// privacy_policy

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is The AppStudio, Timo Leisengang, c/o COCENTER, Koppoldstr. 1, 86551 Aichach, Germany, Phone: +49 171 6892055, e-mail: dev@leisengang.online. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When You Visit Our Website

2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Vercel

For the hosting of our website and the display of the page content, we use the system of the following provider: Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA

All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.2 Cloudflare

We use a content delivery network offered by the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) point f GDPR. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorised disclosure to third parties.

3.3 Supabase (Database & Authentication)

For the storage of user data and authentication services, we use the platform of the following provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992

User account data (name, email address, authentication tokens) and all application data (projects, tasks, milestones, etc.) are stored on Supabase infrastructure hosted in the EU (AWS eu-west-1, Ireland). The processing is carried out for the performance of the contract pursuant to Art. 6 (1) point b GDPR. We have concluded a data processing agreement with the provider ensuring the protection of user data.

3.4 Resend (Transactional Email)

For sending transactional emails (account confirmations, team invitations, contact form submissions), we use the service of the following provider: Resend Inc., 2261 Market Street #4988, San Francisco, CA 94114, USA

When we send transactional emails, the recipient's email address and message content are transmitted to the provider. The processing is carried out for the performance of the contract pursuant to Art. 6 (1) point b GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) point f GDPR (contact form responses). No marketing emails are sent via this service.

4) Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device.

We only use cookies that are strictly necessary for the functioning of the website (authentication session cookies and session management cookies). No tracking, analytics, or advertising cookies are used.

Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contacting Us

When you contact us (e.g. via contact form or e-mail), personal data is collected. This data is stored and used exclusively for the purpose of responding to your request. The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. Your data will be deleted after final processing of your enquiry.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6 (1) point b GDPR, personal data will be collected and processed when opening a customer account. Deletion of your customer account is possible at any time via the account settings within the application. After deletion, your data will be deleted, provided no legal retention periods apply.

7) Processing of Data for Order Handling

7.1 Use of Payment Service Providers — Stripe

Online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Your payment data will only be passed on for the purpose of processing payment pursuant to Art. 6 (1) point b GDPR.

7.2 Electronic termination option for continuing obligations with consumers

Consumers who have concluded subscription contracts on this website have the option of terminating these contracts via an electronic button. The collection of personal data is carried out in accordance with Art. 6 (1) point b GDPR and Art. 6 (1) point c GDPR.

8) Site Functionalities

8.1 Google Sign-In

On our website we provide a single sign-on function offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland. Data may also be transferred to Google LLC, USA.

If you click the registration button, the provider will transmit your user ID, name, and e-mail address to us based on your express consent pursuant to Art. 6 (1) point a GDPR. The consent given can be revoked at any time.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework.

9) Rights of the Data Subject

The applicable data protection law grants you the following rights:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent pursuant to Art. 7 (3) GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

Right to Object: You have the right to object to data processing based on legitimate interest at any time. If you exercise this right, we will stop processing the data concerned.

10) Duration of Storage

Personal data is stored for the duration required by the respective legal basis, purpose, or retention period. Data processed on the basis of consent is stored until the consent is revoked. Data processed for contract performance is deleted after expiry of applicable retention periods.