Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Scaled Academy GmbH
Taunusanlage 8
60329 Frankfurt am Main
Germany
Email: info@scaledacademy.net

2. Data Collection on Our Website

a) Registration (Email or Username)

You have the choice of how to identify yourself:

• Email Variant: We store your email address to enable login and password recovery.
• Username Variant: We only store the username you have chosen. In this case, no email address is collected. Note: If you lose your password, recovery is not possible.

Legal Basis: Art. 6 (1) (b) GDPR (Performance of a contract).

b) Connection Data (WebRTC Handshake)

To establish a direct peer-to-peer (P2P) connection between you and your conversation partner, our server briefly processes your IP address and technical metadata (so-called ICE candidates).

• Processing: This data only serves to introduce the devices to each other. Once the connection is established, no further data flows through our server.
• Storage: This handshake data is deleted from the volatile memory immediately after the connection is established or the chat room is closed and is not permanently logged.

Legal Basis: Art. 6 (1) (f) GDPR (Legitimate interest in providing a functional service).

c) Message Content and Files

Due to the end-to-end encryption and the P2P architecture, we have no access to your chat content, images, or files. These are transmitted exclusively in encrypted form between the end devices and are never stored on our servers.

3. Payment Processing (Stripe)

For paid subscriptions, we use the payment service provider Stripe Payments Europe Ltd., Ireland.

• Data Flow: When you complete a subscription, your payment data (credit card number, CVC, expiry date) is entered directly into the Stripe interface. We only receive confirmation of payment and the necessary metadata to assign it to your account. We do not store full credit card data on our own servers.
• Details: Information on data protection at Stripe can be found at: https://stripe.com/privacy.

Legal Basis: Art. 6 (1) (b) GDPR (Performance of a contract).

4. Hosting and Infrastructure

Our website, handshake infrastructure, as well as our authentication and database services are hosted by the following external providers:

• IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany — web hosting and server infrastructure.
• Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992 — authentication and database (PostgreSQL). Data processing within the EU.

Server log files (IP address, browser type, timestamp) are collected, which are necessary to ensure technical operation and to prevent danger (DDoS protection). This data is deleted or anonymized after 7 days at the latest.

Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure operation of the website). Data processing agreements pursuant to Art. 28 GDPR have been concluded with all processors.

5. Your Rights

You have the right at any time to:

• Access information about your data stored by us (Art. 15 GDPR).
• Rectification of incorrect data (Art. 16 GDPR).
• Erasure of your data (“Right to be forgotten”, Art. 17 GDPR).
• Restriction of processing (Art. 18 GDPR).
• Data portability (Art. 20 GDPR).
• Object to the processing (Art. 21 GDPR).

To exercise these rights, please contact info@scaledacademy.net.

6. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (e.g., the Hessian Commissioner for Data Protection and Freedom of Information).