← Back to home

Privacy Policy

Last updated: March 2026

1. Overview

This privacy policy explains how Cucaracha ("we," "us," or "our") collects, uses, and protects your personal data when you visit cucaracha.app. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

2. Data Controller

Deniz Can
Gotenstr. 52
10829 Berlin
Germany
Email: [email protected]

3. What Data We Collect

When you sign up for our waitlist, we collect:

  • Your email address
  • Your optional response to our willingness-to-pay survey
  • Basic anonymized usage data via PostHog analytics

4. How We Use Your Data

Your email is used solely to:

  • Notify you about Cucaracha's launch and updates
  • Understand product interest (via survey responses)

Legal basis: Your explicit consent (Art. 6(1)(a) GDPR) when submitting the form.

5. Third-Party Service Providers

Supabase (Email Storage):

  • Service provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992
  • Purpose: Secure storage of your email address and survey responses
  • Data Processing Agreement: In place (Art. 28 DSGVO)
  • Data location: EU-hosted infrastructure
  • Retention: Until you request deletion or unsubscribe

Vercel (Website Hosting):

  • Service provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
  • Purpose: Hosting and delivery of this website
  • Data Processing Agreement: In place
  • Data collected: Server logs (IP address, browser type, pages visited, timestamp)
  • Data location: Global CDN (may include US servers)
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable website operation)
  • Standard Contractual Clauses: EU-US data transfers protected via SCCs

PostHog (Analytics):

  • Service provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA
  • Purpose: Anonymized website analytics (page views, click patterns, session duration, device info)
  • Data collected: Anonymized usage patterns (no personal identifiers)
  • Data Processing Agreement: In place
  • Data location: US-hosted
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding user behavior and improving the website)
  • Standard Contractual Clauses: EU-US data transfers protected via SCCs
  • Opt-out: PostHog respects Do Not Track (DNT) headers

6. Your Rights Under GDPR

You have the right to:

  • Request access to your personal data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Request deletion of your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)

To exercise these rights, contact: [email protected]

7. Data Retention

  • Email addresses: Retained until you unsubscribe or request deletion
  • Survey responses: Retained for 12 months to understand product interest
  • Server logs (Vercel): Retained for 30 days
  • Analytics data (PostHog): Retained in anonymized form for up to 12 months

8. International Data Transfers

Some of our service providers (Vercel, PostHog) are based in the United States. Data transfers to the US are protected by EU Standard Contractual Clauses (SCCs) in accordance with GDPR Art. 46.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews.

10. Complaints

If you believe your rights have been violated, you can lodge a complaint with your local data protection authority. For residents of Berlin, Germany, contact:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Germany
Phone: +49 30 13889-0
Email: [email protected]

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.