Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller within the meaning of the GDPR is:

Beeomatic (UG in Gründung)
Grandweg 122C, 22529 Hamburg, Germany
Founders: Connor Welge, Marius Schneider
Email: [email protected]

2. Data We Collect

We only collect personal data to the extent necessary to provide our service. This includes:

  • Account data – Email address and username provided during registration.
  • Profile data – Content you publish on your public profile page.
  • Profile statistics – Page views, clicks, and unique visitor counts for your profile. These statistics are visible only to you as the profile owner. To count unique visitors, IP addresses or technical identifiers are processed temporarily and are not stored permanently.
  • Media data – Images or videos you select and upload via your device's native media picker as a profile picture or background. The app only receives the files you explicitly select.
  • Technical data – IP address, browser, device, and timestamps in server logs; automatically deleted after 30 days.

3. How We Use Your Data

We process your data for the following purposes:

  • Providing and operating the service
  • Authentication and account security
  • Sending transactional emails (registration, password reset)
  • Providing profile statistics to profile owners
  • Responding to support requests
  • Detecting and fixing errors

The legal basis for contract performance is Art. 6(1)(b) GDPR. The provision of profile statistics (including unique visitor analysis) as well as IT security, abuse prevention, and fraud protection are based on legitimate interests pursuant to Art. 6(1)(f) GDPR.

4. Third-Party Disclosure

Your data is never sold to third parties. We share data only where necessary for contract performance or where we are legally required to do so. All service providers are contractually obligated to comply with the GDPR.

For web payment processing, we use RevenueCat, Inc. (633 Tasman Drive, Sunnyvale, CA 94085, USA) as our subscription management service. The actual payment processing is handled by Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA). Both providers process payment and billing data; Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR are in place for transfers to the USA. Their respective privacy policies apply: RevenueCat Privacy Policy and Stripe Privacy Policy.

5. Hosting & Infrastructure

For transactional email delivery (registration confirmation, password reset, etc.), Beeograph uses Supabase Auth in conjunction with an SMTP service provided by Hostinger International Ltd. (61 Lordou Vironos, 6023 Larnaka, Cyprus). Hostinger processes your email address solely as a transport service provider, under a data processing agreement pursuant to Art. 28 GDPR. Servers are located within the EU.

Beeograph uses the infrastructure of Supabase Inc. (550 High Street, Palo Alto, CA 94301, USA) for database hosting and authentication. The database server is located in the EU (Dublin, Ireland). Supabase processes data exclusively on our instruction under a data processing agreement pursuant to Art. 28 GDPR. For potential transfers to the USA, Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR are in place.

The homepage and web version of Beeograph are hosted on a dedicated server provided by OVH SAS (2 rue Kellermann, 59100 Roubaix, France). The server location is Frankfurt am Main, Germany. OVH processes data under a data processing agreement pursuant to Art. 28 GDPR; all data remains within the EU.

For DNS, CDN, and DDoS protection we use Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare acts as a reverse proxy and technically unavoidably processes IP addresses and HTTP request headers of all website visitors. This processing is based on our legitimate interests (IT security, availability, Art. 6(1)(f) GDPR). Standard Contractual Clauses (SCCs) and a data processing agreement are in place for transfers to the USA. For more information: Cloudflare Privacy Policy.

6. Cookies

We use technically necessary cookies to operate the service (session cookie for login). Cloudflare also sets technically necessary cookies as part of its CDN and security service (including __cf_bm for bot detection and cf_clearance after security checks). These cookies are required for the secure operation of the website and do not require consent. We do not use tracking or advertising cookies.

7. Your Rights

You have the following rights under the GDPR:

  • Access to your stored data (Art. 15 GDPR)
  • Correction of inaccurate data (Art. 16 GDPR)
  • Deletion of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

To exercise your rights, contact us at: [email protected]. You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Ludwig-Erhard-Str. 22, 20459 Hamburg, www.datenschutz.hamburg.de.

8. Data Retention & Account Deletion

We store your data only for as long as necessary for the respective purpose. Account data is deleted within 30 days of account cancellation, unless statutory retention obligations apply. Billing and payment data is subject to statutory retention periods of up to 10 years under applicable tax and commercial law; this data is deleted upon expiry of the retention period. Payment data is retained by Stripe, Inc. as the payment processor and RevenueCat, Inc. as the subscription management service.

To delete your account and all associated personal data, use the Settings → Account → Delete Account function directly in the app. Alternatively, you can request deletion by email at [email protected]. Deletion will be completed within 30 days.

9. Revoking Consent

Where data processing is based on your consent, you may revoke that consent at any time with effect for the future. To do so, you can permanently delete your account via Settings → Account → Delete Account in the app, or contact us at [email protected]. Revoking consent does not affect the lawfulness of processing carried out before the withdrawal.

10. Changes to This Privacy Policy

We reserve the right to update this policy when the service or legal requirements change. The current version is always available on this page.