Skip to content
ggrigs⌘K

Privacy policy

Last updated April 21, 2026

We respect your privacy. This policy explains what we collect, how we use it, and your rights.

What we collect

On every visit (no consent required)

  • Page views + referrer. We use Plausible, a cookie-free analytics tool. Plausible records page URL, referrer, country (from IP, IP itself is discarded), and browser type. No cookies, no cross-site tracking, no personal identifiers.
  • Outbound affiliate clicks. When you click a "Check on Amazon" button, we record the click (product, timestamp, marketplace, country code) before your browser navigates to Amazon. We do not record your IP directly; only the country code from Cloudflare. The click event is associated with a first-party session cookie (random UUID, 30-day expiry) but not with any personal data.

If you subscribe to the newsletter

  • Email address (required) — used solely to send the newsletter you asked for.
  • Consent confirmation (double opt-in token) — proves you confirmed the subscription, per GDPR + CASL.
  • Source — where you subscribed from (footer form, shortlist save, etc.) for our own content-effectiveness reporting.
  • Engagement data — open rate, click rate on newsletter links (standard open-tracking pixel + redirect URLs), to measure which newsletters are useful.
  • Unsubscribe at any time via the one-click link in every newsletter, or by emailing [email protected].

If you save a shortlist (when that feature ships)

  • Same as newsletter subscription (email + consent), plus the list of product IDs you shortlisted, so we can email you if prices drop.

What we don't collect

  • Names, addresses, phone numbers, payment info — we have no such fields.
  • Cross-site tracking cookies.
  • Fingerprinting beyond what Plausible's country + browser-family aggregation captures.
  • Any data from users who have not subscribed to our newsletter.

Who we share data with

  • Plausible — our analytics vendor (GDPR-compliant, EU-hosted by default).
  • Amazon — when you click a BuyBox and navigate to Amazon, standard browser referrer information is shared with Amazon (URL you came from, affiliate tag). This is how the affiliate program works; we can't avoid it, and neither can any other affiliate site.
  • Cloudflare — our edge network handles all traffic. Cloudflare sees your IP and user agent in the normal course of delivering the site. Their privacy policy applies: cloudflare.com/privacypolicy.
  • Email service provider — when we send newsletters, we use a transactional-email provider (privateemail.com at launch, potentially Resend or Postmark as volumes grow). They see your email address, delivery status, open/click tracking. Their privacy policies apply.

We do not sell your data to anyone. Ever.

Your rights (GDPR / CCPA / general)

  • Right to access — email us and we'll tell you what we have on file (realistically: your email if subscribed, plus newsletter-engagement metadata).
  • Right to erasure — subscribe → unsubscribe → we delete your email from our list. For complete deletion including engagement logs, email [email protected] with "delete my data" and we'll process within 30 days.
  • Right to rectification — if your stored data is wrong, email us.
  • Right to data portability — we'll export your subscription + engagement data as JSON on request.
  • Right to object / withdraw consent — you always can.

Cookies + local storage

  • No analytics cookies — Plausible is cookie-free.
  • Session cookies — we set a first-party session ID (random UUID, 30-day sliding expiry) to associate outbound-click events with anonymous sessions.
  • Local storage — we remember your preferred marketplace (country selection for BuyBox) and your shortlist (once that feature ships), both in your browser's local storage, not sent to our servers unless you save the shortlist with email.
  • No third-party cookies beyond Cloudflare's operational ones.

Data retention

  • Newsletter subscribers: kept while active subscription; deleted within 30 days of unsubscribe request.
  • Click events + session cookies: aggregated metrics retained indefinitely; raw rows purged after 12 months.
  • Backups: Postgres dumps retained 30 days rolling; weekly snapshots retained 90 days; quarterly snapshots retained 2 years.

Data processing address

For GDPR purposes, the data controller is Great Gaming Rigs, reachable at [email protected]. Hosted on Hetzner's Nuremberg datacenter (Germany, EU jurisdiction).

Children

ggrigs is not directed at children under 16. If you believe we've collected data from a child under 16, email [email protected] and we'll delete it immediately.

Changes

If this policy changes materially, we'll update the "Last updated" date and notify active newsletter subscribers.

Contact

[email protected] for any privacy question, data request, or concern.