Privacy Policy

PRE-LAUNCH · WAITLIST Last updated: 2026-04-23

01. Overview

This policy explains how Mach4.dev collects, uses, stores, and protects information from people who sign up for our pre-launch waitlist. We keep it short because we collect less than most sites do.

We do not run advertising, do not sell data, and do not use third-party analytics or tracking cookies. The only reason we ask for your information is so we can follow up about early access to Mach4.

02. Who we are

Mach4.dev ("Mach4", "we", "us", "our") is the operator of the website at https://mach4.dev and the forthcoming Mach4 product.

Legal operator: Annt Capital Limited, registered in England.

For any privacy question or request, contact us at [email protected].

03. What we collect

Information you provide

When you submit the waitlist or contact form, we collect:

Email address (required) — so we can contact you about early access.
Optional fields: your name, company or team name, team size, pricing tier you're interested in, and any message you choose to send.

Information collected automatically

When you submit a form, our servers log:

IP address — used for rate-limiting (to prevent abuse) and security auditing.
Browser user-agent string — for debugging and abuse prevention.
Page path and referrer — which page on mach4.dev you submitted from and which site (if any) sent you there.
Timestamp — when the submission happened.
CTA tag — which button you clicked (e.g. Free / Pro / Team / Enterprise / Early access) so we can prioritize outreach by tier of interest.

What we do not collect

We do not use third-party analytics, session-replay, or tracking platforms.
We do not use advertising cookies, tracking pixels, or retargeting beacons.
We do not record your session, mouse movements, or clicks beyond form submissions.
We do not access your code, files, credentials, or Anthropic API key from this website.

04. How we use it

We use the information you provide for exactly the purposes below, and nothing else:

To contact you about Mach4 early-access availability, beta invitations, and significant product announcements.
To prioritize outreach based on your stated tier of interest and team size.
To prevent abuse — we rate-limit submissions per email and per IP, and may block abusive traffic.
To comply with legal obligations if we are required to retain or disclose information by applicable law.

We do not use your information to build profiles, train machine-learning models, or make automated decisions that legally or significantly affect you.

We share information only with the following categories of service providers, strictly to operate this website:

Category of provider	Purpose	Data location
Cloud hosting & infrastructure	Hosts the site, stores waitlist submissions, runs the contact-form endpoint, and holds our API credentials securely.	United States
Transactional email service	Delivers internal notification emails to us when you submit a form. Your email is included as the "reply-to" address so we can respond.	United States

We do not sell, rent, or trade your information to any third party. We do not share with advertisers, data brokers, or marketing platforms.

If we are ever required to disclose information by court order, subpoena, or other legal process, we will comply only as required and will notify you where lawful.

06. Legal basis (EU / UK residents)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your information under the following bases of the GDPR / UK GDPR:

Consent (Art. 6(1)(a)) — you voluntarily submit the form. You can withdraw consent at any time (see §08 Your rights).
Legitimate interests (Art. 6(1)(f)) — operating the waitlist, preventing abuse, and contacting people who have asked about our product.

07. How long we keep it

We retain your submission:

Until you ask us to delete it, or
For up to 24 months after our last meaningful contact with you (whichever comes first).

Server access logs (raw IPs, user-agents) are retained for up to 90 days for security and abuse prevention, then deleted.

08. Your rights

No matter where you live, you may request:

Access — a copy of the information we hold about you.
Correction — we will fix anything that is wrong.
Deletion — we will remove your submission from our database.
Portability — a machine-readable copy (JSON) of your submission.
Opt-out — stop receiving any future communication from us.

If you are in the EU/UK, you also have the right to object to processing and to restrict processing in certain cases. You may lodge a complaint with your local data-protection authority; we will cooperate with their investigations.

If you are a California resident under the CCPA/CPRA, you have rights of access, deletion, correction, and to know how your information is used. We do not "sell" or "share" personal information as those terms are defined under California law.

To exercise any right, email [email protected] from the address you used to submit the form. We will respond within 30 days.

09. Cookies & local storage

We do not use tracking cookies. We use two forms of client-side storage, both of which are strictly essential to the waitlist function:

localStorage — if your form submission cannot reach our server (offline, firewall, outage), the submission is queued locally in your browser so you are not asked to resubmit. This queue stays on your device and is never read by us unless it is eventually submitted via the form endpoint.
Session cookies set by our hosting provider's CDN for caching and basic bot protection. These do not track you across sites.

No consent banner is shown because we do not set any cookies or storage that require consent under ePrivacy / GDPR.

10. International data transfers

Our servers and service providers are located in the United States. If you submit information from outside the US, it will be transferred to and processed in the US.

We rely on Standard Contractual Clauses (SCCs) with our US-based service providers to safeguard transfers from the EEA, UK, and Switzerland.

11. Security

We apply the following safeguards:

All traffic to and from mach4.dev is encrypted in transit with TLS 1.2+.
Submissions are stored in a managed database with "deny-all" client access rules; only our server-side backend can read or write.
API keys and secrets are held in a managed secret-management service. No secrets live on disk.
Access to our infrastructure is limited to named administrators using two-factor authentication.

No system is perfectly secure. If we ever become aware of a breach affecting your information, we will notify you without undue delay.

12. Children

Mach4.dev is not directed to children under 16. We do not knowingly collect information from children under 16. If you believe a child has submitted information to us, email [email protected] and we will delete it.

13. Changes to this policy

If we make material changes to this policy — for example, adding a new category of data we collect, or a new service provider — we will notify waitlist members by email and post a notice on the landing page.

Non-material changes (clarifications, typo fixes) will simply update the "Last updated" date above. You can compare versions by requesting historical copies from us.

14. Contact

Privacy questions, rights requests, or complaints:

[email protected]