Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address
• Name (if provided)
• Password (stored as a secure hash)

2.2 Usage Data

We automatically collect:

• IP address (anonymized after 24 hours)
• Browser type and version
• Pages visited and features used
• Time and date of access
• Referring website

2.3 User-Generated Content

When you use our service, you may provide:

• Saved stacks and favorites
• Service submissions and feedback
• Issue reports

3. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our service, including account management and saved stacks.
• Legitimate Interests (Art. 6(1)(f)): Security monitoring, fraud prevention, service improvement, and analytics.
• Consent (Art. 6(1)(a)): For optional marketing communications (you can withdraw consent at any time).

4. How We Use Your Data

We use your personal data to:

• Provide and operate the Star Stack service
• Save your stacks and preferences
• Send service-related communications
• Respond to your support requests
• Improve and develop new features
• Detect and prevent fraud and abuse

5. Cookies

We use minimal cookies:

We do not use advertising cookies or third-party trackers.

6. Data Sharing & Subprocessors

We share your data with the following service providers who process data on our behalf:

All subprocessors are contractually bound to protect your data and only process it as instructed by us.

7. International Data Transfers

We primarily store and process your data within the European Union.

When we transfer data outside the EU, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission and appropriate technical safeguards.

8. Data Retention

We retain your data for as long as necessary to provide our services:

• Account data: Until you delete your account, plus 30 days for backup purposes.
• Usage analytics: Aggregated and anonymized, retained indefinitely.
• Submissions/Reports: Retained for moderation and improvement purposes.
• Server logs: 90 days, then anonymized or deleted.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request we limit how we process your data.
• Portability: Receive your data in a machine-readable format.
• Object: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at hello@starstack.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

10. Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Regular security updates and monitoring
• Access controls and authentication
• Regular backups with secure storage

11. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or by posting a notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us: