UpdateKit← Back home

Privacy Policy

Last updated: June 21, 2026

1. Controller

The controller responsible for processing your personal data under the GDPR is:

Daniel Gietmann (Gietmanic)
Siegburger Straße 129 B, 53229 Bonn, Germany
Email: hello@updatekit.io

We have not appointed a Data Protection Officer, as we are not legally required to do so.

2. Data we process

  • Account data: your name, email address, and a hashed password. If you sign in through a third-party provider, we store the tokens needed for that login.
  • Session & security data: when you are signed in we store a session record including your IP address, browser user-agent, and timestamps, to keep you logged in and protect your account.
  • Content: the projects, updates, and settings you create in the app.
  • Server log files: our hosting provider (Vercel) automatically records technical request data (IP address, user-agent, date and time) needed to deliver and secure the service.

We do not run advertising trackers, profiling, or third-party analytics cookies.

3. Purposes & legal basis

  • Providing the service (account, projects, changelog, widget) — Art. 6(1)(b) GDPR (performance of a contract).
  • Security and abuse prevention (session/IP logging, server logs) — Art. 6(1)(f) GDPR; our legitimate interest is keeping the service available and secure.
  • Transactional emails (verification, password reset, team invitations) — Art. 6(1)(b) and (f).
  • Legal obligations (e.g. retention duties) — Art. 6(1)(c).

4. Cookies

We set a single, strictly necessary cookie to keep you signed in. Under § 25(2) TDDDG this requires no consent banner because it is essential to provide a service you explicitly requested. We do not set marketing or analytics cookies.

5. Processors & recipients

We do not sell your data. We share it only with processors acting on our instructions under data-processing agreements (Art. 28 GDPR):

  • Hosting: Vercel Inc. (USA) hosts the application and processes server log data.
  • Database: Neon Inc. (USA) provides the managed PostgreSQL database that stores your account and content data.
  • Email delivery: Resend, Inc. (USA) sends our transactional emails (verification, password reset, team invitations).

6. International transfers

Our processors (Vercel, Neon, and Resend) are located in the USA, so your data is transferred there. For these transfers we rely on appropriate safeguards under Art. 46 GDPR, such as the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

7. Retention

We keep account and content data while your account is active. Session and log data are kept only for as long as needed for security, then deleted or anonymized. When you delete your account we remove or anonymize your personal data, except where statutory retention periods apply.

8. Your rights

Under the GDPR you have the right to:

  • access your data (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erasure (Art. 17) and restriction (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting prior processing (Art. 7(3)).

To exercise any right, email hello@updatekit.io.

9. Right to complain

You may lodge a complaint with a supervisory authority. The authority competent for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Düsseldorf — ldi.nrw.de. You may also contact the authority where you live.

10. Provision of data

Providing account data is required to create an account and use the service. Without it we cannot provide UpdateKit. There is no statutory obligation to provide the data.

11. Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

12. Security

The service is served over encrypted TLS connections, and passwords are stored only as salted hashes.

13. Changes

We may update this policy. Material changes will be announced in the app or by email.