Privacy Policy

Last updated: April 9, 2026

This Privacy Policy explains how GGRboost (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit ggrboost.io and join our waitlist. It is written to comply with the EU General Data Protection Regulation (GDPR) and related laws.

GGRboost is operated by Uladzimir Andryienka, Individual Entrepreneur registered in Georgia (ID 304621185), with legal address at Iakob Gogebashvili str. 29, apt. 9, Mtatsminda district, Tbilisi, Georgia.

Note on jurisdiction: the controller is established in Georgia, which is outside the European Economic Area (EEA) and has no adequacy decision under GDPR Art. 45. We still apply GDPR standards voluntarily because our audience includes EU-based professionals, and transfers from the EEA to Georgia rely on your explicit consent when joining the waitlist (Art. 49(1)(a) GDPR) and on Standard Contractual Clauses with our EU-based processors.

1. What data we collect

During the waitlist stage, we collect only the minimum needed to contact you when the product launches and to understand how visitors use our site.

  • Email address — you provide it when joining the waitlist. Required.
  • First name — optional, used to personalize emails.
  • Consent flags — whether you confirmed you are 18+ and whether you opted in to marketing emails.
  • Technical data — IP address, user-agent, and basic request logs (security, abuse prevention).
  • Analytics data — page views, approximate location (country), referrer, device type. Only collected if you accept analytics cookies.

We do not collect payment data, government IDs, or sensitive personal data (Art. 9 GDPR) at this stage.

2. How we use your data

  • Notify you about the launch — one or two transactional emails when we open access.
  • Send product updates — only if you explicitly opted in to marketing emails.
  • Measure site usage — only if you accepted analytics cookies.
  • Security and abuse prevention — detect bots, spam, or malicious activity.

3. Legal basis (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — for marketing emails and analytics cookies. You can withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f)) — for service operation, security, abuse prevention, and sending you the one-time launch notification you signed up for.
  • Contract / pre-contract (Art. 6(1)(b)) — to fulfil the waitlist promise you joined.

4. Third parties that process your data

We use trusted providers. Each is bound by a data processing agreement and, where data leaves the EU, by Standard Contractual Clauses (SCC).

  • Supabase — database hosting. Region: eu-west-1 (Ireland). Data stays in the EU.
  • Resend (Resend, Inc., USA) — transactional and marketing email delivery. Transfers under SCC.
  • Vercel (Vercel Inc., USA) — website hosting and CDN. Transfers under SCC.
  • Google Analytics 4 (Google LLC / Google Ireland Ltd.) — site analytics, only if you accept analytics cookies. IP anonymisation is enabled.

5. International data transfers

Some providers are based in the United States. When your data is transferred outside the European Economic Area, we rely on the European Commission Standard Contractual Clauses (SCC) and, where applicable, the EU–US Data Privacy Framework. You can request a copy of the safeguards by emailing us.

6. How long we keep your data

  • Waitlist email and name — until the product launches and for up to 24 months after you become inactive, whichever comes first.
  • Analytics data — up to 14 months in Google Analytics.
  • Server logs — up to 30 days.
  • Consent records — as long as required to demonstrate GDPR compliance (typically 3 years).

7. Your rights (GDPR Art. 15–22)

You have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Restriction — ask us to pause processing.
  • Portability — get your data in a machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — unsubscribe from marketing or reject analytics cookies at any time.
  • Complain — lodge a complaint with your local data protection authority.

To exercise any right, email us at legal@ggrboost.io. We respond within 30 days.

8. Cookies

Details about the cookies we use and how to manage them are in our Cookie Policy.

9. Catalog content and third-party personal data

GGRboost operates a research and reference library of iGaming email marketing. Content in the catalog is contributed by users and independent research partners who legitimately received those emails as normal recipients of the sender's communications.

Before any submitted email is published, it is anonymized: personal data of the original recipient (name, email, player ID, loyalty tier, and any other identifier) is replaced with neutral placeholders such as {{name}}, {{email}}, {{player_id}}. Tracking pixels, external tracking beacons, and outbound links are disarmed. Images hosted on the sender's CDN are replaced with local copies. We do not publish content that contains identifiable personal data of the original recipient.

If you believe content in the catalog still contains your personal data, email legal@ggrboost.io and we will remove or further anonymize the item.

10. Children

GGRboost is a B2B tool for iGaming industry professionals. It is not intended for anyone under 18. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email (if you joined the waitlist) and shown on this page. The “Last updated” date at the top of the page reflects the latest version.

12. Contact

Questions, privacy requests, or concerns: legal@ggrboost.io

Privacy PolicyTermsCookiesLegal info