Privacy
RunGuard is a pre-launch, single-builder project. We collect the minimum we need to operate a waitlist and serve a static website. No analytics SaaS, no third-party email vendor, no cookies, no behavioural tracking. This page is short on purpose.
What we collect
| Data | When | Why |
|---|---|---|
| Email address | You submit the waitlist form on the homepage. | To email you once when the SDK is publicly available. |
| Submission referrer URL | Same submission. | To know whether you came from Hacker News, Reddit, X, etc. — so we can spend our scarce launch effort on the channels that work. |
| Server access logs (IP address, timestamp, request path, user-agent, referrer) | Every request to runguard.dev. |
Standard web-server logs (Caddy). Used for traffic accounting and for blocking abuse. Rotated and overwritten on the host. |
What we do NOT collect
- No cookies, no localStorage, no fingerprinting. The site is static HTML with one JS handler that posts the waitlist form.
- No third-party analytics (no Google Analytics, no Plausible cloud, no PostHog, no Segment, no Mixpanel).
- No third-party tag managers or pixels (no Meta Pixel, no LinkedIn Insight Tag, no X conversion pixel).
- No CDN that proxies your traffic (the site is served directly from our VPS via Caddy).
- No ad networks. The site has no ads.
- No behavioural data once you leave the site. We don't email-track and we don't append cross-site identifiers.
Where it goes
- Waitlist emails + referrer URLs live in a SQLite file (
data.db) on the same VPS that serves this site. They are not exported to any third party. - Server access logs stay on the same VPS, rotated by Caddy's default rotation policy.
- Backups of the SQLite file are pulled to encrypted storage by the VPS operator. They are retained for 30 days then overwritten.
Subprocessors
The infrastructure providers that necessarily see some of the above data:
- Spaceship (privacy policy) — domain registrar and authoritative DNS for
runguard.dev. Sees DNS query metadata, not your email. - Hetzner (privacy policy) — VPS host. Sees inbound HTTPS traffic at the network level. Located in Germany, so EU data-protection law applies at the network layer.
- Let's Encrypt / ISRG (privacy policy) — TLS certificate issuance for
runguard.dev. Sees the domain name; does not see request bodies.
That is the entire list. There are no analytics, email-marketing, CRM, or advertising subprocessors at this stage. If we add any before launch (for example a transactional email vendor when we send the SDK-availability notice), this page will be updated and the change will be linked from the footer.
How long we keep it
- Waitlist email + referrer URL: kept until you ask us to delete it, or until 24 months after we stop operating RunGuard, whichever comes first.
- Server logs: rotated by Caddy. Older entries are overwritten as new ones come in. Effective retention is on the order of weeks, not years.
- Backups: 30 days, then overwritten.
Your rights
If you're in the EU/UK (GDPR), California (CCPA/CPRA), or anywhere else that gives you data rights, you have at minimum:
- The right to know what we hold about you.
- The right to have it deleted.
- The right to have it corrected.
- The right to a copy of it in a portable format.
- The right to lodge a complaint with your data-protection authority.
To exercise any of those, email privacy@runguard.dev from the address you signed up with. We aim to action requests within 7 days; the GDPR limit is 30. There is no charge.
Children
RunGuard is a developer tool sold to engineers and engineering teams. It is not directed at anyone under 16, and we do not knowingly collect data from anyone under 16. If you believe a child has signed up to the waitlist, email us and we'll delete the entry.
Changes to this notice
We'll update this page in place when material things change (a new subprocessor, a new data category, a new retention rule). The "effective" date at the top reflects the most recent change. We don't currently maintain a public changelog of edits because the page itself is short enough to diff in your head; if that becomes false, we'll add one.
Contact
Privacy questions: privacy@runguard.dev. Anything else: the homepage waitlist or @bitinvestigator on X.