grubble small social, on purpose sign in
Pull to refresh

Privacy and your data

last updated 2 June 2026

grubble is a small, deliberately-simple social space for the people who actually matter. This page explains what we do, and don't do, with your data.

What we collect

  • · Account: your email address, your name (the one you've chosen to display), and an optional profile photo.
  • · Posts: photos and captions you share, with their timestamps.
  • · Interactions: hearts and comments on posts you can see.
  • · Connections: mutual links between you and other grubble members, plus the relationship label (e.g. sister, colleague) you've each chosen for the other.
  • · Sign-in records: the short-lived links and 6-digit codes we email you to sign in. Both expire on a tight timer (codes within minutes; links within half an hour) and become invalid the moment they're used.
  • · Pending requests: invites you've sent, email-change confirmations in flight, and account-deletion confirmations in flight. All short-lived, all single-use.
  • · Active sessions: per signed-in device we record the browser/operating-system string and IP address, plus when the session was created and last active, so you can review and sign out of devices you don't recognise.
  • · Last-visited timestamp: when you last opened the home tab, so the next visit can show "what's new since". A timestamp, not a content history.
  • · Pre-launch waitlist: if you signed up for invite-availability notifications on the public homepage before having an account, we hold your email on a waitlist until invites open. You can ask us to remove it at any time.

What we don't collect

  • · No third-party analytics, ad networks, or tracking pixels.
  • · No social-graph harvesting beyond the connections you create yourself.
  • · No location data, contacts, or device identifiers.
  • · No passwords. We don't have any to lose.

How we use it

Strictly to run grubble: showing you posts from the people you're connected with, sending the emails you ask us to (sign-in codes, invites, email-change confirmations, account-deletion links), and showing you what's new since your last visit. That's it. No profiling, no engagement analytics, no recommendations.

Who we share it with

We don't sell, share, or rent your data to anyone. The following third-party services process data on our behalf as part of running grubble:

  • · Hetzner (Germany) — cloud hosting. The server your data lives on.
  • · Cloudflare (US, EU data centres) — DNS, DDoS protection, and media storage (your photos and avatars are stored in Cloudflare R2). Cloudflare's EU data residency means your media stays in Europe.
  • · Postmark (US) — transactional email delivery. Your email address is passed to Postmark solely to send sign-in links and account notices. No marketing, no tracking pixels.

Nobody else. That's the complete list.

How long we keep it

  • · Account, posts, hearts, comments, connections: as long as your account exists. Delete your account and they go with it.
  • · Sign-in codes: 5 minutes from issue.
  • · Sign-in links: 30 minutes from issue.
  • · Invite tokens: 14 days from issue.
  • · Email-change and account-deletion confirmations: 30 minutes from issue.
  • · Active session records: until you sign out of that device, or sign out of all devices.
  • · Waitlist entries: until invites open and we use the address to send you one, or until you ask us to remove it.

Your rights

  • · Access and portability: download a copy of everything we hold about you as a ZIP from Settings. Includes account fields, posts (with image variants), comments, hearts, connections, invites, and active sessions.
  • · Erasure: permanently delete your account and all associated data from Settings. Two-step confirmation, irreversible once completed.
  • · Correction: change your name, profile photo, and email address any time from Settings.
  • · Waitlist removal: if you're on the pre-launch waitlist and want off, drop us an email and we'll remove your address.

Contact

Questions about your data? Email [email protected].