Privacy Policy

1. Introduction

I am committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This Privacy Policy explains how I collect, use, and protect your personal data.

2. Collection of Personal Data

I collect the following personal data: * Email address and password when you register for an account. * Payment information when you subscribe to the Paid Plan. * Usage data, such as the number of sticky notes created and accessed. * IP address and browser type (for security and analytics purposes).

3. Lawful Basis for Processing

I process your personal data on the following lawful bases: * Consent: You provide your consent when you register for an account and agree to these ToS. * Legitimate Interest: I have a legitimate interest in processing your personal data to provide and improve the Service.

4. Use of Personal Data

I use your personal data to: * Provide and improve the Service. * Process payments for the Paid Plan. * Send you newsletters and marketing emails (if you opt-in). * Analyze usage data to improve the Service.

5. Data Storage and Security

I store your personal data on my home server and backup on Hetzner. I use Cloudflare to provide additional security and protection for your data. I implement the following security measures: * Encryption of your password in transit and at rest. * Access controls and authentication mechanisms. * Regular backups and disaster recovery procedures.

6. Data Retention

I will retain your personal data for as long as you have an active account, and for a reasonable period thereafter. I will delete your personal data when: * You request deletion of your account. * Your account is inactive for a period of 2 years.

7. Data Sharing

I will not share your personal data with third parties, except: * With Polar.sh and Stripe for payment processing. * With law enforcement or other authorities if required by law. * With my subprocessors (e.g. Cloudflare, Hetzner) for the purpose of providing the Service.

8. Your Rights

You have the following rights: * Right to Access: You can access your personal data by logging into your account. * Right to Rectification: You can update your personal data by logging into your account. * Right to Erasure: You can request deletion of your account and personal data. * Right to Restriction of Processing: You can opt-out of marketing emails and analytics. * Work in Progress >> Right to Data Portability: You can export your sticky notes data in a machine-readable format. * Right to Object: You can object to the processing of your personal data for marketing purposes.

9. Data Protection Officer

There is no Data Protection Officer yet. So, I have appointed myself to oversee the data protection practices. You can contact me at [email protected].

10. Complaints

If you have a complaint about my data protection practices, you can contact me or the relevant supervisory authority.