Privacy Notice

Andreas Fetscher

Sauggarter Str. 33

88524 Uttenweiler

Germany

PflichtPilot processes personal data to provide the application, in particular for account operation, creating and managing duties, proof uploads, and sending required emails (for example login links).

Typical legal bases are Art. 6(1)(b) GDPR (contract performance / pre-contractual steps) and Art. 6(1)(f) GDPR (legitimate interests, for example operation and service security). Separate consent is requested where required.

• Account data

Email address, login session token, and profile information (for example Pro status).

• Duties

Title, description, due date, risk, archive marker, and related metadata.

• Proof uploads

Uploaded files (photos, PDFs, screenshots), file name, upload timestamp, and optional metadata entered by the user.

• Log data

Connection data (for example IP address), timestamps, and user agent for security and analysis purposes in pseudonymized form.

• Payment-related data

Only where required: payment confirmations/transaction references handled by your payment provider. PflichtPilot does not store complete card data.

PflichtPilot uses technical service providers to operate the service. Current partners include:

• Supabase

Database, authentication, and object storage (files).

• Resend

Sending login emails and system notifications.

• Hosting provider

Application hosting, webspace operations, and backups.

• Cloudflare

PflichtPilot uses services provided by Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) as a CDN (Content Delivery Network), DDoS protection layer, and reverse proxy. Technical access data (in particular IP address, HTTP headers, timestamps) may be processed by Cloudflare before requests reach the hosting server. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the availability and security of the service). For transfers to the USA, Cloudflare relies on Standard Contractual Clauses (SCC) under Art. 46 GDPR. Cloudflare privacy policy: cloudflare.com/privacypolicy.

Data processing agreements according to Art. 28 GDPR are in place with processors where required.

Personal data is stored only as long as necessary for stated purposes or required by legal retention periods. Uploaded files are stored in object storage and removed together with related records where applicable.

Regular backups are created. Backup copies may be retained for a limited period for restoration purposes.

PflichtPilot uses necessary cookies for session handling (login). No optional tracking tools with personal data are currently used. If optional tracking features are introduced, this will be communicated transparently and consent will be obtained where required.

Technical and organizational measures are applied to protect personal data against accidental loss, unauthorized access, and misuse.

You have rights of access, rectification, deletion, restriction of processing, and data portability. You may revoke consent at any time and object to processing where legally provided.

For privacy questions, contact:

[email protected]