Privacy Policy

This privacy policy informs you about the processing of your personal data when visiting and using Waveboard. The provider named in the legal notice is responsible for the data processing.

Pipewave UG (haftungsbeschränkt)
Lottbeker Weg 13, 22397 Hamburg
Deutschland
E-Mail: kontakt@pipewave.de

The controller within the meaning of the GDPR is the provider of this platform named in the legal notice. For questions about the processing of your data, please contact us using the contact details provided there.

We process the following categories of personal data:

• Account data: email address, password hash, name (if provided).
• Content data: customer, project, task, and invoice data that you create in the application.
• Usage data: login timestamps, technical logs (IP, user agent) for security and error analysis.
• Payment data: processed exclusively by the payment service provider once payments are enabled.

Processing takes place for contract fulfillment (Art. 6 (1) (b) GDPR), based on legitimate interests in the secure operation and improvement of the service (Art. 6 (1) (f) GDPR), and based on statutory retention obligations (Art. 6 (1) (c) GDPR).

We use the following processors. Data processing agreements pursuant to Art. 28 GDPR exist with all providers. Data transfers to third countries are protected by standard contractual clauses.

• Supabase Inc.
  Datenbank, Authentifizierung, Datei-Speicher
  EU (Frankfurt)
  https://supabase.com/privacy
• Strato AG
  Hosting der Web-Anwendung (V-Server)
  Deutschland
  https://www.strato.de/datenschutz/
• Resend Inc.
  Versand transaktionaler E-Mails
  USA (Standardvertragsklauseln)
  https://resend.com/legal/privacy-policy
• HubSpot, Inc.
  Marketing-Formulare (Bewerbung um Zugang)
  USA (Standardvertragsklauseln)
  https://legal.hubspot.com/de/privacy-policy

We only use technically necessary cookies and localStorage entries (e.g. for login session, theme preference). These are required for the operation of the application (§ 25 (2) TTDSG, Art. 6 (1) (b) GDPR). Optional cookies are only set with your express consent.

You have the right to information (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21), as well as the right to lodge a complaint with a supervisory authority.

You can export your data at any time as JSON under "Settings → Privacy" or delete your account completely. Deletion is irreversible and removes all data linked to your account.

We store personal data only as long as necessary for providing the service or as required by statutory retention obligations (e.g. § 257 HGB, 6/10 years for accounting-relevant data).

We use technical and organizational measures to protect your data, in particular transport and database encryption, row-level security in the database, regular backups, and restricted access to production systems.

For questions regarding data protection, please contact us using the address given in the legal notice or by email at the contact address provided there.