Protecting your personal data matters to us. This policy informs you in accordance with Art. 13 and 14 GDPR about which personal data we process when you use our website and the Claire application, for what purposes and on what legal basis. We only process the data needed to run the service.
The controller responsible for data processing within the meaning of the GDPR is:
Karsten Biedermann (sole proprietor), Herrmann-Meyer-Str. 43, 04207 Leipzig, Germany. Email: hello@weclaire.com.
Our website and application are hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. To deliver the site, Vercel processes technical connection data (e.g. IP address, time of access, content requested) on our behalf. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure, efficient delivery). A data processing agreement is in place.
For our database, user accounts/authentication and file storage we use Supabase Inc. (USA). Your account data and the content you create are stored and processed there. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). A data processing agreement is in place. Provider privacy policy: https://supabase.com/privacy.
We send service and notification emails (e.g. account confirmation, notifications you opt into) via Resend, Inc. (USA). Your email address and the relevant message content are processed for this purpose. The legal basis is Art. 6(1)(b) GDPR, or Art. 6(1)(a) GDPR for optional notifications. A data processing agreement is in place.
Account data: your name and email address provided at sign-up.
Content data: the boards, tasks, documents, messages and meeting notes you create.
Server log data: data transmitted automatically when accessing the service, such as IP address, date and time, and browser type.
You can optionally sign in with your Google account. In doing so we receive the data required for sign-in (name, email address) from Google. The legal basis is Art. 6(1)(b) GDPR. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We do not use tracking or marketing cookies and no web analytics. For basic functionality we store settings (such as language and theme) locally in your browser (localStorage). This storage is technically necessary; the legal basis is Art. 6(1)(f) GDPR and § 25(2) TDDDG.
Some of the providers named above (Vercel, Supabase, Resend, Google) may process data in the USA. Where a transfer to a third country takes place, it is based on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) and, where certified, the EU-US Data Privacy Framework.
We retain personal data only for as long as necessary for the stated purposes or while your account exists. You can delete your account at any time, which deletes your content and account data, unless statutory retention obligations apply.
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing (Art. 21). You may withdraw any consent at any time with effect for the future (Art. 7(3) GDPR). To exercise these rights, simply email hello@weclaire.com.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular in the EU Member State of your residence or the alleged infringement.
For any privacy questions, reach us at hello@weclaire.com.