Privacy Policy

Last updated: [To be completed]

1. Data Controller

[To be completed — Company name] [To be completed — Address] [To be completed — Registration number] This policy describes how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data Collected

Account data: name, email address, password (hashed and salted — never stored in plain text).
Session data: IP address and user agent (collected automatically during authentication).

3. Legal Basis for Processing

Performance of a contract (Art. 6.1.b GDPR): creating and managing your user account, authentication.
Legitimate interest (Art. 6.1.f GDPR): error tracking via Sentry to ensure service stability and security.

4. Cookies and Local Storage

We only use cookies and local storage that are strictly necessary for the service to function. No consent is required for these items (ePrivacy Directive, Art. 5.3).

Name	Type	Purpose	Duration
better-auth.session_token	Cookie	Authentication and session management	7 days
sidebar:state	localStorage	Remember sidebar state (open/closed)	Persistent
theme	localStorage	Remember theme preference (light/dark/system)	Persistent

No third-party cookies, no advertising cookies, no tracking cookies.

5. Error Tracking (Sentry)

We use Sentry to detect and fix technical errors. Sentry does not set any cookies. Personal information (email addresses, IP addresses) is automatically masked before transmission through our PII scrubbing system. Data is anonymized and retained for a maximum of 30 days. Legal basis: legitimate interest (Art. 6.1.f GDPR) — maintaining a stable and secure service.

6. Data Retention

Authentication sessions: 7 days (automatically renewed). Account data: retained until you delete your account. Sentry error logs: 30 days maximum. Local preferences (theme, sidebar): until manually cleared by the user.

7. Your Rights

Under the GDPR (Articles 15 to 22), you have the following rights:

Right of access: obtain a copy of your personal data.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure: request deletion of your data.
Right to restriction: restrict the processing of your data.
Right to data portability: receive your data in a structured format.
Right to object: object to processing based on legitimate interest.

8. Contact

To exercise your rights or for any questions about the protection of your data, contact us: [To be completed — DPO or data controller email] You also have the right to lodge a complaint with your local data protection authority.

4. Cookies and Local Storage

We only use cookies and local storage that are strictly necessary for the service to function. No consent is required for these items (ePrivacy Directive, Art. 5.3).

Name	Type	Purpose	Duration
better-auth.session_token	Cookie	Authentication and session management	7 days
sidebar:state	localStorage	Remember sidebar state (open/closed)	Persistent
theme	localStorage	Remember theme preference (light/dark/system)	Persistent

No third-party cookies, no advertising cookies, no tracking cookies.

5. Error Tracking (Sentry)

7. Your Rights

Under the GDPR (Articles 15 to 22), you have the following rights:

Right of access: obtain a copy of your personal data.

Right to rectification: correct inaccurate or incomplete data.

Right to erasure: request deletion of your data.

Right to restriction: restrict the processing of your data.

Right to data portability: receive your data in a structured format.

Right to object: object to processing based on legitimate interest.