Privacy Policy
Last updated: March 10, 2026
1. Controller
The controller responsible for processing your personal data under the GDPR is:
Christoph Langer
Private individual
Germany
Email: legal@mail.use-synk.com
2. Scope
This policy explains how personal data is processed when you:
- visit this website,
- use the waitlist form,
- confirm your waitlist registration,
- receive emails from us,
- use the unsubscribe link,
- visit the website (analytics are collected automatically).
3. Categories of Personal Data
Depending on your interaction, we process:
- Email address (when submitted in the waitlist form or used in waitlist email flows).
- Technical request data such as IP address, user agent, and request metadata processed by hosting/infrastructure.
- Rate-limiting identifier derived from request header IP data for abuse prevention.
- Aggregate analytics data collected via Plausible Analytics (cookieless, no personal identifiers stored).
4. Purposes and Legal Bases (Art. 6 GDPR)
| Purpose | Data | Legal Basis |
|---|---|---|
| Process your waitlist signup and send confirmation email (double opt-in) | Email address | Art. 6(1)(b) GDPR (pre-contractual steps at your request) |
| Add you to waitlist after confirmation and send launch/product updates | Email address | Art. 6(1)(a) GDPR (consent) |
| Send optional promotional content and user research requests | Email address | Art. 6(1)(a) GDPR (consent) |
| Provide unsubscribe and suppression handling | Email address, token data | Art. 6(1)(c) GDPR (legal compliance) and Art. 6(1)(f) GDPR (accountability and proof of consent management) |
| Ensure security, prevent abuse, and apply rate limiting | IP-derived identifier, request metadata | Art. 6(1)(f) GDPR (legitimate interest in service security and abuse prevention) |
| Host and technically deliver the website | Technical request data | Art. 6(1)(f) GDPR (reliable service operation) |
| Website analytics | Aggregate, cookieless analytics data | Art. 6(1)(f) GDPR (legitimate interest in understanding website usage) |
Withdrawal of consent: You can withdraw consent at any time with effect for the future, for example by using the unsubscribe link in emails or by contacting legal@mail.use-synk.com.
Withdrawal does not affect processing carried out before withdrawal.
5. Data Retention
- Waitlist email data: stored until you withdraw consent, request deletion, or the project is permanently discontinued; if a user account is later created, a separate policy applies.
- Double opt-in and unsubscribe evidence: retained as needed to document consent management and legal compliance obligations.
- Rate-limiting and security data: retained for short operational windows and deleted/overwritten according to provider retention settings.
- Analytics data: retained according to Plausible Analytics retention settings (aggregate, non-personal data).
Where legal retention obligations apply, data may be retained for the required period and blocked for other use.
6. Recipients and Processors
To operate the service, we use processors under applicable data processing terms:
Neon (Database)
Neon, Inc., 353 Sacramento St, Suite 1227, San Francisco, CA 94111, USA
Purpose: storage of waitlist records.
Privacy policy: neon.tech/privacy
Vercel (Hosting)
Vercel Inc., 340 Pine Street, Suite 603, San Francisco, CA 94104, USA Purpose: website hosting. Privacy policy: vercel.com/legal/privacy-policy
Plausible Analytics
Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia Purpose: optional privacy-friendly website analytics if accepted. Privacy policy: plausible.io/privacy
Resend (Email Delivery)
Resend Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA
Purpose: delivery of confirmation and waitlist emails.
Privacy policy: resend.com/legal/privacy-policy
Upstash (Rate Limiting)
Upstash, Inc., 2261 Market Street #5056, San Francisco, CA 94114, USA
Purpose: abuse prevention and request rate limiting via Redis.
Privacy policy: upstash.com/privacy
7. International Data Transfers
If data is processed outside the EEA (in particular in the USA), transfers are based on appropriate safeguards under Art. 46 GDPR, in particular Standard Contractual Clauses (SCCs), unless another lawful transfer mechanism applies.
8. Cookies and Similar Technologies
We use browser storage only to persist functional preferences (e.g., theme). We use Plausible Analytics, which is cookieless and stores no personal data on your device.
9. Your Rights
Under the GDPR, you may have the following rights:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR),
- right to erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to data portability (Art. 20 GDPR),
- right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR),
- right to withdraw consent at any time (Art. 7(3) GDPR).
To exercise your rights, contact legal@mail.use-synk.com. We respond within statutory time limits.
10. Right to Lodge a Complaint
If you believe processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in your EU member state of residence, place of work, or place of the alleged infringement.
For Germany, information is available via: bfdi.bund.de
11. Changes to This Policy
We may update this policy from time to time. The current version is always available on this page with the latest "Last updated" date.