Effective July 11, 2026

Privacy Policy

This policy explains what data Medlar ("Medlar", "we", "us") collects on this website, why we collect it, and the choices you have. It is written for the current early-access phase: a marketing site with a waitlist. If the product changes, this policy will change with it — the effective date above always tells you which version you are reading.

1. What we collect

Waitlist information you give us. When you join the waitlist we collect your email address and, only if you choose to provide them, your company name, what you want to automate, and your expected monthly work volume.

Attribution data. If you arrive through a campaign link, we record basic UTM tags (source, medium, campaign) so we can tell where signups come from.

Technical data. Your IP address is processed briefly to rate-limit form submissions and prevent abuse. Our analytics tool records usage events (pages viewed, buttons clicked) together with browser and device information.

We do not knowingly collect data from anyone under 16.

2. How we use it

We use this data to:

  • send you a confirmation email and, later, an invitation when early access opens;
  • understand demand and prioritize what to build first;
  • measure which channels bring visitors to the site;
  • keep the site secure and prevent spam and abuse.

Where the GDPR or similar laws apply, our legal bases are your consent (joining the waitlist) and our legitimate interest in operating and securing the site.

3. What we don't do

  • We do not sell your data — to anyone, ever.
  • We do not share it with third parties for their own marketing.
  • We do not run advertising or ad-tracking cookies on this site.
  • We will not email you beyond what is described above without asking for separate consent first.

4. Service providers we rely on

Your data is processed by a small set of infrastructure providers acting on our instructions under data-processing agreements:

  • Vercel — website hosting
  • Neon — database where waitlist entries are stored
  • Resend — sending the confirmation email
  • Upstash — rate limiting (brief IP processing)
  • PostHog — product analytics

These providers may process data in the European Union and the United States. Where data leaves the EU/EEA, transfers rely on standard contractual clauses or equivalent safeguards.

5. Cookies and similar technologies

The site uses a small number of first-party cookies and browser storage entries set by our analytics tool to distinguish visitors and remember sessions. There are no third-party advertising cookies. You can block or clear cookies in your browser at any time; the site keeps working.

6. How long we keep data

Waitlist entries are kept until early access invitations are complete, until you ask us to delete yours, or until the entry is clearly no longer needed — whichever comes first. Analytics data is retained according to our analytics provider's standard retention schedule. Rate-limiting records expire automatically within minutes.

7. Your rights

Depending on where you live (including under the GDPR and Türkiye's KVKK), you have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent at any time.

To exercise any of these, email hello@medlar.app — deleting your waitlist entry takes one message. You also have the right to complain to your local data-protection authority.

8. Security

Data is transmitted over TLS and stored with access limited to what operating the service requires. Submissions are protected against automated abuse. No system is perfectly secure, but we deliberately collect little, which is the best protection of all.

9. Changes to this policy

If we change this policy in a way that matters, we will update the effective date above and, for significant changes affecting waitlist members, tell you by email.

10. Contact

Medlar is operated by the Medlar founding team. For anything related to your data, write to hello@medlar.app.

← Back to home