Privacy

Privacy

Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

Last updated: Februrary 14, 2026

Save everything on CloudCraft for free.

Upgrade for unlimited storage, end-to-end security, web editorand dedicated enterprise features.

Privacy Policy

Last updated: February 14, 2026

This privacy policy explains what types of personal data we collect, for what purposes, and to what extent. It applies to all data processing we carry out, both in providing our services and on our websites, mobile applications, and external online presences such as social media profiles (collectively referred to as “Online Services”).

Controller

Automates UG (haftungsbeschränkt)
Fasanenweg 4, 65321 Heidenrod, Germany

Commercial Register: HRB 36192
VAT ID: DE458118927

Represented by: Florian Herborn and Nils Minor

Email: hello@distrify.io
Legal notice: https://www.distrify.io/impressum

Overview of Data Processing


Types of data processed: Identity and account data, contact data, content data, contract and payment data, usage data, metadata and communication data, log data.


Data subjects: Customers and business clients, prospects, communication partners, website visitors, business and contract partners.


Purposes: Providing contractual services, communication, security, direct marketing, analytics, administration, and providing and improving our Online Services.

Legal Basis

We process personal data in accordance with the EU General Data Protection Regulation (GDPR). The legal bases we rely on are:

  • Consent (Art. 6(1)(a) GDPR) – You have given consent for a specific processing purpose.

  • Contract performance (Art. 6(1)(b) GDPR) – Processing is necessary to fulfill a contract with you or to carry out pre-contractual measures at your request.

  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is required to comply with a legal obligation.

  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for our legitimate interests, provided your fundamental rights and freedoms do not override those interests.

In addition to the GDPR, German national data protection law applies, in particular the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG), which governs the use of cookies and similar technologies.

Right to Object (Art. 21 GDPR)


If your personal data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time. This also applies to profiling related to such marketing. If you object, your data will no longer be used for direct marketing (Art. 21(2) GDPR).

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements. These measures include safeguarding the confidentiality, integrity, and availability of data through access controls, encryption, and secure system design. We apply the principles of privacy by design and privacy by default.


IP address masking: Where full IP addresses are not required, we use IP masking (pseudonymization) to prevent or significantly hinder identification.

TLS/SSL encryption: Our Online Services use TLS/SSL encryption (HTTPS) to protect data transmitted between your browser and our servers.


Note on internet security: Please be aware that data transmission over the internet (e.g., email communication) may have security vulnerabilities. Complete protection against third-party access is not possible.

Data Sharing

In the course of our data processing, personal data may be disclosed to other entities, companies, or persons — for example, IT service providers or content providers integrated into our website. We comply with legal requirements and enter into appropriate data protection agreements with recipients of your data.

International Data Transfers

Where we transfer data to countries outside the EU/EEA (“third countries”), we ensure compliance with legal requirements. For transfers to the US, we primarily rely on the EU-US Data Privacy Framework (DPF), recognized by the EU Commission’s adequacy decision of July 10, 2023. Additionally, we have concluded Standard Contractual Clauses (SCCs) with relevant providers as a fallback safeguard.

For individual service providers, we indicate below whether they are DPF-certified and whether SCCs are in place. More information about the DPF is available at dataprivacyframework.gov.

Data Retention and Deletion

We delete personal data when consent is withdrawn or no further legal basis for processing exists — unless legal obligations or legitimate interests require longer retention.

Retention periods under German law:

  • 10 years – Books, records, annual financial statements, inventories (§ 147(1) No. 1 AO, § 14b(1) UStG, § 257(1) No. 1 HGB).

  • 8 years – Accounting records such as invoices and cost receipts (§ 147(1) No. 4 AO, § 257(1) No. 4 HGB).

  • 6 years – Other business documents including commercial correspondence (§ 147(1) No. 2, 3, 5 AO, § 257(1) No. 2, 3 HGB).

  • 3 years – Data needed for potential warranty or liability claims (§§ 195, 199 BGB).

Retention periods generally begin at the end of the calendar year in which the triggering event occurred.

Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15) – Obtain confirmation of whether and how your data is being processed.

  • Right to rectification (Art. 16) – Request correction of inaccurate data or completion of incomplete data.

  • Right to erasure (Art. 17) – Request deletion of your data, subject to legal exceptions.

  • Right to restriction of processing (Art. 18) – Request restriction if you contest data accuracy, processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected under Art. 21(1) pending verification.

  • Right to data portability (Art. 20) – Receive your data in a structured, machine-readable format or request transfer to another controller.

  • Right to withdraw consent – Revoke any given consent at any time without affecting the lawfulness of prior processing.

  • Right to lodge a complaint – File a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, workplace, or place of alleged infringement.

Website Hosting

We process user data to provide our Online Services, including IP addresses necessary to deliver content to your browser.


Framer – Website Hosting: Our website is hosted by Framer B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. When you visit our site, Framer automatically collects data transmitted by your browser, including IP address, date and time of the request, page accessed, referrer URL, browser type, and operating system. Framer processes data within the EU/EEA. We have concluded a Data Processing Agreement (DPA) with Framer to ensure they process visitor data only under our instructions and in compliance with the GDPR. Privacy policy: framer.com/privacy.


Server log files: Access to our website is logged in server log files containing the requested URL, date/time, data volume, browser and OS, referrer URL, and IP address. Log data is stored for a maximum of 30 days and then deleted or anonymized, except where retention is required for incident investigation.


Content Delivery Network (CDN): We use a CDN to deliver website content faster and more securely through regionally distributed servers.

Cookies

We use cookies in accordance with legal requirements. Where required, we obtain your prior consent. Technically necessary cookies are used on the basis of our legitimate interests.


Session cookies are deleted when you close your browser. Persistent cookies remain until they expire or you delete them — storage duration is up to two years unless otherwise specified.


Opt-out: You can revoke consent at any time and manage cookies through your browser’s privacy settings.


Cookie Consent Management: We use a consent management tool to obtain, log, manage, and facilitate withdrawal of cookie consents. Consent records are stored for up to two years using a pseudonymous identifier along with timestamp, scope of consent, and device information.

Business Services and Contracts

We process data of our contractual and business partners — including customers, prospects, and their contacts — to fulfill contractual obligations, manage relationships, and respond to inquiries.


Distrify Cloud Platform: When using our SaaS platform “Distrify,” we process personal data of business customers and their employees as required to deliver our contractual services. This includes registration data, contact details, and platform usage data. Where our customers process personal data of their own customers or partners through the platform, we act as a data processor under Art. 28 GDPR. Details are governed by a separate Data Processing Agreement (DPA).

User Accounts

Users may create an account to access the Distrify platform. During registration, we collect required information including name, email address, and company. We store IP addresses and timestamps of user actions for security and abuse prevention. Account data is deleted after the contractual relationship ends and statutory retention periods expire.

Contact and Inquiries

When you contact us — via contact form, email, phone, or social media — we process your data to handle your inquiry.

Newsletter and Marketing Communications

We send newsletters and marketing communications only with your consent or where legally permitted. You may unsubscribe at any time via the link in each email or by contacting us at hello@distrify.io.

After unsubscribing, we may retain your email address for up to three years to document prior consent, limited to defending against potential claims. We also maintain a blocklist to permanently honor your opt-out.

Web Analytics

We use web analytics to evaluate visitor traffic and optimize our Online Services. User profiles are created using pseudonymous data — we do not store clear-text identifiers like names or email addresses for analytics purposes. We use IP masking to protect user privacy.


Google Analytics: We use Google Analytics with a pseudonymous user identification number to analyze how our website is used — including pages visited, search terms, session duration, and traffic sources. Google Analytics does not log or store individual IP addresses for EU users. Geographic data is derived from IP metadata on EU-based servers before the IP data is immediately discarded.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: policies.google.com/privacy. Third-country transfers are covered by the Data Privacy Framework (DPF) and Standard Contractual Clauses. Opt-out: Browser plugin or ad personalization settings. Cookie retention: up to 2 years.

Changes to This Privacy Policy

We update this privacy policy as needed when our data processing practices change. Where changes require your action (e.g., renewed consent), we will notify you accordingly.