Skip to content
BUDPRN
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: 2026-02-25

This privacy policy explains how BUDPRN collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR/DSGVO) and other applicable data protection laws.

1. Data Controller

The controller responsible for data processing on this website is the operator of BUDPRN. For contact details, please refer to the Impressum (Legal Notice) page. For data protection inquiries, please contact us at privacy@example.com.

2. Data We Collect

We collect and process the following categories of personal data:

  • Account Data: Name, email address, and password when you create an account.
  • Usage Data: Information about how you interact with our service, including pages visited, features used, and timestamps.
  • Technical Data: IP address, browser type, operating system, device information, and referral URLs.
  • Payment Data: Billing address and payment method details, processed by our payment provider.
  • Communication Data: Messages you send to us via contact forms or email.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds (Art. 6 GDPR):

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services to you.
  • Legitimate Interests (Art. 6(1)(f)): Analytics, security, and service improvement.
  • Consent (Art. 6(1)(a)): Marketing communications and optional cookies.
  • Legal Obligation (Art. 6(1)(c)): Tax and accounting requirements.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your account and deleted within 30 days of account closure. Usage and technical data are retained for up to 12 months. Legal and tax records are retained for the statutory period (typically 6-10 years).

5. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Correct inaccurate personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data.
  • Right to Restriction (Art. 18): Restrict processing of your data.
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time.

To exercise your rights, contact us at privacy@example.com. You also have the right to lodge a complaint with a supervisory authority.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Hosting: Our application is hosted on infrastructure within the EU/EEA.
  • Authentication: Supabase Auth for secure user authentication.
  • Payment Processing: Stripe or Lemon Squeezy for payment handling.
  • Analytics: Privacy-focused analytics (if enabled).

All third-party processors are bound by data processing agreements (AVV/DPA) in compliance with Art. 28 GDPR.

7. International Data Transfers

Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or adequacy decisions.

8. Cookies

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security assessments.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through a notice on our website. The date of the last update is shown at the top of this page.