← Back to Home

Privacy Policy

GDPR-compliant · Last updated: March 2026

1. Data Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Justin Peters

Nordstr. 32

27580 Bremerhaven

Germany

Phone: +49 176 72571361

Email: info@qalypto.com

2. Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of processing.

Types of Data Processed

  • Contact data (e.g., email, phone number, name)
  • Content data (e.g., inputs in contact forms)
  • Usage data (e.g., pages visited, access time)
  • Meta/communication data (e.g., IP address, browser information)
  • Contract data (e.g., subject matter, duration, customer category)
  • Payment data (processed by payment service providers)

3. Legal Bases for Processing

We process personal data in accordance with the GDPR based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent.
  • Contract Performance (Art. 6(1)(b) GDPR) – Processing is necessary for contract fulfillment.
  • Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary to comply with a legal obligation.
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for our legitimate interests.

4. Contact and Inquiries

When you contact us (e.g., via contact form or email), your information is processed to respond to your inquiry and any requested actions.

  • Data Processed: Name, email, company, message content
  • Legal Basis: Contract performance/pre-contractual measures (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)
  • Retention Period: Inquiries are deleted after completion unless longer retention is legally required or necessary for contract processing

5. Provision of Contractual Services

We process customer data to provide our services (real-time WebSocket streaming, ClickHouse data access, market data infrastructure).

  • Data Processed: Master data, payment data, contact data, contract data, usage data
  • Legal Basis: Contract performance (Art. 6(1)(b) GDPR)
  • Retention Period: Data is deleted when no longer required for contract performance and no statutory retention obligations apply (typically 10 years after contract end for tax documentation)

6. Web Hosting

We use hosting services to provide our website. Technical information is automatically collected.

  • Data Processed: IP address, browser type, operating system, access time, pages visited
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) – technically necessary for operation
  • Hosting Provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA
  • International Transfer: Vercel is certified under the EU-U.S. Data Privacy Framework

7. Email Services

We use an external service provider for sending emails.

  • Service Provider: Resend (Resend, Inc.)
  • Purpose: Sending transactional emails, confirmations, support communication
  • Legal Basis: Contract performance (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)

8. Infrastructure Services

We use external infrastructure providers to operate our data services.

Server Hosting

  • Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  • Purpose: Hosting of backend infrastructure, databases, and data processing services
  • Data Processed: Technical connection data, API usage logs
  • Legal Basis: Contract performance (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)
  • Location: Data centers in Germany (EU)

CDN and Security Services

  • Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
  • Purpose: Content delivery, DDoS protection, DNS services, secure access tunnels
  • Data Processed: IP address, browser information, access logs
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) – security and performance optimization
  • International Transfer: Cloudflare is certified under the EU-U.S. Data Privacy Framework

9. Cookies

Our website uses only technically necessary cookies. We do not use tracking, analytics, or advertising cookies.

  • Types: Only technically necessary session cookies
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) – technical necessity
  • Retention: Session cookies are deleted when the browser is closed

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR) – You can request information about your processed data.
  • Right to Rectification (Art. 16 GDPR) – You can request correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR) – You can request deletion of your data ("right to be forgotten").
  • Right to Restriction (Art. 18 GDPR) – You can request restriction of processing.
  • Right to Data Portability (Art. 20 GDPR) – You can receive your data in a common format.
  • Right to Object (Art. 21 GDPR) – You can object to processing.
  • Right to Withdraw Consent (Art. 7(3) GDPR) – You can withdraw consent at any time.

To exercise your rights, contact us at: info@qalypto.com

11. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.

Competent Supervisory Authority:

The State Commissioner for Data Protection and Freedom of Information of Bremen

Arndtstraße 1

27570 Bremerhaven, Germany

Phone: +49 421 361-2010

Email: office@datenschutz.bremen.de

12. Data Security

We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments. Data transmission is encrypted via TLS.

13. Changes to This Privacy Policy

We reserve the right to update this privacy policy to comply with current legal requirements or to reflect changes in our services. The current version can always be found on this website.