Privacy Policy

Thank you for your interest in Buildry. Protecting your personal data is important to us. The following sections explain in detail how we handle your data.

1. Data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Alexander Löfflad Im Speicher 18 79353 Bahlingen am Kaiserstuhl Germany

Email: hello@buildry.app

2. General information on data processing

2.1 Scope of processing

We collect and use personal data from our users only to the extent necessary to provide a functional website along with our content and services. Personal data is generally processed only with the user’s consent. An exception applies where prior consent cannot reasonably be obtained and processing of the data is permitted by law.

2.2 Legal basis for processing

Where we obtain the data subject’s consent for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Where processing of personal data is necessary to fulfil a legal obligation to which our organisation is subject, Art. 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our organisation or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, then Art. 6(1)(f) GDPR serves as the legal basis for processing.

2.3 Erasure and storage period

Personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage beyond that may take place where it is provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by such norms expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

3. Provision of the website and creation of log files

3.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

• IP address of the user
• Date and time of access
• Page accessed
• Referrer URL (the previously visited page)
• Browser and operating system used
• Amount of data transferred
• HTTP status code

This data is temporarily stored in the log files of our hosting provider. This data is not stored together with other personal data of the user.

Our hosting provider is:

Cloudflare Germany GmbH Rosental 7 80331 Munich Germany

Cloudflare operates a globally distributed Content Delivery Network (CDN). When you access our website, the content is delivered via Cloudflare’s infrastructure. In doing so, Cloudflare processes technically necessary data (in particular IP address, timestamp, HTTP request details) to deliver the content and to protect against cyber-attacks, bot traffic and abuse.

A data processing agreement (DPA) within the meaning of Art. 28 GDPR has been concluded with Cloudflare, ensuring the protection of our visitors’ data. To the extent that personal data is transferred to the US parent company Cloudflare Inc., this is done on the basis of the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023). Cloudflare is certified under the Data Privacy Framework.

Further information on Cloudflare’s data protection practices is available at: https://www.cloudflare.com/en-gb/privacypolicy/

3.2 Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the secure and stable operation of our website and in detecting and preventing abuse.

3.3 Purpose of data processing

Temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the website’s functionality. In addition, the data helps us optimise the website and ensure the security of our information technology systems.

3.4 Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. IP addresses in Cloudflare’s log files are deleted or anonymised after 24 hours by default. Aggregated security and performance data without personal reference may be retained longer.

3.5 Right to object and removal

The collection of data for the provision of the website and the storage of the data in log files is essential for operating the website. Consequently, there is no possibility for the user to object.

4. Contact form and email contact

4.1 Description and scope of data processing

Our website provides a contact form which can be used for electronic contact. If you use this option, the data you enter into the input mask is transmitted to us and stored. This data is:

• Email address (required)
• Name (optional)
• The content of your message
• Time of submission
• IP address at the time of submission

For the purpose of spam prevention we use technical safeguards (honeypot technique). No additional personal data is collected by this.

To send the request as an email to us we use the following service:

Resend, Inc. 2261 Market Street #5039 San Francisco, CA 94114 USA

A data processing agreement (DPA) within the meaning of Art. 28 GDPR has been concluded with Resend. Data is transferred to the USA on the basis of the EU-US Data Privacy Framework. Resend is certified under the Data Privacy Framework.

Further information on Resend’s data protection practices is available at: https://resend.com/legal/privacy-policy

Alternatively, you may contact us via the email address hello@buildry.app. In that case, the personal data transmitted with the email is stored.

In none of the cases mentioned above is data passed on to third parties beyond the processors named. The data is used exclusively for processing the conversation.

4.2 Legal basis for data processing

Where the user has given consent, the legal basis for data processing is Art. 6(1)(a) GDPR.

The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. Where the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

4.3 Purpose of data processing

The processing of personal data from the input mask serves solely to handle the contact request. In the case of contact by email, this is also the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4.4 Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form’s input mask and the data sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when the circumstances indicate that the matter in question has been conclusively clarified.

At the latest, contact requests without further correspondence will be deleted after six months.

In the event of statutory retention obligations, deletion takes place after their expiry.

4.5 Right to object and removal

You can withdraw your consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. In such cases the conversation cannot be continued.

All personal data stored in the course of the contact will be deleted in this case. An informal email to hello@buildry.app is sufficient.

5. Rights of the data subject

If personal data about you is processed, you are a data subject within the meaning of the GDPR, and the following rights apply against the data controller:

5.1 Right of access (Art. 15 GDPR)

You can request confirmation from us as to whether personal data concerning you is being processed. If such processing is taking place, you can request information from us on the following:

• the purposes for which the personal data is processed
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed
• the planned duration of storage
• the existence of a right to rectification or erasure
• the existence of a right to lodge a complaint with a supervisory authority
• all available information about the origin of the data, if the personal data is not collected from the data subject

5.2 Right to rectification (Art. 16 GDPR)

You have the right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete.

5.3 Right to restriction of processing (Art. 18 GDPR)

Under certain conditions, you can request the restriction of the processing of personal data concerning you.

5.4 Right to erasure (Art. 17 GDPR)

You can request the controller to delete personal data concerning you without undue delay, provided one of the legally regulated grounds applies.

5.5 Right to notification (Art. 19 GDPR)

If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing.

5.6 Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format.

5.7 Right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that takes place on the basis of Art. 6(1)(e) or (f) GDPR.

5.8 Right to withdraw the data protection consent declaration (Art. 7(3) GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

5.9 Automated decision-making in individual cases including profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you.

5.10 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you violates the GDPR.

The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Lautenschlagerstraße 20 70173 Stuttgart Germany Telephone: +49 711 / 615541-0 Fax: +49 711 / 615541-15 Email: poststelle@lfdi.bwl.de Website: https://www.baden-wuerttemberg.datenschutz.de

6. Currency and amendments to this privacy policy

This privacy policy is currently valid and was last updated on 11 May 2026. As our website and services evolve or due to changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. The current version of the privacy policy can be retrieved and printed from the website at any time at https://buildry.app/en/privacy.

---

Last updated: 11 May 2026