1. Introduction
Welcome to Requify for Technology ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
For the purposes of GDPR, the data controller is:
Requify for Technology
Email: privacy@requify.tech
Address: Hauptstraße 30a, 38446 Wolfsburg, Germany
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract: Processing is necessary for performing our contract with you (providing our service)
- Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, optional cookies)
- Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, security)
- Legal Obligation: Processing is required to comply with legal obligations
4. Personal Data We Collect
4.1 Information You Provide
- Account Information: Name, email address, password (encrypted)
- Organization Data: Organization name, member information
- Project Data: Project details, documents, sections, assignments
- Payment Information: Processed securely by Stripe (we do not store full payment card details)
4.2 Automatically Collected Information
- Usage Data: IP address, browser type, device information, access times
- Cookies: See our Cookie Policy section below
- Log Data: Server logs, error reports, performance metrics
5. How We Use Your Data
- Provide and maintain our service
- Process your transactions and manage subscriptions
- Send service-related communications and notifications
- Respond to your inquiries and support requests
- Improve and optimize our service
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Send marketing communications (only with your consent, which you can withdraw at any time)
6. Data Sharing and Disclosure
We share your personal data only with:
6.1 Third-Party Service Providers (Processors)
Clerk: Authentication and user management
DPA Status: Available at clerk.com
Stripe: Payment processing
DPA Status: Available at stripe.com
Amazon Web Services (AWS): Cloud hosting and file storage
DPA Status: AWS GDPR Data Processing Addendum
MongoDB Atlas: Database hosting
DPA Status: Available at mongodb.com
6.2 Legal Requirements
We may disclose your information if required by law or in response to valid legal requests.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved contracts with our US-based processors
- Adequacy Decisions: Processing in countries deemed adequate by the EU Commission
- Transfer Impact Assessments (TIAs): Regular assessments of data transfer risks
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with your supervisory authority
How to Exercise Your Rights:
Email us at: privacy@requify.tech
Or use the data management tools in your account settings
9. Data Retention
We retain your personal data only as long as necessary:
- Account Data: Until you delete your account, then 30 days for backup purposes
- Project Data: Until you delete the project or your account
- Payment Records: 7 years (legal requirement)
- Audit Logs: 2 years maximum
- Marketing Data: Until you unsubscribe or withdraw consent
10. Cookie Policy
We use cookies in compliance with ePrivacy Directive:
Essential Cookies (Always Active)
- Authentication and session management
- Security and fraud prevention
- Load balancing
Optional Cookies (Require Consent)
- Analytics: Google Analytics, usage tracking
- Marketing: Advertising and remarketing
- Preferences: User preferences and settings
You can manage your cookie preferences at any time through our cookie banner or in your account settings.
11. Data Security
We implement appropriate technical and organizational measures:
- Encryption in transit (TLS/SSL) and at rest
- Access controls and authentication
- Regular security audits and penetration testing
- Employee training on data protection
- Incident response procedures
- Regular backups and disaster recovery plans
12. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected individuals without undue delay if there is a high risk
- Document all data breaches in our breach register
- Take immediate measures to mitigate the breach
13. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.