Legal

Privacy Policy

Information about the processing of personal data under Articles 13 and 14 GDPR.

Controller

Simon Tautz

Albert-Roßhaupterstraße 70

81369 Munich, Germany

Email: Simon.Tautz@web.de

Purposes and legal bases

  • Providing the website and the authenticated application area under Article 6(1)(b) and (f) GDPR.
  • Operating sign-in, workspace access control, and security logging under Article 6(1)(b), (c), and (f) GDPR.
  • Handling subscriptions and billing under Article 6(1)(b) and (c) GDPR.
  • Processing connected account metadata, chat metadata, and synchronized message content on user instruction under Article 6(1)(b) and (f) GDPR.

Service providers

  • Vercel for hosting, edge delivery, and operational logs.
  • Supabase for authentication, database storage, and session management.
  • Stripe for subscription checkout, invoicing, and payment handling.
  • Connected account and messaging infrastructure providers when a workspace owner authorizes account access.

Cookies and similar technologies

The site currently uses only technically necessary cookies or equivalent local storage entries for authentication, session security, and recording that the privacy notice was shown. No marketing or analytics cookies are enabled by default.

Categories of data

  • Account data such as email address, workspace membership, and authentication status.
  • Billing data such as customer, subscription, and invoice-related identifiers.
  • Operational data such as IP-derived server logs, audit events, webhook events, and security metadata.
  • Connected account data, chat data, and message content synchronized into the product cache.

Retention

Personal data is retained only for as long as necessary for the contractual relationship, legal retention obligations, security purposes, and the operation of the workspace. Billing and accounting records may be stored longer where tax or commercial law requires this.

International transfers

If processors or sub-processors handle data outside the EEA, transfers take place only on the basis of the mechanisms permitted by Articles 44 et seq. GDPR, in particular adequacy decisions or standard contractual clauses where required.

Your rights

  • Right of access, rectification, erasure, restriction of processing, and data portability.
  • Right to object to processing based on Article 6(1)(f) GDPR.
  • Right to withdraw a consent previously granted for future processing.
  • Right to lodge a complaint with a supervisory authority.

No automated decision-making

The service does not use automated decision-making within the meaning of Article 22 GDPR.