Your data belongs to you.

Not to me. Not to a third-party warehouse. Not to any AI vendor. When our engagement ends, you get every row. This page exists to say that in plain language, and to list exactly what Dandelion collects, why, and how to get it back or delete it.

Last updated 2026-04-18

What this page covers

Two distinct categories of data. The policies are different for each, because the contexts are different.

• Marketing data is what happens when you visit dandelion.build, submit an intake form, or email me.
• Client data is what I touch when I’m building or running infrastructure for you under a signed engagement.

Marketing data

What we collect on the site

Cloudflare Web Analytics runs on every page. It records anonymous page views, referrer, and country. No cookies, no cross-site tracking, no personal identifiers. We do this because we need to know which pages work and which don’t. Cloudflare holds this data for 6 months and then drops it.

What we collect from the intake form

Everything you type into the intake: your name, email, company, website, industry, revenue band, stack, and your free-text answers. Your IP and user-agent are also recorded with the submission (standard, used only for abuse detection, never sold).

Where that data goes

Three places:

• My inbox, via Resend (email delivery provider). Resend holds the message for operational reasons (bounce handling, delivery logs) and deletes it per their retention schedule. Resend will not use your content for anything other than delivering the email.
• Cloudflare Pages logs (the platform hosting this site). Logs are retained per Cloudflare’s standard schedule (weeks to months, never indefinitely) and used only for debugging delivery issues.
• Nowhere else. Your intake is never shared, sold, syndicated, or fed into a model.

How to get your data removed

Email dan@dandelion.build with the word “delete” and the email address you used. I remove the submission from my inbox and ask Resend to purge it. Confirmation within 48 hours.

Client data (under engagement)

The philosophy here is simple. Your data is the currency of your business going forward. You own it. You always own it.

Where your data lives

On infrastructure you own and pay for. Dandelion does not store client data on its own systems. When we build your unified database, it goes on a Postgres instance you own (typically Supabase or Neon, on your billing). Your Cloudflare, Resend, Stripe, or other integrations are on your accounts, not mine. You hold the root credentials throughout.

What access I have during the engagement

Whatever you grant me, and only what you grant me. Typically a named admin user on the shared systems we need to touch. I never ask for root on anything I don’t need. Access logs are available to you at any time. When the engagement ends, you revoke my access and I don’t have a copy of anything.

What I do not do

• I do not train AI models on your data. Full stop.
• I do not share your data with other clients. Your playbook stays yours.
• I do not keep a copy after the engagement ends.
• I do not sell, rent, syndicate, or bulk-export client data to anyone for any reason.

Subprocessors (the tools that touch client data)

I’m a solo operator using standard infrastructure. The categories of tools that may touch your data during a build:

• Cloud database (your account: Supabase, Neon, or equivalent)
• Cloud compute (your account: Cloudflare Workers, Cloud Run, or equivalent)
• ETL / ingestion tools (your account: Fivetran, or custom Python on your compute)
• AI APIs (your account: Anthropic, OpenAI; only for query layers and agents if you want them, with explicit scope)
• Source control (GitHub, in repos you own)

All of these operate on your accounts, on your billing, under your terms. I’m a named collaborator, not a data custodian.

Contact

Questions, data requests, anything: dan@dandelion.build. Humans answer humans here.