Privacy Policy

0. Controller and Contact

Controller (Art. 4(7) GDPR): Luchianenco Labs (Einzelunternehmen), Serghei Luchianenco, Von-Galen-Str. 6, 47608 Geldern, Germany. Primary data storage (database) is located in Germany. The web application is hosted by Vercel; certain technical data may be processed outside the EU/EEA. See sections on hosting and international transfers.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Personal Information

• Name and contact information (email, phone, address)
• Business information (company name, tax ID, business address)
• Account credentials (username, password)
• Payment information (processed securely through third-party providers)

Business Data

• Customer information you input into the system
• Invoice and quote data
• Product and service information
• Transaction records and business analytics

2a. Legal Bases for Processing (GDPR)

• Performance of a contract (Art. 6(1)(b) GDPR), e.g., providing the service
• Legitimate interests (Art. 6(1)(f) GDPR), e.g., security, fraud prevention, service improvement
• Consent (Art. 6(1)(a) GDPR), where required
• Legal obligation (Art. 6(1)(c) GDPR), e.g., tax and accounting

3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect our rights, property, or safety
• With trusted service providers who assist in operating our platform
• In connection with a merger, acquisition, or sale of assets

3a. Hosting and Processors

Our database and primary data storage are located in Germany. The Next.js application frontend is hosted by Vercel. In providing hosting and edge delivery, Vercel may process technical data (e.g., IP address, request metadata, logs) which can be handled outside the EU/EEA. We may also use other trusted processors (e.g., email delivery, analytics, error monitoring). Data processing agreements are in place.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure data centers and infrastructure
• Employee training on data protection practices

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. We may also retain information to comply with legal obligations, resolve disputes, and enforce our agreements.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access to your personal information
• Correction of inaccurate or incomplete information
• Deletion of your personal information
• Restriction of processing
• Data portability
• Objection to processing

You also have the right to lodge a complaint with your local supervisory authority. In Germany, this is typically the state data protection authority (Landesdatenschutzbehörde).

6a. International Data Transfers

Our primary data storage remains in Germany. Limited transfers may occur for technical hosting and related services (e.g., via Vercel) outside the EU/EEA. For such transfers, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission. Copies of these safeguards are available upon request where legally permissible.

7. Cookies and Tracking

We use cookies and similar tracking technologies to collect and use personal information about you. These technologies help us provide and improve our services, analyze usage patterns, and personalize your experience.

7a. Cookies We Use

The table below summarizes the main cookies and similar local preferences used on this website at the time of writing. Necessary cookies are required for consent management and core site preferences. Analytics only loads when you have opted in.

8. Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

8a. Vercel Analytics

We use Vercel Analytics to measure usage and performance of our application. Analytics only loads when you consent to cookies (Analytics category). Data may be processed outside the EU/EEA by Vercel. You can change your consent at any time via the Manage cookies link in the footer.

• Provider: Vercel Inc.
• Purpose: measurement of site usage and performance.
• Legal basis: your consent for analytics cookies.
• Analytics code for measurement is only loaded after analytics consent is granted.

8b. Fonts and Icon Assets

This website does not send browser requests to Google Fonts or other third-party font CDNs during normal page rendering. Fonts used through Next.js font optimization are self-hosted and served from our own deployment, and icon assets such as Remix Icon are bundled locally with the application.

8c. Stripe Payments and Billing

We use Stripe to process subscription payments, checkout sessions, billing-related webhooks, and related customer records for paid plans. When you start or manage a subscription, payment and account-related data is transmitted to Stripe.

• Provider: Stripe, Inc. and affiliated Stripe entities.
• Categories of data: billing contact details, subscription identifiers, payment-related metadata, transaction status, and Stripe customer/subscription IDs.
• Purpose: payment processing, subscription management, fraud prevention, accounting, and support for billing issues.
• Legal basis: performance of a contract, compliance with legal obligations for accounting/tax, and legitimate interests in secure billing operations.

8d. AI Features and Google Gemini

If you actively use AI-assisted features, we send the prompts and related content you provide to the configured AI provider, currently Google Gemini, in order to generate suggestions or draft content for you. This processing only occurs when you choose to use an AI feature.

• Provider: Google Ireland Limited / Google LLC (Gemini API), depending on the service configuration and processing location.
• Categories of data: prompt text, invoice/quote/product content you submit to the AI feature, and optional images or voice-derived text when those features are used.
• Purpose: generate draft invoices, quotes, email text, product descriptions, line item suggestions, tags, and other AI-assisted outputs requested by you.
• Legal basis: processing at your request in order to provide the optional AI feature you chose to use; where required by law, this may also rely on your consent.

8e. Email Delivery via Brevo

We use Brevo to send transactional emails such as account-related messages, password reset emails, magic links, and invoice or quote emails that you trigger from the service.

• Provider: Brevo (Sendinblue SAS), France, European Union.
• Categories of data: recipient email address, sender details, message metadata, and the email content or attachments required to deliver the message.
• Purpose: reliable email delivery, communication about your account, and sending business documents you choose to send through the platform.
• Legal basis: performance of a contract, legitimate interests in secure and reliable communications, and compliance with legal obligations where business correspondence must be retained or documented.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: