Privacy Policy

1. Who is responsible

The controller for the processing of your personal data on this site is:

Dumke Ventures UG (haftungsbeschränkt), Ebersprung, 16321 Bernau, Germany. Managing Director: Tom Dumke. HRB 17796, Amtsgericht Frankfurt (Oder).

For any privacy question, write to tom@humansrunit.com.

2. What data we process and why

Waitlist signups (double opt-in). When you submit the waitlist form, we store: your email (required), your name or business name (optional), your industry / niche (optional), the problem you described in free text (optional), whether you signed up as an operator or a company, your marketing-consent choice, and the timestamp of your submission. Your entry stays in a pending state until you click the confirmation link in the email we send you; only then is it added to the actual waitlist. Pending entries that aren't confirmed within 7 days are deleted automatically. Legal basis: Art. 6 (1)(b) GDPR — to deliver the early-access notice you requested. If you tick the optional marketing checkbox, we additionally process your data to send occasional updates beyond the launch announcement (Art. 6 (1)(a) GDPR — your consent, withdrawable at any time by emailing us).

Confirmation + admin notification emails. Outbound emails (your confirmation message and an internal notification to tom@humansrunit.com when you confirm) are sent through Cloudflare Email Sending — same processor as the rest of the site, no third-party email vendor.

Server logs. Our hosting provider, Cloudflare, automatically captures your IP address, user-agent string, and country derived from IP geolocation when you submit the form. We use these to prevent abuse, debug delivery issues, and meet our security obligations (Art. 6 (1)(f) GDPR — legitimate interest in preventing fraud and operating a stable service).

Web analytics (only if you consent). If you allow analytics in the cookie banner, we load Cloudflare Web Analytics, which is cookieless and aggregates pageviews, referrers, and approximate location at country level. We do not run Google Analytics, Meta Pixel, or any third-party tracking pixel. Legal basis: Art. 6 (1)(a) GDPR — your consent.

We do not sell your data, do not share it with advertising networks, and do not engage in profiling or automated decision-making (Art. 22 GDPR).

3. How long we keep it

Pending (unconfirmed) waitlist entries: 7 days, then auto-deleted.

Confirmed waitlist email + name + free-text fields: kept until 90 days after we publicly launch the directory, then deleted. If you withdraw consent earlier or ask to be removed, we delete within 14 days.

IP, user-agent, and country: kept for 14 days as a security log, then deleted.

Cookie consent record: stored on your device for 365 days so we don't show the banner repeatedly. You can clear it any time via your browser cookie settings or by reopening the banner via the footer.

4. Who we share data with (processors)

We use one main processor:

Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) — provides our website hosting (Cloudflare Pages), the database that stores waitlist entries (Cloudflare Workers KV), DNS, email forwarding (Cloudflare Email Routing), outbound transactional email (Cloudflare Email Sending — used to send your waitlist confirmation message and our internal admin notification), and, if you consent, web analytics (Cloudflare Web Analytics).

Cloudflare is a US company. For transfers of EU personal data, we rely on the EU Standard Contractual Clauses (SCCs) included in Cloudflare's Data Processing Addendum: cloudflare.com/cloudflare-customer-dpa. Cloudflare maintains EU data centers and has additional supplementary measures in place per Schrems II.

Email sent to tom@humansrunit.com is forwarded by Cloudflare Email Routing to a personal mailbox. Cloudflare does not retain message bodies on their relay; delivery logs are kept for limited debugging windows per their policy.

5. Cookies and storage on your device

We use the smallest set of cookies we can:

__cf_bm (Cloudflare Bot Management) — set by Cloudflare on every page load to distinguish humans from bots. Strictly necessary for the service per § 25 (2) TTDSG; cannot be disabled. Lifetime: 30 minutes.

humansrunit_consent — stores your cookie banner choice as a JSON value (which categories you allowed). Set after you make a choice. Lifetime: 365 days.

Cloudflare Web Analytics beacon — only loaded if you consent to analytics. Cookieless: it does not write anything to your device.

We do not use marketing cookies, ad tracking pixels, or session-replay tools.

6. Fonts and third-party assets

Web fonts on this site are self-hosted from our own server (/fonts/ path). We do not load Google Fonts, fonts.gstatic.com, or any other third-party font CDN. Your browser does not connect to Google when viewing our pages.

7. Your rights under GDPR

You have the right, at any time, to:

– Access the personal data we hold about you (Art. 15);

– Rectify inaccurate data (Art. 16);

– Erasure — ask us to delete your data (Art. 17);

– Restrict processing (Art. 18);

– Receive your data in a portable format (Art. 20);

– Object to processing based on legitimate interest (Art. 21);

– Withdraw consent at any time, with future effect, where processing is based on consent (Art. 7 (3)).

To exercise any of these, email tom@humansrunit.com. We respond within one month (Art. 12 (3)).

8. Right to complain

You have the right to lodge a complaint with a supervisory authority. Because our registered office is in Bernau (Brandenburg), the competent authority is Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (LDA Brandenburg), Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany. Find them at lda.brandenburg.de.

9. Changes to this policy

We update this page when our processing changes. The effective date at the top reflects the last revision. Material changes that affect existing signups will be communicated by email to the address you provided.