Log inTry 14 days
Legal · Privacy

Privacy policy

This policy describes the personal data we process on the website, in response to contact enquiries, during the trial period, and when you use the friendlyuse platform.

Controller

Peter Csipkay – friendlyuse
Starnberg near Munich
Germany

Note before publication: The complete postal address must be added before the website goes live.

E-mail: hello@friendlyuse.com

Data protection contact

No data protection officer has been appointed at the current project stage. Please direct data protection enquiries to hello@friendlyuse.com.

Should the conditions of Art. 37 GDPR or § 38 BDSG be met in the future, a data protection officer will be appointed and this privacy policy updated accordingly.

Website access and server logs

When this website is accessed, our hosting provider processes technically necessary access data: IP address, date and time of the request, URL accessed, HTTP status, data volume transferred, referrer, user agent, and requesting provider.

Processing is carried out to deliver the website, ensure stability, and defend against attacks on the basis of Art. 6(1)(f) GDPR. Server logs are generally deleted after 14 days unless a security-related review requires longer retention.

Contact, demo and support

When you contact us by e-mail, contact form, demo request, or support channel, we process the information you provide, in particular your name, business contact details, company, message, contract reference, and technical support information.

Processing is carried out to handle your enquiry on the basis of Art. 6(1)(b) GDPR to the extent it relates to pre-contractual or contractual communication, and otherwise on the basis of Art. 6(1)(f) GDPR.

Trial period, account and billing

For customer accounts we process account data, login data, roles, subscribed plans, billing data, payment status, domains, widget configurations, usage statistics, and technical logs relating to product use.

The legal basis is Art. 6(1)(b) GDPR. Documents relevant under commercial and tax law are retained for the statutory periods; the legal basis is Art. 6(1)(c) GDPR.

friendlyuse widget

The friendlyuse widget is embedded by website operators via a script on their websites. Visitors' personal accessibility preferences — such as font size, contrast, or reading ruler — are stored locally in the visitor's browser.

We use localStorage for storing and accessing these preferences. This storage is necessary to provide and re-apply the widget settings explicitly chosen by the visitor on their next visit.

For usage statistics, friendlyuse counts unique monthly visitors in a privacy-friendly manner using a hash of IP address, user agent, and domain. Raw IP addresses are not permanently stored for this visitor measurement under the current product concept.

To the extent customers use the widget on their websites, they are the data controller for their respective sites. friendlyuse processes customer data within the platform in accordance with the Data Processing Agreement (DPA).

Accessibility scanner

When you use the scanner, we process the URL entered, technical retrieval data, the time of the scan, and the automatically generated results. The scan is performed using an automated browser and axe-core.

Processing is carried out to provide the requested scan report on the basis of Art. 6(1)(b) GDPR where the scan forms part of a pre-contractual or contractual relationship, and otherwise on the basis of legitimate interests under Art. 6(1)(f) GDPR.

Please only scan URLs that you are authorised to access or whose automated retrieval is legally permissible.

Payments via Stripe

For paid plans we use Stripe for payment processing, invoice management, and provision of the customer portal. Data processed may include contact details, billing data, payment status, transaction data, and technical security data.

Depending on the specific payment situation, Stripe may act as an independent controller or as a data processor. Details are set out in Stripe's privacy notice and contractual documentation.

Authentication, database and infrastructure

At the current product stage, friendlyuse uses Supabase for authentication, database, and tenant-separated storage of customer data. Hosting, e-mail, monitoring, and support service providers may also be used to the extent required for operations, security, communication, and billing.

Before the productive go-live, the specific list of service providers used, their registered address, role, and any third-country transfers must be finalised and added to this policy as well as to the sub-processor list.

Recipients and service providers

  • Supabase: authentication, database, and backend infrastructure.
  • Stripe: payment processing, invoices, customer portal, and payment status.
  • Hosting and infrastructure providers: delivery of website, app, API, and widget.
  • E-mail, support, monitoring, and security providers, to the extent required for communication, error analysis, and operations.
  • Authorities, tax advisers, or legal counsel, to the extent required by law or necessary for the assertion of legal claims.

Third-country transfers

We prefer providers that process data within the EU. Should a transfer to a third country occur in a specific case, it takes place only on the basis of an adequacy decision, EU standard contractual clauses, or another permissible safeguard under Art. 44 et seq. GDPR.

Your rights

Under the GDPR you have rights of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on legitimate interests.

Where processing is based on consent, you may withdraw that consent at any time with future effect. You also have the right to lodge a complaint with a data protection supervisory authority. For Bavaria, the competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

No automated individual decision-making

At the current product stage, friendlyuse does not make decisions with legal effect based solely on automated processing within the meaning of Art. 22 GDPR.

Legal basis and research