailing info@usegramm.app), or 24 months after sign-up if no product launch occurs — whichever comes first. After removal, your data is permanently deleted within 30 days.
- Interview email addresses: Until the interview has taken place, or upon your request (via email link, our unsubscribe page, or by emailing info@usegramm.app), or 12 months after collection — whichever comes first. Deleted within 30 days thereafter.
- Anonymous survey responses: Stored indefinitely for product research purposes. No personal data is involved.
- Server logs (Netlify): Maximum 7 days, then automatically deleted.
- Email correspondence: Until the matter is resolved, maximum 24 months, then permanently deleted.
8. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse in accordance with Art. 32 GDPR.
- All data transmission between your browser and our website is encrypted using TLS/SSL.
- Access to stored personal data is restricted to authorised individuals only.
- We use reputable third-party processors (see Section 5) that maintain their own security standards.
- In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours in accordance with Art. 33 GDPR, and affected individuals where required under Art. 34 GDPR.
9. Your Rights (GDPR Art. 15–21)
As a data subject under GDPR, you have the following rights:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten").
- Right to restriction of processing (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Where we process data based on legitimate interest (Art. 6(1)(f) GDPR), you may object to this processing at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. You can unsubscribe via the link in any email, through our unsubscribe page, or by contacting us at info@usegramm.app.
To exercise any of these rights, contact us at: info@usegramm.app. We will respond within 30 days.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority at any time, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).
The supervisory authority competent for our location in Bavaria, Germany is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Promenade 18
91522 Ansbach
Germany
www.lda.bayern.de
A list of all EU supervisory authorities is available at: edpb.europa.eu
11. California Residents – CCPA
If you are a resident of California, the California Consumer Privacy Act (CCPA) grants you the following additional rights:
- Right to Know: You may request disclosure of the personal data we have collected, used, disclosed, or sold about you in the past 12 months.
- Right to Delete: You may request deletion of your personal data, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal data. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, contact us at: info@usegramm.app. We will respond within 45 days.
12. International Data Transfers
One of the third-party processors we use is located outside the European Economic Area (EEA), specifically Netlify, Inc. in the United States. Transfers of personal data to third countries are carried out only where an adequate level of protection is ensured, specifically via:
- Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR, or
- An adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Brevo is based in France (EU) and IONOS SE is based in Germany (EU). Both process data exclusively within the EU. No cross-border transfer concerns apply to these providers.
13. Children's Privacy
Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 (or under 16 in the EU without verifiable parental consent). If you believe we have inadvertently collected data from a child, please contact us immediately at info@usegramm.app and we will delete it without delay.
14. Changes to This Policy
We may update this Privacy Policy from time to time — for example when we incorporate our UG, launch the gramm. app, or add new services. The "Last updated" date at the end of this page will be revised accordingly.
We will notify waitlist subscribers of any material changes by email before they take effect.