⚠️ Review and fill in your company details (name, address) before going live.

Privacy Policy

Last updated: March 2026

1. Controller

[YOUR COMPANY NAME]
[Street, City, Postal Code, Country]
E-mail: privacy@bainder.net

2. Data We Collect

  • Account data: email address and encrypted password (managed by Supabase Auth).
  • Documents: PDF files and images you upload, stored in a private Supabase Storage bucket accessible only to you.
  • Document metadata: AI-extracted summaries, keywords, categories, and follow-up items derived from your documents.
  • Payment information: Stripe handles all payment processing. We store only your subscription status and plan tier; we never see your card number.
  • Cookies: A strictly necessary session cookie issued by Supabase to keep you signed in. No tracking or advertising cookies are set.

3. Legal Basis (GDPR Art. 6)

Processing is necessary for the performance of the contract between you and bainder (Art. 6(1)(b) GDPR). Session cookies are strictly necessary for the service to function.

4. Processors

  • Supabase (EU): database and file storage — Privacy Policy
  • Anthropic: AI text extraction via the Claude API — Privacy Policy. Document text is sent to the Claude API for processing and is not used to train models.
  • Stripe: payment processing — Privacy Policy
  • Resend: transactional email delivery — Privacy Policy
  • Vercel: application hosting — Privacy Policy

5. Retention

Your data is retained for as long as your account is active. You may delete your account at any time from Settings → Billing → Danger Zone, which permanently erases all documents, metadata, and your account credentials. Payment records may be retained by Stripe as required by law.

6. Your Rights

Under the GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten") — use the in-app account deletion or contact us.
  • Portability of your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Lodge a complaint with your national supervisory authority (in Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit).

To exercise any right, contact us at privacy@bainder.net.

7. Contact

For any privacy-related questions, email privacy@bainder.net.