Privacy Policy for the Datapods website

Status: 30th May 2025

Table of contents

  1. Preambel

  2. Privacy Policy Website Introduction

  3. Who is responsible for processing my personal data and how can I contact the data protection contact person?

  4. Vercel

  5. Cookies

  6. Datapods Shield

  7. PostHog

  8. Resend

  9. Contact form

  10. How to contact us

  11. Social networks & external links

  12. Data security

  13. Withdrawal

  14. Rights of data subjects

1. Preamble

Welcome to the Datapods website! We consider the protection of your data and your privacy to be of the utmost importance. Because nobody has the desire (or time) to read complete privacy policies, we will provide a short summary. The short summary can be found next to the legally binding, complete privacy policy for our website and our app. Have fun scrolling!

2. Privacy Policy Website Introduction

According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. Further information on this can be found in Art. 4 No. 1 GDPR.

This privacy policy can be accessed, saved and printed at any time at datapods.app.

Insofar as we cite our legitimate interest or a legitimate interest of a third party (Art. 6 para. 1 lit. f) GDPR) as the legal basis for the processing of personal data, you have the right in accordance with Art. 21 GDPR to object to the processing of personal data at any time. We will then no longer process the personal data for the purposes of direct marketing or related profiling.

We will also not process your personal data for other purposes following an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (see, for example, Art. 21 (1) GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation.

You can also object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Art. 21 para. 6 GDPR).

We will also inform you separately about your right to object in the individual sections (e.g. by stating: “You have the right to object”), if this right exists. There you will also find further information on exercising your right to object.

In order to keep the following privacy policy concise, we provide links at various points to information and data protection notices on external websites (see also the section “Social networks & external links” in this privacy policy). We make every effort to keep the links that we list in this privacy policy up to date. Nevertheless, due to the constant updating of the websites, it cannot be ruled out that links may not function correctly. If you notice such a link, we would be pleased if you let us know so that we can update the link.

3. Who is responsible for processing my personal data and how can I contact the data protection contact person?

You can contact our data protection contact person by email at finn@datapods.app.

The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is:

Datapods GmbH

Kölnstraße 179b 53111 Bonn

E-mail: kontakt@datapods.app

represented by: Jakob Endler, Lukas Stein, Finn Rübo, David Goldschmidt

4. Vercel

We use Vercel for the provision of our website. Vercel is operated by Vercel Inc., 650 California St, San Francisco, CA 94108, US.

Description and scope of data processing

Each time you visit our website, Vercel, which is our server host and acts as a sub-processor for us, automatically collects data and information from your device's system and stores it in server log files. This data is information that relates to an identified or identifiable natural person (here: you, the website visitor). The data is automatically transmitted by your browser when you visit our website. The following data is collected:

  • Date/time of accessing our website or calling up a function (request to the host provider's server),

  • Internet protocol addresses (IP addresses),

  • character string of the user agent that identifies the browser or operating system to the server,

  • installed fonts,

  • Mime types, i.e. which data the web server sends - for example, whether it is a plain text document, an HTML document or a PNG image,

  • Browser language and time zone,

  • installed plugins,

  • HTTP header,

  • screen resolution.

Vercel transfers the collected personal data to servers in the USA and processes it there. An adequacy decision pursuant to Art. 45 GDPR in the form of the EU-US Data Privacy Framework has been in place since 10 July 2023. According to this, US companies can, under certain conditions, ensure a level of protection for personal data that is adequate in comparison to the EU. Vercel has accordingly been certified as a participant to the Data Privacy Framework by the responsible US Department of Commerce.

Further information on this can be found in Vercel's Privacy Policy. According to its own information, Vercel uses the following subprocessors.

Purpose of processing

The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. Furthermore, we use the data to optimise our website and to ensure the security of our systems. This data is not analysed for marketing purposes by us.

The purpose of the processing through Vercel is to ensure the reliability and stability of the website (e.g. to prevent DDOS attacks).

Legal basis for processing

The legal basis for the processing of personal data described here is Article 6 para. 1 lit. f GDPR. Our legitimate interest is to present you with a website that is optimised for your browser and to enable communication between the server of our host provider and your end device. In particular, the processing of your IP address is necessary for the latter. As we do not host our website ourselves, this would not be possible without the processing of personal data by a processor. In addition, Vercel has a legitimate interest in the (personal) data collected in order to offer its own services, to ensure the security of the product, for analysis purposes and for product development.

Data rentention

The data is stored by Vercel for a maximum of 30 days.

Right to object

You have the right to object to the processing of your data. You can send or inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our website or will not be able to use it to its full extent.

5. Cookies

You can find more information about the cookies used on our website in our Cookie Table.

6. Datapods Shield

We use HaveIBeenPwned to provide the Datapods Shield section on our website. HaveIBeenPwned is operated by Superlative Enterprises Pty Ltd, Level 11, 2 Corporate Court, Bundall 4217, Queensland, Australia.

Description and scope of data processing

HaveIBeenPwned is used to find out whether your email addresses and passwords are possibly contained in a data leak. To do this, HaveIBeenPwned stores the data from many different data leaks. When you enter your email address and submit it, it will be forwarded to HaveIBeenPwned and checked to see if it can be found in their database.

HaveIBeenPwned transfers and processes personal data to servers in the USA. HaveIBeenPwned is not certified under the EU-US Data Privacy Framework. However, a data processing annex has been concluded with HaveIBeenPwned within the framework of a data processing agreement that contains the standard clauses of the European Commission, with which HaveIBeenPwned undertakes to process personal data in compliance with the GDPR and to guarantee this for its sub-processors as well.

Further information on data processing by HaveIBeenPwned can be found in HaveIBeenPwned's privacy policy. According to its own information, HaveIBeenPwned uses these sub-processors.

Purpose of processing

The purpose of processing is to process your request and determine whether the email address you entered has been affected by a data breach.

Legal basis for processing

The legal basis for the processing of personal data described here is your consent, given in parallel with your acceptance of the relevant terms and conditions, which are displayed to you before you submit your data, in accordance with Art. 6 para. 1 lit. a GDPR.

Data rentention

We only store your data for as long as you remain on our website. HaveIBeenPwned only processes your data temporarily in order to provide the results of the database query.

Right to object

You have the right to object to the processing of your data. You can send or inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it means that you will not be able to use the Datapods Shield function.

7. PostHog

We use PostHog on our website to analyze user behavior. PostHog is operated by PostHog Inc, 965 Mission Street, San Francisco, CA 94103, USA.

Description and scope of data processing

PostHog records and reflects your behavior in our app. The storage of this data is limited in time and is used exclusively to improve our service based on your needs. This allows personal data to be stored and evaluated - in particular the user's activity (which subpages have been visited, which elements have been clicked on), device and browser information (in particular the IP address and operating system). The information collected in this way is transmitted by PostHog to a server in Germany and stored there. PostHog also sets a cookie that enables us to recognize you when you visit our website again.

Purpose of processing

The purpose of processing is to better understand the users of our website and improve the experience on the website.

Legal basis for processing

The legal basis for the processing of personal data described here is the consent given when accepting all cookies via the cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.

Data rentention

The personal data in the form of session replays are deleted or anonymized after 3 months. The user's activities are stored pseudonymously for as long as they are required to fulfill the purpose of processing, but for a maximum of one year.

Right to object

You have the right to object to the processing of your data. You can send or inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our website or will not be able to use it to its full extent.

8. Resend

We use MailerLite on our website to send newsletters. Resend is operated by Resend, Inc, 2261 Market Street #5039, San Francisco, CA 94114, USA.

Description and scope of data processing

The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on Resend's servers. Resend complies with the requirements of the GDPR. You can find more details in Resend's privacy policy. According to its own information, Resend uses the following subprocessors.

Resend is a service that can be used to organize and analyse the sending of newsletters. Our newsletters sent with Resend enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by Resend newsletters can be found here.

Purpose of processing

The purpose of processing the above-mentioned data is to be able to let you subscribe to our newsletter.

Legal basis for processing

The legal basis for the processing of personal data described here is the consent given when registering to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data that is processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to receive our newsletter (Art. 7 para. 1 GDPR).

Data rentention

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Resend's servers after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

Right to object

You have a to object. You can revoke your consent at any time without giving a reason by unsubscribing from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website or by sending an email to kontakt@datapods.app.

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our website or will not be able to use it to its full extent.

9. Contact form

Description and scope of data processing

There is a contact form on our website that you can use to contact us electronically. If you contact us via this contact form, the data entered in the input fields will be processed by us.

This includes the following data as mandatory information:

The information you enter in the “Ask away” field

  • name,

  • e-mail address.

You can also add further data as voluntary information. This may simplify and speed up the processing of your request. The following data is potentially affected:

The information that results from your attached documents. We treat mandatory and voluntary information in the same way. The mandatory information is necessary in order to contact you and process your request.

The following data is also stored when you submit the form:

  • your IP address,

  • date and time of sending the form.

Please note that the scope of the personal data collected as part of the contact form also depends on what data you yourself disclose in the contact form, in particular in the “Ask away” field and by attaching your documents.

The recipient of the data is our server host Webflow, which works for us as part of a data processing agreement. You can find out more about Webflow's data protection practices under the “Webflow” heading of this privacy policy.

Purpose of processing

The purpose of processing the personal data within the scope of the mandatory information (name, e-mail adress) and the voluntary information is to process the contact request and to be able to contact you for the purpose of your request.

The other personal data processed during the sending process (IP address, date and time of sending) serve to prevent misuse of our contact form.

Legal basis for processing

The legal basis for the processing of the personal data provided by you in the context of the contact (mandatory and voluntary information) is Art. 6 para. 1 lit. b) GDPR. If you have given your consent, Art. 6 para. 1 lit. a) GDPR is an additional legal basis.

The legal basis for the processing of other personal data during the sending process is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in preventing or being able to prove misuse of our contact form.

Data rentention

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was sent. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Right to object

You have the right to object to the processing of your data. You can send or inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our contact form.

10. How to contact us

Description and scope of data processing

You have the option of contacting us by post, telephone or e-mail.

If you contact us by post, we may in particular process your address data (e.g. surname, first name, street, place of residence, zip code), the date and time of receipt of the mail and the data resulting from your letter itself. Depending on the data you provide here, we will then contact you by telephone or e-mail and, if necessary, call you back or write to you.

If you contact us by telephone, your telephone number and, if necessary, your name, e-mail address, time of the call and details of your request will be processed during the call.

If you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (including attachments, if applicable) will be processed.

If you contact us via digital means, the recipient of the data is our server host Webflow, which works for us as part of a data processing agreement. You can find out more about Webflow's data protection practices under the “Webflow” heading of this privacy policy.

Purpose of processing

The purpose of processing the above-mentioned data is to process the contact request and to be able to get in touch with the enquirer to respond to the request.

Legal basis for processing

The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. b) GDPR. If you have given your consent, Art. 6 para. 1 lit. a) GDPR is an additional legal basis.

Data rentention

The personal data will only be processed for as long as is necessary to process the contact request. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Right to object

You have the right to object to the processing of your data. You can send or inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to contact us.

11. Social networks & external links

In addition to this website, we also maintain presences in various social media, which you can access via corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the provider of the social network.

We would like to point out that user data may also be transmitted to a server in a third country and may therefore be processed outside the European Union.

It is possible that, in addition to storing the specific data you enter in this social medium, further information may also be processed by the social network provider.

In addition, the provider of the social network may process the most important data of the computer system from which you visit it – for example, your IP address, the processor type and browser version used, including plug-ins.

If you are logged in with your personal user account of the respective network while visiting such a website, this network can assign the visit to this account.

The purpose and scope of the data collection by the respective medium as well as the further processing of your data there and your rights in this regard can be found in the respective provisions of the respective controller, e.g. at:

Facebook (Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA): privacy policy, Facebook opt-out option and Your Online Choices opt-out option,

X (Twitter) (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA): Privacy Policy and opt-out option,

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA): Privacy policy and opt-out option,

Google and YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA): Privacy policy and opt-out option,

Linkedin (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland): Privacy policy and Cookie policy.

  • TikTok (TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, D02 HD23, Dublin, Irland): Privacy policy, Cookie policy.

  • Reddit (Reddit Netherlands B.V., Euro Business Center, Keizersgracht 62, 1015CS,Amsterdam, Netherlands): Privacy Policy, Cookie Notice.

We also point out that our website contains further links to external third-party websites, where we have no influence on the processing of data on these third-party websites.

12. Data security

We use technical and organizational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Despite regular checks, however, complete protection against all risks is not possible.

13. Withdrawal

You have the right to withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal.

14. Rights of data subjects

You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 et seq. GDPR)

  • Right to data portability (Art. 20 GDPR)

For requests of this kind, please contact kontakt@datapods.app. Please note that we must ensure that we are actually dealing with the data subject for such requests.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority.

Automated decision-making does not take place on our website.