Privacy Policy

1. Controller

SimpleAct UG (haftungsbeschränkt)
Tannenstraße 2a, 45661 Recklinghausen, Deutschland
E-Mail: info@simpleact.de

2. Data categories and purposes

• Account data (name, email, role) to provide access and user administration.
• Organization and compliance data for contract performance and platform operation.
• Security and system logs (IP, request metadata) for security and troubleshooting.
• Billing and subscription metadata for invoicing and payment processing.

Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (security and legitimate interests), and where applicable Art. 6(1)(a) GDPR (consent).

3. Processors / sub-processors

• Hetzner Online GmbH (hosting)
• Stripe (payment processing)
• Supabase (database hosting, EU region)
• Brevo (transactional email)
• Discord (support communication, if used)

A data processing agreement (DPA) under Art. 28 GDPR is in place where required.

4. International data transfers

Where services from providers in third countries are used, transfers are based on applicable safeguards, in particular Standard Contractual Clauses (SCCs) and/or adequacy decisions.

5. Retention

• Contract-related data: for contract term and statutory retention periods.
• System/security logs: typically 30 to 90 days unless longer retention is required.
• Backups: typically 30 days, then automatic deletion.

6. Data subject rights

You have rights under Art. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection) and the right to lodge a complaint with a supervisory authority.