Privacy Policy
Last updated: December 9, 2025
1. Data Controller
Sebastian Ispas
Zillestr. 12, 51067 Koeln, Germany
Email: seb@sebsites.com
2. What personal data we collect and why
| Purpose | Data we collect | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Processing your order & invoicing | Name, email address, billing address, payment method token | Performance of contract (Art. 6(1)(b)) |
| Creating and hosting your digital business card | All information you enter (company name, phone, photo, social links, etc.) | Performance of contract (Art. 6(1)(b)) |
| Sending transactional emails & support | Email address | Performance of contract + legitimate interest (Art. 6(1)(f)) |
| Improving the service | Anonymised usage data (clicks, which fields are used, etc.) and verbal feedback | Legitimate interest (Art. 6(1)(f)) |
| Marketing / newsletter (only if you opt-in) | Email address | Consent (Art. 6(1)(a)) |
3. Payment data We never store your credit card or bank details. All payments are processed exclusively by Stripe and/or PayPal – both are PCI-DSS certified.
4. Hosting & processors
- Servers: USA / Germany (Rumble Cloud / Hetzner)
- Sub-processors (all with GDPR Data Processing Agreement – Art. 28): − Stripe Payments Europe Ltd. (Ireland) − PayPal (Luxembourg) S.à r.l. − WHMCS (billing & support tickets)
5. How long we keep your data
- While your subscription is active → all data is kept
- After cancellation or failed payment → public access is suspended immediately
- All data (card, files, analytics, etc.) is permanently and irreversibly deleted after the 14-day grace period ends
- Invoices and accounting data: kept for 10 years (German legal requirement – § 147 AO)
6. Your rights under GDPR You have the right at any time to:
- access your data
- rectification
- erasure (“right to be forgotten”)
- restriction of processing
- data portability
- object to processing
- withdraw consent
Just send an email to seb@sebsites.com – we will reply within one month (usually within 1–2 days).
7. Right to lodge a complaint If you believe we are not handling your data correctly, you can contact the competent supervisory authority (in most cases: Landesbeauftragte für Datenschutz of your German state).
8. No automated decision-making or profiling
9. Changes to this Privacy Policy We may update this policy from time to time. The current version is always available at this URL.