Privacy Policy

1. Controller Information

The controller responsible for data processing on this website is:

For detailed contact information, please see our Impressum.

2. Data Collection Overview

We collect and process the following categories of personal data:

• Account Information: Email address (required for registration)
• Billing Information: Name, company details, billing address (optional, for invoices)
• Payment Information: Processed and stored by our payment provider Mollie
• Technical Data: IP address (server logs), browser type, access times
• Service Data: Database instance metadata (type, name, configuration, location)
• Usage Data: Instance uptime, resource usage, performance metrics

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

• Contract Fulfillment (Art. 6(1)(b) GDPR): Processing necessary to provide managed backend infrastructure services
• Legitimate Interest (Art. 6(1)(f) GDPR): Fraud prevention, service monitoring, security
• Legal Obligation (Art. 6(1)(c) GDPR): Tax and accounting record retention

4. Purpose of Data Processing

We process your personal data for the following purposes:

• Account creation and user authentication
• Service provisioning (database instance deployment and management)
• Billing and payment processing
• Technical support and customer service
• Service monitoring, performance optimization, and security
• Legal compliance (invoicing, tax obligations)
• Communication about service updates and important notices

5. Data Storage and Location

All user account data remains within the European Union. We store your data in the following locations:

• User Account Data: PostgreSQL database hosted in Germany
• Database Instances: Hetzner datacenters in your selected location (Germany, Finland, United States, or Singapore)
• Application Server: Hosted in Germany
• Backups: EU-based storage systems

6. Third-Party Processors (Art. 28 GDPR)

We work with the following carefully selected third-party processors:

7. Data Retention Periods

We retain your data for the following periods:

• Account Data: Until account deletion + 30 days
• Invoices and Tax Records: 10 years (German tax law requirement)
• Database Instance Data: Until instance deletion
• Deleted Instance Metadata: 1 year (for billing dispute resolution)
• Server Logs: 90 days
• Backups: 30 days

8. Your Rights Under GDPR (Chapter III)

You have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data (except where legally required to retain)
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Restriction (Art. 18): Request limitation of processing under certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Data Security

We implement comprehensive security measures to protect your data:

• Encryption: HTTPS/TLS for all data transmission
• Password Security: BCrypt hashing for password storage
• Authentication: Secure cookie-based authentication
• Access Controls: Role-based access restrictions
• Monitoring: Real-time security monitoring and alerting
• Updates: Regular security patches and updates
• Isolation: Each database instance runs in an isolated environment

10. Cookies

We use essential cookies only that are strictly necessary for the platform to function:

We do not use tracking, analytics, or advertising cookies.

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that would have legal effects or similarly significantly affect you.

12. Data Breach Notification

In the event of a data breach that affects your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach. We will inform you about the nature of the breach, potential consequences, and measures taken to address it.

To report a suspected security issue, please contact: [email protected]

13. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to your registered email address for significant changes
• Displaying a prominent notice on the platform

Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

15. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe your rights under GDPR have been violated:

16. Contact for Privacy Matters

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at: