Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for this website is Steadbase GmbH, represented by its management. Contact: privacy@steadbase.ai

2. Data We Collect

We collect and process personal data only to the extent necessary to provide our services. This includes:

  • Contact details (name, email, company) from form submissions
  • Usage data (IP address, browser, timestamps) for security and analytics
  • Payment data is processed exclusively by our payment provider Stripe
  • Newsletter email addresses when you explicitly subscribe

3. Legal Basis

Processing is based on Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract performance), and Art. 6(1)(f) GDPR (legitimate interest in website analytics and security).

4. Cookies and Tracking

This website uses only technically necessary cookies. Analytical cookies (Google Analytics 4) are only set after explicit consent. You can withdraw your consent at any time via the cookie banner.

5. Third-Party Services

We use the following third-party services:

  • Stripe (Stripe Inc., USA) — Payment processing. See stripe.com/privacy
  • Netlify (Netlify Inc., USA) — Hosting and form handling
  • Sanity (Sanity AS, Norway) — Content management
  • Supabase (Supabase Inc., USA) — Database and authentication, data stored in the EU (Frankfurt am Main)
  • Google Analytics 4 — Website analytics (consent required)

For data transfers to the USA, we rely on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

6. Your Rights

Under the GDPR, you have the following rights:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

To exercise your rights, contact: privacy@steadbase.ai

7. Data Retention

Personal data is deleted once the purpose of processing no longer applies, unless statutory retention periods require otherwise. Contact inquiries are deleted after 12 months.

8. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe your data is being processed in violation of the GDPR.