Legal

Privacy policy

Effective as of 2026-04-18. Controller: Vista Tech & Art GmbH (see Imprint).

What we collect

• Account data: email, name, hashed password, chosen plan.
• Billing data: handled by Stripe (payment card, billing address, VAT ID). Stripe is our processor under Art. 28 GDPR.
• Technical data: tenant namespace, tenant IP logs for abuse mitigation, HTTP access logs on ingress (retained 7 days).
• Usage telemetry: per-tenant CPU/memory/storage/bandwidth aggregates written to the portal's database for billing.

Why we process it

• Provide the service you purchased (Art. 6(1)(b) GDPR — contract).
• Bill you and comply with tax/accounting obligations (Art. 6(1)(c) — legal obligation).
• Detect abuse and keep the platform secure (Art. 6(1)(f) — legitimate interest).

Where data lives

Application + billing data: EU data centers (see sub-processors below). Stripe processes payment data in the United States under the EU-US Data Privacy Framework. No data is transferred outside the EU/EEA without an adequate safeguard.

How long we keep it

• Account: until you delete it, or 30 days after your last tenant is deleted.
• Invoices and tax records: 10 years (German statutory retention, HGB §257 / AO §147).
• Access logs: 7 days rolling.
• Usage snapshots: 24 months for billing audit + historical charts.

Your rights

Under the GDPR you can request access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and object to processing (Art. 21). Email privacy@remixcloud.com — we reply within 30 days.

Cookies

We use strictly-necessary cookies for authentication and session management. No tracking, no analytics, no third-party cookies on the marketing site.

Sub-processors

• Stripe Payments Europe Ltd (Ireland) — billing, payment processing
• Hetzner Online GmbH (Germany / Finland) — infrastructure hosting
• BunnyWay d.o.o. (Slovenia) — DNS authoritative zone hosting
• GitHub Inc. (USA) — container registry (private)
• Resend Inc. (USA) — transactional email delivery (only when enabled)

Complaints

You can lodge a complaint with your local supervisory authority. For customers in Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit.