Privacy Notice

This privacy notice explains which personal data PflichtPilot processes, for which purposes this is done, and which rights you have as a data subject. PflichtPilot allows creating and documenting obligations and uploading record files.

Andreas Fetscher

Sauggarter Str. 33

88524 Uttenweiler

Germany

PflichtPilot processes personal data to provide the application, in particular for account operation, creating and managing obligations, record uploads, and sending required emails (for example login links).

Typical legal bases are Art. 6(1)(b) GDPR (contract performance / pre-contractual steps) and Art. 6(1)(f) GDPR (legitimate interests, for example operation and service security). Separate consent is requested where required.

Account data

Email address, login session token, and profile information (for example Pro status).

Obligations

Title, description, due date, risk, archive marker, and related metadata.

Record uploads

Uploaded files (photos, PDFs, screenshots), file name, upload timestamp, and optional metadata entered by the user.

Log data

Connection data (for example IP address), timestamps, and user agent for security and analysis purposes in pseudonymized form.

Payment-related data

Only where required: payment confirmations and transaction references handled by your payment provider. PflichtPilot does not store complete card data.

PflichtPilot uses technical service providers to operate the service. Current partners include:

Supabase

Database, authentication, and object storage (files).

Brevo (Sendinblue SAS)

Delivery of login magic-links, transactional system emails (account confirmation, notices), and the evidence-package template. Provider: Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France. Only the fields required for delivery (email address, language, occasion) are transmitted. Legal basis: Art. 6 (1) (b) GDPR (contract / pre-contractual measures) or (f) (legitimate interest in a reliable login flow). Data processing agreement under Art. 28 GDPR. Brevo privacy policy: brevo.com/legal/privacypolicy.

Hosting provider (Netcup)

The public website is hosted by netcup GmbH (Daimlerstraße 25, 76185 Karlsruhe, Germany). Technical access data (IP address, timestamp, requested resource, user agent) may be recorded in server logs. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in availability and security). Data processing agreement under Art. 28 GDPR. Netcup privacy policy: netcup.com/en/contact/data-protection-statement.

Cloudflare

PflichtPilot uses services provided by Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) as a CDN (Content Delivery Network), DDoS protection layer, and reverse proxy. Technical access data (in particular IP address, HTTP headers, timestamps) may be processed by Cloudflare before requests reach the hosting server. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the availability and security of the service). For transfers to the USA, Cloudflare relies on Standard Contractual Clauses (SCC) under Art. 46 GDPR. Cloudflare privacy policy: cloudflare.com/privacypolicy.

Stripe (payment processing)

For processing paid subscriptions and one-time payments, PflichtPilot uses Stripe Payments Europe, Limited (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). When you purchase a paid plan, your payment data (card information, bank details, name, billing address, VAT-ID if applicable, email) is transmitted directly to Stripe and processed there. Legal basis is Art. 6(1)(b) GDPR (contract execution) and Art. 6(1)(f) GDPR (fraud prevention). Stripe acts as an independent controller for payment processing; PflichtPilot only receives status information from Stripe (payment success/failure, subscription status). For data transfers outside the EU, Stripe relies on Standard Contractual Clauses (SCC) under Art. 46 GDPR. Stripe privacy policy: stripe.com/en/privacy.

Data processing agreements according to Art. 28 GDPR are in place with processors where required.

Personal data is stored only as long as necessary for stated purposes or required by legal retention periods. Uploaded files are stored in object storage. When the related record is deleted, storage cleanup is initiated automatically; in rare technical edge cases a follow-up cleanup may be required.

Regular backups are created. Backup copies may be retained for a limited period for restoration purposes.

The table below summarises storage duration per data category. The specific purpose and legal basis described in section 5 prevail in individual cases; the table serves as orientation.

Statutory rights of deletion, restriction, and objection under Art. 15 ff. GDPR remain unaffected. The product's "archiving" logic applies only within an active account and does not restrict these rights.

Archiving in the product means: within an active account, completed obligation iterations are not hidden but kept visible as part of the history. This way, existing records, gaps, and timestamps remain traceable. It is purely product and display logic — not a legal or revision-safe archive in the sense of separate trust services.

Statutory rights of deletion, restriction, and objection under the GDPR remain unaffected. When an account is deleted we delete or anonymise personal application data according to our deletion logic (see section 5a). Data we need to retain for statutory reasons, billing, security, or legal defence is stored only for the period required in each case.

Before deleting an account, users should export their records. After deletion the hosted evidence structure, including verify links, cannot be restored.

When an account is deleted, the connection to the payment provider Stripe is dissolved alongside the cleanup of application data: an active subscription is first cancelled and the customer object held in Stripe (Customer ID) is then deleted via the Stripe API. Both steps run as best-effort within the same deletion operation; the outcome of each sub-step is logged.

Stripe itself, as an independent payment service provider, is subject to statutory retention requirements. Invoices already issued and the related payment master data remain stored with Stripe for the legally mandated period (typically ten years under § 147 AO; legal basis Art. 6 (1) (c) GDPR). This retention lies outside PflichtPilot's sphere of influence and is part of the contractual relationship between Stripe and the customer regarding payment processing.

If the customer deletion at Stripe is technically not possible (for example with an open balance or a temporary API error), the event is recorded in the deletion log. The link between the PflichtPilot account and the Stripe customer is removed locally in that case; the master data at Stripe can be removed on request directly via Stripe's customer portal or Stripe support.

PflichtPilot uses necessary cookies for session handling (login).

For anonymous reach measurement on public pages (marketing, knowledge articles, pricing, roadmap, manifest, and the legal pages — imprint, terms, and this privacy notice) we use Plausible Analytics — a privacy-friendly, EU-hosted analytics solution that sets no cookies, collects no personal data, and stores no device identifiers. Only aggregated metrics (page views, referrer, country, browser type) are recorded, with no link back to individuals. No consent banner is required under § 25 (2) TTDSG. Provider: Plausible Insights OÜ, Tallinn, Estonia (data policy). Reach measurement is not performed inside the app area (/app/).

Technical and organizational measures are applied to protect personal data against accidental loss, unauthorized access, and misuse. These include access restrictions, encrypted transmission (TLS), and limited access rights.

You have rights of access, rectification, deletion, restriction of processing, and data portability. You may revoke consent at any time and object to processing where legally provided.

To exercise your rights, please contact the privacy contact below.

For privacy questions, please contact:

[email protected]