Privacy Policy / Datenschutzerklärung
Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR/DSGVO).
Last updated: January 2026
1. Data Controller / Verantwortlicher
The data controller for this website is:
2. Data We Collect / Welche Daten wir erheben
2.1 Account Information
- Email address (required for login)
- Full name (optional, for email templates)
- Phone number (optional, for email templates)
- Address (optional, for email templates)
- Date of birth (optional, for email templates)
- Nationality (optional, for email templates)
2.2 Visa Application Data
- Visa type and renewal scenario
- Permit expiry date
- Application submission dates
- Case numbers (if provided)
- Document checklist status
2.3 Uploaded Documents
You may upload copies of documents (passport, contracts, etc.) for your own reference. These are stored encrypted and are only accessible to you.
2.4 Payment Information
Payments are processed by Polar.sh. We do not store your credit card or payment details. We receive only transaction confirmation and your email for account creation.
3. How We Use Your Data / Wie wir Ihre Daten verwenden
- Account management: To authenticate you and provide access to your dashboard
- Service delivery: To generate personalized checklists and email templates
- Email reminders: To send deadline reminders (you can disable these)
- Support: To respond to your inquiries
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share your documents with anyone
- Use AI to analyze your documents (no automated decision-making)
4. Legal Basis / Rechtsgrundlage
We process your data based on:
- Contract performance (Art. 6(1)(b) GDPR): To provide the service you purchased
- Consent (Art. 6(1)(a) GDPR): For optional email reminders (which you can withdraw anytime)
- Legal obligation (Art. 6(1)(c) GDPR): To comply with tax and accounting requirements
5. Data Storage / Datenspeicherung
Your data is stored on servers in the European Union (Frankfurt, Germany) via Supabase (our database provider). All data is encrypted at rest and in transit.
Retention periods:
- Account data: Until you delete your account
- Uploaded documents: Deleted 90 days after your renewal deadline, or upon your request
- Payment records: 7 years (legal requirement for tax purposes)
6. Your Rights / Ihre Rechte
Under GDPR, you have the right to:
Access
Request a copy of all data we hold about you
Rectification
Correct inaccurate data
Erasure
Request deletion of your data ("right to be forgotten")
Data portability
Receive your data in a machine-readable format
Withdraw consent
Opt out of email reminders at any time
Lodge a complaint
With your local data protection authority
To exercise these rights, contact us at: contact@permitracker.com
7. Cookies
We use only strictly necessary cookies for authentication. We do not use tracking cookies, analytics, or third-party advertising cookies.
8. Third-Party Services / Drittanbieter
| Service | Purpose | Data shared |
|---|---|---|
| Supabase (EU) | Database & file storage | All user data (encrypted) |
| Polar.sh | Payment processing | Email, payment info |
| Resend | Email delivery | Email address, message content |
| Railway | Website hosting | IP address, browser info (for security) |
9. Data Security / Datensicherheit
- All connections are encrypted via TLS/HTTPS
- Documents are stored encrypted at rest
- Database access is protected by Row Level Security (RLS)
- We do not share database credentials with any third party
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email.
11. Contact / Kontakt
For privacy-related questions:
Email: contact@permitracker.com