SimpleAct Logo

Privacy Policy

Overview of processing activities, legal bases, subprocessors, retention periods, and contact details for privacy requests.

1. Controller

SimpleAct UG (haftungsbeschränkt)
Tannenstraße 2a, 45661 Recklinghausen, Deutschland
Email:

2. Data categories and purposes

  • Account data (name, email, role) to provide access and user administration.
  • Organization and compliance data for contract performance and platform operation.
  • Security and system logs (IP, request metadata) for security and troubleshooting.
  • Billing and subscription metadata for invoicing and payment processing.

Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (security and legitimate interests), and where applicable Art. 6(1)(a) GDPR (consent).

3. Processors / sub-processors

  • Hetzner Online GmbH (hosting)
  • Stripe (payment processing)
  • Supabase (database hosting, EU region)
  • Brevo (transactional email)
  • Discord (support communication, if used)

A data processing agreement (DPA) under Art. 28 GDPR is in place where required.

4. International data transfers

Where services from providers in third countries are used, transfers are based on applicable safeguards, in particular Standard Contractual Clauses (SCCs) and/or adequacy decisions.

5. Retention

  • Contract-related data: for contract term and statutory retention periods.
  • System/security logs: typically 30 to 90 days unless longer retention is required.
  • Backups: typically 30 days, then automatic deletion.

6. Data subject rights

You have rights under Art. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection) and the right to lodge a complaint with a supervisory authority.

For privacy requests, contact:

Version: April 2026

Back to homepage
Yannick Heisler

Yannick Heisler

Vertrieb · Persönliche Beratung

Datenschutzerklärung | SimpleAct | SimpleAct