Achtung

Diese Seite ist nur auf Englisch verfügbar. Wechsle zur englischen Version, um sie zu sehen.

Privacy Policy

1. Controller

Nils Haberkamp

Bernhardstraße 14A

48727 Billerbeck

Germany

Phone: +49 0163 4098848

Email: nils@contentos.app

The controller determines the purposes and means of the processing of personal data.

2. General Information on Data Processing

We process personal data only in accordance with the European General Data Protection Regulation (GDPR).

We do not use cookies, do not use tracking or analytics tools, do not embed third-party plugins, do not run a newsletter, and do not operate a contact form.

Personal data is processed only when necessary:

  • to provide our websites,
  • to operate our SaaS application,
  • to process payments,
  • or when you contact us directly via email.

3. Hosting

We operate two separate systems with different hosting providers.

3.1 Hosting of www.contentos.app (Marketing Website)

Our marketing website is hosted by:

Vercel Inc.

340 S Lemon Ave #4133

Walnut, CA 91789

USA

Data Processed

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Server log files

Server logs are essential for security and technical stability.

Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website provision)

International Transfers

Data may be transferred to the United States.

This occurs on the basis of Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR.

3.2 Hosting of app.contentos.app (SaaS Application)

Our SaaS product is hosted by:

Railway Corp.

548 Market St PMB 68956

San Francisco, California 94104

USA

Phone: (415) 707-7675

Website: https://railway.com

Email: privacy@railway.com

Railway provides servers, databases, background infrastructure, and operational services needed to run our SaaS application.

Data Processed

  • IP address
  • Technical usage data
  • Application logs
  • Your SaaS account data (e.g., email address)
  • Subscription-related usage data
  • Error logs (if they occur)

Railway may technically access stored data but processes it only according to our instructions (Data Processing Agreement).

Legal Basis

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(f) GDPR (legitimate interest in scalable and secure SaaS infrastructure)

International Transfers

Data may be processed in the United States.

Transfers rely on Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR.

4. Use of Our SaaS Application (app.contentos.app)

To use our SaaS product, users must create an account and purchase a subscription.

4.1 Account Registration

We process:

  • Email address
  • Password (securely hashed)
  • Technical usage information necessary to operate the application

Legal Basis

Art. 6(1)(b) GDPR (performance of a contract)

5. Payment Processing via polar.sh

Payment processing for subscriptions is handled by:

Polar Software Inc.

(Polar.sh - SaaS funding and payment platform)

Headquartered in the United States

Data Processed by Polar

  • Email address
  • Billing information
  • Transaction and subscription data
  • Payment method details (e.g., via Stripe – not stored by us)
  • IP address
  • Country and device information

We do not store full payment details such as credit card numbers.

Polar acts as an independent payment processor and processes data directly with you.

Legal Basis

Art. 6(1)(b) GDPR (fulfillment of a subscription contract)

International Transfers

Data may be processed in the United States.

Transfers rely on Standard Contractual Clauses (SCCs).

6. Social Media Links

Our marketing website includes simple hyperlinks to external social networks (Twitter/X and LinkedIn).

We do not use embedded social plugins and no data is transmitted automatically.

Only when you click a link will the respective provider receive data such as:

  • IP address
  • The page you came from (referrer)
  • Browser and device information
  • Login information, if you are already logged in to the service

Providers

  • Twitter International Unlimited Company
  • One Cumberland Place, Fenian Street, Dublin 2, Ireland
  • LinkedIn Ireland Unlimited Company
  • Wilton Plaza, Wilton Place, Dublin 2, Ireland

Please refer to the providers' privacy policies:

7. Contact via Email

If you contact us by email, we process:

  • Your email address
  • The content of your message
  • Additional data you provide voluntarily

Legal Basis

  • Art. 6(1)(b) GDPR (pre-contractual communication)
  • Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries)

8. No Cookies and No Tracking

We do not use:

  • cookies
  • tracking pixels
  • analytics or marketing tools
  • fingerprinting technologies
  • local storage for tracking

Your visit to our website remains anonymous except for minimal technical logs.

9. Storage Period

We store data only for as long as necessary:

  • Account data: until your account is deleted
  • Payment and billing data: retained as required by tax law (up to 10 years)
  • Server logs: regularly deleted (typically within 30 days)
  • Emails: until the inquiry is resolved
  • SaaS usage data: until deletion of the user account

10. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority

11. SSL/TLS Encryption

Both websites (www.contentos.app and app.contentos.app) use encryption (HTTPS).

This prevents your data from being read by third parties during transmission.

12. Changes to This Privacy Policy

We may update this privacy policy when necessary to reflect technical or legal developments.

The current version is always available on our websites.