Tech Demo

This is a tech demo. Some functions may be missing or not working.

Privacy Policy

Last updated: February 14, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Logproof / [TODO: First and last name]

[TODO: Street and house number]

[TODO: Postal code and city]

Email: hello@logproof.de

2. Overview of Data Processing

We only process personal data to the extent necessary to provide a functional website and our content and services. The following overview summarizes the types of data processed, the purposes of their processing, and the data subjects concerned.

Types of Data Processed

  • Master data (e.g., names, addresses)
  • Contact data (e.g., email addresses)
  • Content data (e.g., audit log entries, text inputs)
  • Usage data (e.g., pages visited, access times)
  • Meta/communication data (e.g., IP addresses, device information)
  • Contract data (e.g., subject matter, duration, customer category)

Purposes of Processing

  • Provision of our online services and user-friendliness
  • Contract fulfillment and provision of contractual services
  • Contact inquiries and communication
  • Security measures
  • Management and response to inquiries

Legal Bases

Processing is carried out on the basis of the following legal grounds: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR), consent (Art. 6 para. 1 lit. a GDPR), legal obligation (Art. 6 para. 1 lit. c GDPR).

3. Hosting

We operate our application on a self-managed server located in Germany. The infrastructure provider only supplies the hardware or virtual server and has no access to the data stored on it. All administration and data processing is carried out exclusively by us.

Since the infrastructure provider has no access to personal data and does not process data on our behalf, a data processing agreement (DPA) is not required.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the efficient and secure provision of our online services).

4. Access Data / Server Log Files

When accessing our website, general information is automatically collected. This information (server log files) includes:

  • IP address of the requesting computer
  • Date and time of access (timestamp)
  • Name and URL of the requested file
  • Website from which access was made (referrer URL)
  • Browser used and, if applicable, the operating system (user agent)
  • Amount of data transferred
  • HTTP status code

This data is technically necessary to display our website and to ensure stability and security. This data is not merged with other data sources.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the security and stability of the service). Log files are automatically deleted after 14 days.

5. Registration and User Account

You can create a user account on our platform. We collect the following data during the registration process:

  • Name
  • Email address
  • Password (stored exclusively as a cryptographic hash)

Registration is required for the fulfillment of a contract with you or for the implementation of pre-contractual measures.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment). Data is deleted once it is no longer necessary for the purpose of its collection. This is the case when the user account is deleted.

6. Email Communication

For sending transactional emails (e.g., registration confirmation, password reset@if($shopMode), invoices@endif), we use the following service provider:

[TODO: Mailgun / Postmark – select provider]

[TODO: Provider address]

Your email address and the content of each email are transmitted to the service provider. These are exclusively transactional emails required for the provision of our contractual services. Marketing emails or newsletters are not sent unless you have expressly consented.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).

7. Cookies and Sessions

Our website uses only technically necessary cookies. These cookies are required to ensure the basic functions of the website.

Cookies Used

  • session – Session cookie for authentication and session management (lifetime: until browser is closed or session expires)
  • XSRF-TOKEN – CSRF protection cookie (lifetime: session)

We do not use tracking cookies, analytics cookies, or marketing cookies. Therefore, consent via a cookie banner is not required.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically error-free provision of the website).

8. Audit Log Data

Logproof processes audit log data as part of its core service on behalf of its customers. The audit log entries submitted via the API may contain personal data of our customers' end users (e.g., user IDs, IP addresses, action descriptions).

In this case, Logproof acts as a data processor within the meaning of Art. 28 GDPR. Processing is carried out exclusively on the instructions of the respective customer (data controller).

Upon request, a data processing agreement (DPA) pursuant to Art. 28 GDPR is concluded with our customers. This regulates in particular:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data
  • Categories of data subjects
  • Technical and organizational measures

Audit log data is stored in a cryptographically chained hash chain and is protected against subsequent manipulation. Storage takes place exclusively on servers in Germany.

9. Your Rights

As a data subject, you have the following rights:

  • Right of Access (Art. 15 GDPR) – You can request information about your personal data processed by us.
  • Right to Rectification (Art. 16 GDPR) – You can request the immediate correction of inaccurate or completion of your personal data stored by us.
  • Right to Erasure (Art. 17 GDPR) – You can request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing (Art. 18 GDPR) – You can request the restriction of processing of your personal data.
  • Right to Data Portability (Art. 20 GDPR) – You can request to receive the data you have provided to us in a structured, commonly used, and machine-readable format, or request the transfer to another controller.
  • Right to Object (Art. 21 GDPR) – You can object at any time to the processing of your personal data, insofar as the processing is based on Art. 6 para. 1 lit. f GDPR.

To exercise your rights, please contact us by email at: hello@logproof.de

10. Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

The competent supervisory authority for us is:

[TODO: Insert competent data protection authority]

[TODO: Address]

11. Changes to This Privacy Policy

We reserve the right to adjust this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. Your subsequent visit will then be subject to the new privacy policy.

Significant changes will be communicated to registered users by email.