Privacy Policy
1. What we process & why
| Data | Purpose | Legal basis |
|---|---|---|
| Account data (name, email, password hash) | Account, support, service notices | Art. 6(1)(b) GDPR — contract |
| Order & invoice data | Billing, tax records | Art. 6(1)(b), (c) — contract, legal obligation |
| Payment data | Processed by Stripe; full card data never reaches our servers | Art. 6(1)(b) |
| Technical logs (IP addresses, timestamps) | Security, abuse prevention, debugging; kept ~30 days | Art. 6(1)(f) — legitimate interest |
| Domain registrant data | Forwarded to the registrar/registry as required by ICANN/registry policy | Art. 6(1)(b) |
| Support communication | Handling your requests | Art. 6(1)(b), (f) |
Content you store on your services is yours; we access it only as technically necessary (e.g. backups, abuse handling) or as legally required.
2. Recipients / processors
- Stripe (payments), Cloudflare (DNS, proxy, inbound mail routing), Porkbun (domain registrations), Hetzner Online GmbH (DE datacenter), US datacenter providers for our Dallas and North Carolina nodes, Google (support mailbox).
- Transfers to the USA rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses where applicable.
3. Retention
Account data for the life of the account; invoices for statutory periods (up to 10 years, German tax law); logs ~30 days; service data is permanently deleted within 7 days of service termination (see Terms §7).
4. Cookies
Only technically necessary session cookies (login, cart). No third-party advertising or tracking cookies.
5. Your rights
You have the right to access, rectification, erasure, restriction, data portability and objection (Art. 15–21 GDPR), and to lodge a complaint with a supervisory authority. Contact [email protected] — we answer within one month.
6. Business customers
A data-processing agreement (Art. 28 GDPR) for content you process on our infrastructure is available on request.