Privacy Policy

1. Privacy at a Glance

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

1. Data Controller

2. Data Collection on This Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• IP address
• Date and time of the request
• Request URL
• Referrer URL

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

This data is collected to ensure the smooth operation of the website and to improve our offering. This data is not merged with other data sources.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is usually the case after 7 days.

3. Hosting and Infrastructure

This website and our API services are hosted by the following providers:

Hetzner Online GmbH

DataCrunch (AI Inference)

OVHcloud (Infrastructure)

The use of these hosting services is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient operation). Data processing agreements have been concluded with all providers in accordance with Art. 28 GDPR.

Payment Processing with Mollie

We work with Mollie as an external payment service provider to process transactions securely and efficiently.

Mollie B.V.

Mollie B.V., a payment institution licensed in the Netherlands, processes your payment on our behalf as required to complete the transaction.

Privacy Policy: https://www.mollie.com/privacy

Categories of data transmitted to Mollie

• Contact and identification details that you provide for the payment (for example name and email address).
• Payment-specific information such as the order reference, selected payment method, amount, and payment status as required by Mollie's payment processing workflow.
• Technical redirect and confirmation data (for example redirect URLs or tokens) so we can confirm that Mollie completed the payment.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Further details about Mollie's processing activities can be found in their Connect for Platforms documentation. https://docs.mollie.com/docs/mollie-connect-for-platforms

We retain payment-related data for the duration of statutory retention periods and delete it once these obligations expire.

4. Authentication and User Management

For authentication and user management, we use Keycloak, an open-source solution that we operate ourselves.

The following data is processed:

• Email address
• Username
• Password (encrypted)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

The data is stored as long as your user account exists and is then deleted in accordance with legal retention periods.

5. Web Analytics (Plausible)

We use Plausible Analytics for privacy-friendly web analytics. Plausible is an EU-owned, open-source analytics tool based in Estonia that does not use cookies and does not collect personal data. All data is processed exclusively within the European Union.

Plausible Insights OÜ (Estonia, EU)

Plausible Insights OÜ is an EU company registered and operated in Estonia. It provides cookieless web analytics that are fully compliant with GDPR, CCPA, and PECR without requiring cookie consent. All data is stored on EU-owned infrastructure.

Privacy Policy: https://plausible.io/data-policy

Data collected by Plausible

• Page URL and referrer
• Referral source
• Browser type (without version or plugins)
• Operating system (without version)
• Country of origin (from IP address, which is discarded after lookup)

Plausible does not use cookies, does not generate persistent identifiers, and does not track users across sites or sessions. All data is aggregated and no individual user can be identified.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in understanding website usage without compromising user privacy)

6. Email Delivery (Lettermint)

We use Lettermint as our email delivery provider for transactional emails such as booking confirmations, calendar invitations, and account notifications. Lettermint is an EU company based in the Netherlands, and all email data is processed and stored exclusively within the European Union.

Lettermint B.V. (Netherlands, EU)

Lettermint B.V. is a Dutch company based in Zwolle, Netherlands. It provides SMTP relay and email delivery services with all infrastructure hosted within the EU. Emails are sent through their European infrastructure on our behalf.

Privacy Policy: https://lettermint.co/privacy-policy

Data transmitted to Lettermint

• Recipient email address
• Email subject line
• Email body content (booking details, calendar data, notifications)
• Technical delivery metadata (timestamps, delivery status)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Email delivery logs are retained by Lettermint for the duration necessary to ensure delivery and troubleshoot issues, then deleted.

7. Error Tracking (Bugsink)

We use Bugsink, a self-hosted error tracking service, to monitor application errors and improve service reliability. Bugsink runs entirely on our own EU infrastructure — no data leaves the European Union.

Bugsink (self-hosted, EU)

Bugsink is self-hosted on our own servers in Germany (EU). No data is shared with third parties, and all error tracking data remains within the European Union at all times.

Data collected for error tracking

• Error messages and exception types
• Stack traces and source code references
• Browser type and version, operating system
• URL where the error occurred

Error reports are automatically stripped of personally identifiable information where possible. The primary purpose is to capture technical diagnostic data, not user data.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in maintaining service stability and fixing errors)

Error reports are retained for up to 90 days and then automatically deleted.

8. Your Rights

You have the following rights regarding your personal data:

• Right of access: You have the right to request information about your personal data processed by us.
• Right to rectification: You have the right to request the immediate correction of incorrect or completion of your personal data stored by us.
• Right to erasure: You have the right to request the deletion of your personal data stored by us, unless further processing is necessary.
• Right to restriction of processing: You have the right to request the restriction of the processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format.
• Right to object: You have the right to object to the processing of your personal data at any time.

9. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

10. Data Security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when visiting the website. We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.

11. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. Your next visit will then be subject to the new privacy policy.