← Back to Graveyard

Privacy Policy

Last updated: February 20, 2026

This privacy policy explains how cairndata ("we", "us") collects, uses, and protects your personal data when you visit graveyard.cairndata.dev and cairndata.dev (the "Sites").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data controller

The data controller responsible for your personal data is:

Mateusz Wycislik
Contact: [email protected]

2. What data we collect

Newsletter signup:

• Email address
• Signup source (which site you signed up from)
• Timestamp of signup

Grave submissions:

• Epitaph text (required)
• Code/evidence text (required)
• Cause of death category (required)
• Name/alias (optional, defaults to "Anonymous gravedigger")
• IP address (for spam prevention)
• Timestamp of submission

3. What we do NOT collect

• We do not use cookies
• We do not use analytics or tracking scripts
• We do not use third-party advertising
• We do not share your data with third parties
• We do not build user profiles

4. Legal basis for processing

We process your data based on:

• Consent (Art. 6(1)(a) GDPR) — when you voluntarily submit your email or a grave submission
• Legitimate interest (Art. 6(1)(f) GDPR) — IP address logging for spam prevention

5. How we use your data

• Email addresses — to send you a one-time notification when cairndata launches, and occasional product updates. You can unsubscribe at any time.
• Grave submissions — to review and potentially publish anonymized documentation examples on the Sites.
• IP addresses — solely for spam prevention. Not used for tracking or analytics.

6. Data storage and security

Your data is stored on a PostgreSQL database hosted on infrastructure controlled by us within the European Union. Data is transmitted over HTTPS. Access to the database is restricted to the data controller.

7. Data retention

• Email addresses — retained until you unsubscribe or request deletion
• Grave submissions — retained indefinitely (published content) or deleted upon request
• IP addresses — retained for a maximum of 90 days, then permanently deleted

8. Your rights

Under GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — restrict processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected].

9. Third-party services

The Sites use the following third-party services:

• Google Fonts — for typography. Google may collect your IP address when fonts are loaded. See Google's Privacy Policy.
• Cloudflare — for DNS and CDN. Cloudflare may process connection metadata. See Cloudflare's Privacy Policy.
• GitHub Pages — for hosting. GitHub may log access data. See GitHub's Privacy Statement.

10. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. We will not reduce your rights under this policy without your explicit consent.