insora

Privacy Policy

This page describes how we handle personal data in compliance with GDPR (EU) and applicable laws.

1. Data Controller (Art. 4 No. 7 GDPR)

Responsible party:
Benno Rothe
Obsthalde 8
71334 Waiblingen
Germany

Contact:
Email: benno@insora.dev

2. Categories of Personal Data Processed

We process the following categories of personal data:

  • Contact Information: Name, email address when you contact us or sign up for early access
  • Technical Data: IP address, browser type, device information, referrer URL
  • Usage Data: Pages visited, time spent on site, interaction with content
  • Communication Data: Content of messages you send to us via contact forms or email

3. Purposes and Legal Basis for Processing

Contact Forms & Early Access Registration:

  • Purpose: Responding to inquiries, providing information about our services, maintaining early access waitlist
  • Legal Basis: Art. 6(1)(b) GDPR (performance of contract/pre-contractual measures) and Art. 6(1)(a) GDPR (consent)
  • Data Processed: Name, email address, message content
  • Storage Period: Until purpose is fulfilled or consent is withdrawn, maximum 3 years

Website Analytics:

  • Purpose: Website optimization, understanding user behavior, improving user experience
  • Legal Basis: Art. 6(1)(f) GDPR (legitimate interests)
  • Data Processed: Anonymized usage data, IP addresses (anonymized), technical information
  • Storage Period: 26 months for analytics data

Technical Website Operation:

  • Purpose: Ensuring website functionality, security, and legal compliance
  • Legal Basis: Art. 6(1)(f) GDPR (legitimate interests)
  • Data Processed: Server logs, IP addresses, technical error data
  • Storage Period: 7 days for server logs

4. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Hosting Provider (Vercel): Website hosting and delivery (USA, adequacy decision or Standard Contractual Clauses)
  • Database Provider (Supabase): Data storage for contact forms and early access signups (USA, adequacy decision or Standard Contractual Clauses)
  • Analytics Providers: Anonymized usage data for website optimization
  • Legal Authorities: When required by law or to protect our legitimate interests

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:

  • EU adequacy decisions for certain countries
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Additional technical and organizational measures to ensure data security

6. Your Rights under GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): Request information about your processed data
  • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR): Request deletion of your data under certain circumstances
  • Right to Restriction (Art. 18 GDPR): Request limitation of processing
  • Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@insora.dev or use our Data Subject Request Form. We will respond within one month.

7. Cookies and Similar Technologies

Our website uses cookies and similar technologies:

  • Essential Cookies: Required for basic website functionality (no consent needed)
  • Analytics Cookies: Help us understand how visitors use our website (consent required)
  • Functional Cookies: Remember your preferences and settings (consent required)

You can manage your cookie preferences through your browser settings or our cookie banner when you first visit the site.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection principles
  • Incident response procedures

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Contact inquiries: 3 years after last contact
  • Early access registrations: Until service launch + 1 year or consent withdrawal
  • Analytics data: 26 months (anonymized)
  • Server logs: 7 days

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state where you reside, work, or where the alleged infringement occurred.

For Germany, the relevant authority is your state's Data Protection Authority (Landesdatenschutzbeauftragte) or the Federal Commissioner for Data Protection and Freedom of Information:

BfDI - Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: www.bfdi.bund.de

12. Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will:

  • Notify the German supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide details about the nature of the breach and measures taken
  • Offer guidance on steps you can take to protect yourself

We maintain comprehensive incident response procedures and regularly review our security measures.

13. Data Minimization and Purpose Limitation

We adhere to the GDPR principles of data minimization and purpose limitation:

  • Data Minimization: We collect only the minimum data necessary for specified purposes
  • Purpose Limitation: Personal data is processed only for the purposes stated in this policy
  • Storage Limitation: Data is retained only as long as necessary and deleted when no longer needed
  • Accuracy: We take reasonable steps to ensure data accuracy and provide correction mechanisms

14. Records of Processing Activities (Art. 30 GDPR)

We maintain comprehensive records of all data processing activities, including:

  • Purposes of processing and legal basis
  • Categories of data subjects and personal data
  • Recipients of personal data (including third countries)
  • Time limits for erasure of different categories of data
  • Technical and organizational security measures

These records are available to supervisory authorities upon request.

15. Updates to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Sending an email notification if you are on our contact list
  • Displaying a notice on our website

Last updated: January 2025