Privacy Policy

The data controller within the meaning of the General Data Protection Regulation (GDPR) is CS Holding UG (haftungsbeschränkt), represented by Managing Director Christian Schnatz, Zur Meesche 22, 38159 Vechelde, Germany, email: info@seed-back.com, phone: +49 176 10308235.

We process personal data that is necessary for the provision, use, and billing of our application “Seedback”. This includes in particular:

• Registration and contact data (e.g. name, email address, payment data) – Legal basis: performance of contract (Art. 6(1)(b) GDPR).
• Usage data such as IP address, date and time of access, operating system and browser – Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
• Review data submitted by your customers via the QR codes provided by Seedback – Legal basis: legitimate interest and performance of contract.

We use your personal data to provide our services, manage your account, provide support, collect reviews and forward them to Google, as well as for technical analysis and improvement of our offerings.

To provide our services, we use trusted data processors:

• Supabase Inc. (Stamford, CT, USA) – Database, authentication, and Edge Functions. Processing on EU servers (Frankfurt/DE).
• Stripe Payments Europe, Limited (Dublin, Ireland) – Payment and subscription processing.
• Resend Inc. (San Francisco, CA, USA) – Sending emails (donation certificates, feedback messages). Data transfer to the USA based on the EU-US Data Privacy Framework.
• Other recipients may include IT service providers and consultants.

We have concluded data processing agreements with all processors. For data transfers to third countries, appropriate safeguards (e.g. EU Standard Contractual Clauses) are agreed upon.

We store your personal data only as long as necessary for the above-mentioned purposes or until you delete your account. Review data is stored anonymously, unless statutory retention obligations apply.

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), and data portability (Art. 20 GDPR). You may object to processing at any time (Art. 21 GDPR). You also have the right to lodge a complaint with a data protection supervisory authority.

The application does not use tracking tools or marketing cookies. Technically necessary cookies are only set to ensure the functionality of the app (e.g. for authentication).

No automated decision-making within the meaning of Art. 22 GDPR takes place. No user profiles are created.

We reserve the right to update this privacy policy to adapt it to changed legal situations or changes to the service. The current version is always available in the app.