Information on the processing of personal data when using creatorlinkhub.eu and the Creator Link Hub platform.
We are pleased you are visiting. This policy explains how we process personal data when you use our website and related features (in particular user accounts, licence management and payment processing).
Personal data means any information relating to an identified or identifiable natural person.
The controller under the GDPR is:
Sebastian Wulf
Kisselnallee 1
13589 Berlin
Germany
Email: support@creatorlinkhub.eu
When you access our website, the hosting server automatically collects and briefly processes information including: requested resource, date and time, IP address, browser type and version, operating system, referrer URL and data volume transferred.
The purpose is technical delivery of the site, stability and security, and abuse prevention.
Legal basis: Art. 6 (1) (f) GDPR.
If you contact us by email, we process the data you provide (in particular sender address, message content and technical transmission metadata) to handle your request.
Legal basis: Art. 6 (1) (f) GDPR; where your request concerns a contract, additionally Art. 6 (1) (b) GDPR.
We do not currently offer a separate contact form on the website.
For registration, sign-in and account use we process in particular: email address, password (only as a cryptographic hash), preferred language, and time-limited tokens for email verification and password reset.
In connection with your licence we store e.g.: chosen plan (self-hosting or cloud), the installation domain you provide (self-hosting) or the assigned cloud subdomain and resulting hostname, the computed licence key, status and deadlines (e.g. trial, paid period), Stripe customer and subscription IDs and price references where applicable, cloud provisioning status and instance URL, and configurable download URLs for software packages where applicable.
To prevent abuse we store time-limited records of registration, sign-in and licence-check activity (including truncated identifiers and IP addresses).
Purposes include contract performance, licence administration, technical operation and abuse prevention.
Legal basis: Art. 6 (1) (b) GDPR; additionally Art. 6 (1) (f) GDPR for security and integrity of the platform.
For installation and operation of the licensed software we provide a technical interface (HTTP endpoint for licence verification). This processes the licence key transmitted, your IP address and a hash value used for rate limiting.
The purpose is to provide the contractually owed licence functionality and to protect against abuse.
Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.
Paid services are processed via Stripe. The provider includes Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Payment processing may involve in particular: name, email address, billing and payment data, IP address and transaction data. Processing serves contract performance and payment handling.
Legal basis: Art. 6 (1) (b) GDPR.
Further information: https://stripe.com/privacy
We use a session cookie required for sign-in, form protection (CSRF) and server-side image captcha during registration. A cookie may store your preferred language (up to ~12 months) when you switch language on the site.
Legal basis for technically necessary cookies: Art. 6 (1) (f) GDPR. Language preference is processed to display the site appropriately in line with use of our service (also Art. 6 (1) (f) GDPR).
We do not currently offer a newsletter or send promotional email without separate consent.
We do not currently use embedded web analytics (e.g. Google Analytics, Matomo, Plausible) that would require consent under Art. 6 (1) (a) GDPR.
Our website may contain links to external sites. Only the operators of those sites are responsible for any processing there.
The website and database are operated with our hosting and infrastructure provider; technical access and storage data arise at the provider.
Email (e.g. confirmations, notifications) is sent via a configured SMTP service; technical metadata may be processed there.
Automatic cloud instance provisioning may call a separate provisioning service over an encrypted interface; only the minimum data required for setup is transmitted (e.g. licence identifier, subdomain, hostname).
Where processing is carried out on our behalf, we conclude Art. 28 GDPR data processing agreements with providers as required.
To ensure operation and security we may maintain server and application log files (e.g. under storage/logs). We also maintain an audit log of security- and traceability-relevant events (e.g. registration, sign-in), sometimes with IP address and limited accompanying technical information.
Legal basis: Art. 6 (1) (f) GDPR.
We store personal data only as long as necessary for the respective purposes or where statutory retention applies.
Data are deleted or anonymised once the purpose no longer applies and no retention obligations conflict. Email verification and password-reset tokens are time-limited and removed after expiry or successful use.
You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and to withdraw consent (Art. 7 (3) GDPR) where consent was the legal basis.
You also have the right to object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1) (f) GDPR (Art. 21 GDPR). Where personal data were processed for direct marketing, you would have a right to object to that processing; we do not currently conduct direct marketing without consent (see section 8).
You may lodge a complaint with a supervisory authority (Art. 77 GDPR).
We implement technical and organisational measures appropriate to the risk. The website uses TLS encryption (HTTPS) where supported by your browser and configuration.
We may update this privacy policy when our services, processing activities or legal requirements change. The current version is always available on this page.