Browse Database

Privacy Policy

(Datenschutzerklärung according to GDPR / DSGVO)

1. Controller (Responsible Party)

The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Oleksii Fischer

Polkostr. 11

81245 Munich, Germany

Email: hello@watchwinder.io

2. Overview of Data Processing

2.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website, our content, and our services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2.2 Legal Basis for Processing

The following legal bases apply under GDPR:

  • Art. 6(1)(a) GDPR: Processing based on your consent
  • Art. 6(1)(b) GDPR: Processing for contract performance or pre-contractual measures
  • Art. 6(1)(c) GDPR: Processing for compliance with legal obligations
  • Art. 6(1)(f) GDPR: Processing based on legitimate interests

2.3 Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if provided for by law. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

3. Hosting and Infrastructure

3.1 Hetzner Cloud

Our website is hosted on servers provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

When you visit our website, your IP address and other information (browser type, operating system, referrer URL, access time) are transmitted to Hetzner's servers. This processing is based on Art. 6(1)(f) GDPR, as it serves our legitimate interest in the efficient and secure provision of our website.

Hetzner processes data exclusively in the EU and is subject to GDPR. For more information, see the Hetzner Privacy Policy.

3.2 Supabase (Database & Authentication)

We use Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992, for database services and user authentication.

When you create an account or log in, the following data may be processed:

  • Email address
  • User ID
  • Authentication tokens
  • Account preferences and subscription status

This processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in secure authentication). Data may be transferred to the USA. Supabase participates in the EU-U.S. Data Privacy Framework.

Supabase Privacy Policy

4. Server Log Files

The hosting provider automatically collects and stores information in server log files, which your browser transmits to us. This includes:

  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (anonymized or deleted after 7 days)

Legal basis: Art. 6(1)(f) GDPR. This data is necessary for the technical operation and security of the website. Log data cannot be attributed to specific individuals and is not combined with other data sources.

5. Cookies and Consent Management

5.1 What are Cookies?

Cookies are small text files stored on your device by your web browser. They help websites function more efficiently and provide information to the operators.

5.2 Cookiebot (Consent Management)

We use Cookiebot by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to manage your cookie preferences and obtain valid consent in compliance with GDPR.

When you visit our website, Cookiebot stores a consent cookie to remember your preferences. This is necessary for legal compliance (Art. 6(1)(c) GDPR) and our legitimate interests (Art. 6(1)(f) GDPR).

Cookiebot Privacy Policy

5.3 Types of Cookies Used

Strictly Necessary Cookies: Required for website functionality (session management, security). Legal basis: Art. 6(1)(f) GDPR.

Analytics Cookies: Help us understand how visitors use our website. Only set with your consent (Art. 6(1)(a) GDPR).

Marketing Cookies: Used to deliver relevant advertisements. Only set with your consent (Art. 6(1)(a) GDPR).

5.4 Managing Your Preferences

You can modify your cookie preferences at any time by clicking on the cookie settings link in the website footer or by adjusting your browser settings.

6. Analytics and Tracking

6.1 Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to analyze your use of the website. The information generated (including your truncated IP address) is transmitted to Google servers. IP anonymization is enabled, so your full IP address is not stored.

We use Google Analytics only with your consent (Art. 6(1)(a) GDPR), which you can revoke at any time via the cookie settings. Data may be transferred to the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Google Privacy Policy | Google Analytics Opt-Out

6.2 Google Tag Manager

We use Google Tag Manager to manage website tags. Google Tag Manager itself does not collect personal data; however, it enables other tags that may collect data. Google Tag Manager does not access this data.

7. Payment Processing

7.1 Stripe

For payment processing of subscriptions, we use Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA.

When you make a purchase, Stripe processes the following data:

  • Payment card details (card number, expiry date, CVC)
  • Billing address
  • Email address
  • Transaction amount and currency
  • IP address and device information (for fraud prevention)

We never store or have access to your full payment card details. All payment data is processed directly by Stripe using bank-grade encryption (PCI-DSS Level 1 certified).

Legal basis: Art. 6(1)(b) GDPR (contract performance). Stripe is certified under the EU-U.S. Data Privacy Framework.

Stripe Privacy Policy

8. User Account and Subscription Data

When you create an account or subscribe to our service, we collect:

  • Email address
  • Password (stored in encrypted/hashed form only)
  • Subscription status and billing history
  • Usage data related to our services

This data is processed based on Art. 6(1)(b) GDPR (contract performance). Your account data is retained for the duration of your account. Upon account deletion, data is removed within 30 days, except where legal retention requirements apply.

9. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). We only transfer data to countries that have been deemed to provide adequate data protection by the European Commission or ensure appropriate safeguards through:

  • EU-U.S. Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules

You may request a copy of applicable safeguards by contacting us at the address above.

10. Your Rights Under GDPR

You have the following rights concerning your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your stored data.
  • Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You can request deletion of your data under certain conditions.
  • Right to Restriction (Art. 18 GDPR): You can request restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, common format.
  • Right to Object (Art. 21 GDPR): You can object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw consent at any time without affecting prior processing.

To exercise any of these rights, please contact us at: hello@watchwinder.io

11. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may do so with the supervisory authority in the EU member state of your residence, your place of work, or the place of the alleged infringement.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach, Germany

Website: www.lda.bayern.de

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • SSL/TLS encryption for all data transmission
  • Secure password hashing
  • Regular security audits and updates
  • Access controls and authentication mechanisms
  • Data processing within the EU where possible

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The current version will always be available on this page with the date of the last update.

Last updated: December 22, 2025

Questions? Contact us at privacy@watchwinder.io