Privacy Policy (GDPR)
1. Data controller
The data controller is [COMPANY_NAME], registered at [COMPANY_ADDRESS], company ID [COMPANY_ID]. Contact: [CONTACT_EMAIL].
2. What data we process
Account data: email, password (stored as a scrypt hash), name (optional), team role. Usage data: sessions, audit log of security-relevant actions, IP address, user agent. Feed data: product feeds you connect, processed to provide the Service.
3. Legal basis
Contract performance (Art. 6(1)(b) GDPR) for account and Service operation. Legitimate interest (Art. 6(1)(f)) for security logging and abuse prevention.
4. Retention
Account data is kept for the lifetime of your account. Audit log entries are kept up to 12 months. Feed data is kept while the feed exists in your workspace.
5. Recipients
Data is stored on our own servers hosted by Hetzner Online GmbH in the European Union. We do not sell data. Sub-processors (e.g. AI providers when you explicitly use AI enrichment) are engaged only on your request.
6. Your rights
Under GDPR you have the right to access, rectify, erase, restrict processing, port your data and object. Contact [CONTACT_EMAIL] to exercise any right. You may also complain to your national supervisory authority.
7. Cookies
See our Cookie Policy for details on cookies used by the Service.
8. Changes
We may update this policy. Material changes will be communicated at least 14 days in advance where feasible.