Skip to content
GRBL Server
Create account

Privacy & Cookie Policy

Last updated: May 22, 2026

This policy explains what personal data is collected when you use this website (grblserver.com), why it is collected, and the choices you have. It is written to comply with the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive ("cookie law").

Who is responsible for your data

GRBL Server is an independent project run by George Domingo Herrezuelo, who acts as the data controller. If you have any questions about this policy or want to exercise your rights, please use the contact form.

What data we collect

  • Account data — when you register, we store your name, email address and a securely hashed password. We never store your password in plain text.
  • License & device data — to operate the service we store your license status and the devices you connect to your account (device name and a last-seen timestamp).
  • Contact submissions — if you use the contact/feedback form, we keep the message and any name or email you provide so we can reply.
  • Analytics data — only if you accept analytics cookies, Google Analytics collects aggregated, pseudonymous information such as the pages you visit, approximate location (country/region), and your device and browser type. Google Analytics 4 does not store your full IP address. We also use Microsoft Clarity, which records pseudonymous information about how you interact with pages — such as clicks, scrolling and mouse movement — to build aggregated heatmaps and session replays. Clarity masks page text and anything you type into forms by default, so it does not capture your input content.
  • Security & anti-abuse data — on the sign-in, registration, password-reset and contact forms we use Cloudflare Turnstile to tell humans and bots apart. Your browser loads a script from challenges.cloudflare.com and Cloudflare may process technical signals (such as your IP address and browser characteristics) to do this. It is strictly necessary to protect the site, does not set advertising cookies, and is not used to track you across other websites.

Cookies and similar technologies

We do not load any non-essential cookies until you choose "Accept" on the cookie banner. You can change your choice at any time using the "Cookie settings" link in the footer, or by clearing this site's data in your browser.

Name Purpose Type Consent
grbl_server_web_session Keeps you signed in and protects forms against CSRF. Strictly necessary Not required
XSRF-TOKEN Security token that protects against cross-site request forgery. Strictly necessary Not required
grbl-cookie-consent Remembers your cookie choice. Stored in your browser's local storage, not sent to any server. Functional Not required
_ga, _ga_* Google Analytics — distinguishes visitors and measures site usage. Analytics Only after you accept
_clck, _clsk, CLID (and related cookies set by Microsoft) Microsoft Clarity — measures how the site is used through aggregated heatmaps and session replays. Analytics Only after you accept
cf_clearance (Cloudflare — may not always be set) Set by Cloudflare Turnstile to confirm a bot-protection challenge was passed when you submit a form. Strictly necessary Not required

Legal bases for processing

  • Performance of a contract — to create and run your account, license and devices.
  • Consent — for analytics cookies. You can withdraw consent at any time.
  • Legitimate interests — to keep the site secure, including bot and abuse protection on our forms, and to respond to messages you send us.
  • Legal obligation — where we must keep certain records by law.

Analytics and your consent

Google Analytics and Microsoft Clarity are only loaded in your browser after you accept analytics cookies. If you reject them, or simply ignore the banner, no analytics scripts or cookies are loaded. We use Google Consent Mode and do not enable Google advertising or personalization features, and Microsoft Clarity masks page text and form input by default.

Sharing and international transfers

If you consent to analytics, data is processed by Google and Microsoft as our processors and may be transferred to servers outside the European Economic Area, including the United States. Such transfers rely on the EU–US Data Privacy Framework and the European Commission's Standard Contractual Clauses. Cloudflare, Inc. also acts as a processor for our form bot-protection (Turnstile) and may process limited technical data outside the EEA under the European Commission's Standard Contractual Clauses. We do not sell your personal data.

How long we keep your data

Account, license and device data is kept for as long as your account is active. Contact messages are kept only as long as needed to handle your request. Analytics data is retained according to the retention period configured in Google Analytics.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent for analytics at any time;
  • lodge a complaint with your local data protection supervisory authority.

You can delete your account and its associated data at any time from your profile page, or contact us for help.

Changes to this policy

We may update this policy as the project evolves. When we do, we will revise the "last updated" date at the top of this page.