Privacy policy

1. Controller

The controller within the meaning of the GDPR is:

2. Principles of data processing

We process personal data only in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). Data is collected only to the extent necessary to provide our services.

3. Data collected & purpose

3.1 Registration & account

When you register, we collect your name and email address. This data is required to provide your user account and for authentication. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.2 Usage data (time tracking)

When you use the application, data you enter (customers, projects, tasks, time entries) is stored. This data is used solely to provide the functionality. Legal basis: Art. 6(1)(b) GDPR.

3.3 Server log files

When you access our application, technical access data (IP address, browser type, time) is automatically recorded in the server log. This data is used only to ensure operation and for error analysis and is deleted after 7 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

4. Services & third-party providers

4.1 Supabase

We use Supabase (Supabase Inc., 970 Trestle Glen Rd, Oakland, CA 94610, USA) for database, authentication, and data storage. Data is stored on EU servers (Frankfurt, Germany). Supabase is a certified processor under Art. 28 GDPR. Privacy policy: supabase.com/privacy

4.2 Hetzner Online

The application is hosted by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. Hetzner processes technical connection data in this context. A data processing agreement (DPA) under Art. 28 GDPR is in place. Privacy policy: hetzner.com/legal/privacy-policy

4.3 Google Search Console

We use Google Search Console (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyse how our web presence appears in Google Search. No personal data of app users is transmitted to Google in this process—it is a webmaster-only tool. Privacy policy: policies.google.com/privacy

5. Cookies

The application uses only technically necessary cookies (session tokens for authentication). These cookies are strictly required for the application to function and cannot be disabled. No tracking or advertising cookies are used. Legal basis: Art. 6(1)(b) GDPR and Section 165(3) of the Austrian TKG 2021.

6. Retention

Personal data is deleted once the purpose of processing no longer applies. Account data is removed promptly after the user account is deleted. Statutory retention obligations (e.g. 7 years under the Austrian Commercial Code, UGB) remain unaffected.

7. Your rights

You have the following rights regarding your personal data:

• Access – Art. 15 GDPR: which data we store about you
• Rectification – Art. 16 GDPR: correction of inaccurate data
• Erasure – Art. 17 GDPR: deletion of your data
• Restriction – Art. 18 GDPR: restriction of processing
• Data portability – Art. 20 GDPR: receive your data in a machine-readable format
• Objection – Art. 21 GDPR: object to processing

To exercise your rights, contact: tino.schlenker@outlook.com

8. Right to lodge a complaint

You have the right to lodge a complaint with the Austrian data protection authority:

Austrian Data Protection Authority Barichgasse 40–42, 1030 Vienna

www.dsb.gv.at

9. Changes to this privacy policy

We may update this privacy policy when the application or the legal situation changes. The current version is always available on this page. We recommend checking this page regularly.