1. Who is responsible
The controller of personal data processed through this website is Woice d.o.o., a company registered in Slovenia. Contact: support@heysigrid.com. Full company registry details are provided in the terms.
2. What this policy covers
This policy covers heysigrid.com and its roadmap pages — the pre-launch website for Sigrid. The Sigrid product (the snippet, integrations and agent) is not yet live for customers; when it launches, it will have its own privacy documentation and data processing agreement.
3. What we collect, and why
Waitlist. If you join, we store: your email (required), and optionally your site URL, a traffic range, and what you’re interested in. Purpose: to contact you about Sigrid’s launch and to reserve audits in signup order. Legal basis: your consent (GDPR art. 6(1)(a)), which you can withdraw at any time by emailing us. We do not use this list for anything else — no newsletter machine, no resale, no enrichment.
Roadmap submissions. If you submit an idea, we store the text you wrote, its category, and your email if you chose to leave one (used only to tell you if the item ships). Legal basis: consent for the email; legitimate interest (art. 6(1)(f)) in product development for the idea text itself.
Roadmap votes. Vote tallies are anonymous counts. To rate-limit abuse, the server keeps a salted cryptographic hash of your IP address for at most 60 seconds, then it expires. Raw IP addresses are never stored. Your own vote history is kept only in your browser’s localStorage, on your device. Legal basis: legitimate interest in preventing abuse.
Email. If you write to support@heysigrid.com, we keep the correspondence to answer you. Legal basis: legitimate interest in handling your request.
Sigrid’s own measurement (the dogfood). This site runs the Sigrid snippet — the product measuring its own homepage. It sets one first-party cookie, sigrid_vid (a random identifier, one year), so a returning browser stays in the same test group, and sends aggregate measurement events (which test group was shown, page views, clicks on measured buttons) to api.heysigrid.com — our own server in the EU. No names, no emails, no cross-site tracking, no PII; the identifier is random and means nothing outside this site. Opt out any time by visiting any page with ?sigrid_optout=1 — that sets an opt-out cookie and measurement stops for your browser. Legal basis: legitimate interest in measuring our own website with our own product (art. 6(1)(f)).
Server logs. Our hosting provider (Cloudflare) processes connection data (such as IP addresses) transiently to serve the site and defend it against attacks, as any host does.
4. What we deliberately don’t do
- — No third-party cookies, ever. The only cookies on this site are Sigrid’s own two: sigrid_vid (measurement, described above) and sigrid-optout (your opt-out, if you set it).
- — No analytics suites, no tracking pixels, no fingerprinting, no ads.
- — No third-party requests from your browser: fonts, assets and measurement all load from heysigrid.com domains.
- — No profiling, no automated decision-making, no selling or sharing of data for marketing.
- — localStorage is used only for functions you invoke (remembering your roadmap votes on your device). It never leaves your browser.
5. Where your data lives
Three providers handle website data on our behalf: Cloudflare (hosting, storage of form entries), Google (a private spreadsheet where waitlist entries and roadmap submissions are mirrored so we can review them), and Hetzner (the EU data center hosting our own measurement server and database — Germany). Cloudflare and Google may process data outside the EEA; where they do, transfers rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses. Measurement data stays in the EU. We add no other recipients without updating this policy.
6. How long we keep it
Waitlist entries: until the launch communication cycle is complete or you withdraw, whichever comes first. Roadmap submissions: for as long as the idea is relevant to the roadmap. Vote rate-limit hashes: 60 seconds. Sigrid’s measurement events: raw events at most 12 months; aggregated results (which contain no identifiers) become part of the public experiment ledger and stay. Support email: as long as needed to handle the matter and meet legal obligations.
7. Your rights
Under the GDPR you can ask for access, correction, deletion, restriction, portability, and you can object to processing based on legitimate interest. You can withdraw consent at any time without affecting prior processing. One email to support@heysigrid.com does it — no forms, no questionnaire. You also have the right to complain to a supervisory authority; ours is the Slovenian Information Commissioner (Informacijski pooblaščenec, ip-rs.si).
8. Children
This site is a business tool and is not directed at children under 16. We do not knowingly collect their data.
9. Changes
Changes to this policy are published here with a new date and version. The page’s history is also tracked publicly in the site’s repository — policy changes leave a trail, like everything else Sigrid does.