Legal
Privacy Policy
Last updated: 2 June 2026
Compliant with the EU General Data Protection Regulation (GDPR / DSGVO) and the Austrian Data Protection Act (Datenschutzgesetz — DSG).
1. Data Controller
The controller responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is:
2. What Data We Collect
2.1 Data you provide directly
- Contact form — name, e-mail address, and any information you include in your message.
- Account registration — e-mail address and password (stored securely via Supabase Auth).
2.2 Data collected automatically
- Log data — IP address, browser type, pages visited, date/time of access.
- Cookies — see our Cookie Policy.
3. Legal Basis for Processing
We process your personal data only when we have a valid legal basis under Art. 6 GDPR:
| Processing activity | Legal basis |
|---|---|
| Responding to contact form enquiries | Art. 6(1)(b) GDPR — performance of a (pre-)contract |
| Providing and securing the website | Art. 6(1)(f) GDPR — legitimate interest |
| User authentication (admin) | Art. 6(1)(b) GDPR — performance of a contract |
| Storing server logs for security | Art. 6(1)(f) GDPR — legitimate interest |
| Analytics cookies (if enabled) | Art. 6(1)(a) GDPR — your consent |
4. Third-Party Service Providers
We use selected third-party processors acting on our behalf under data processing agreements (Art. 28 GDPR):
Supabase Inc.
Location: USA (EU Standard Contractual Clauses)
Purpose: Database hosting and user authentication
Privacy policy →Vercel Inc.
Location: USA (EU Standard Contractual Clauses)
Purpose: Website hosting and content delivery
Privacy policy →Google LLC (Google Fonts)
Location: USA (EU Standard Contractual Clauses)
Purpose: Loading web fonts — your IP may be transmitted to Google
Privacy policy →5. Data Retention
- Contact form messages — up to 3 years, then securely deleted.
- Server logs — automatically deleted after 30 days.
- Account data — retained while active; deleted within 30 days of closure.
- Cookies — see the Cookie Policy.
6. International Data Transfers
Where personal data is transferred outside the EEA, we ensure adequate protection via EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and/or an adequacy decision by the European Commission.
7. Your Rights Under GDPR
As a data subject under the GDPR and the Austrian DSG, you have the following rights:
Right of access (Art. 15 GDPR)
Obtain a copy of all personal data we hold about you.
Right to rectification (Art. 16 GDPR)
Have inaccurate personal data corrected without undue delay.
Right to erasure (Art. 17 GDPR)
Request deletion of your data where no longer necessary.
Right to restriction (Art. 18 GDPR)
Request that we restrict processing under certain conditions.
Right to data portability (Art. 20 GDPR)
Receive your data in a structured, machine-readable format.
Right to object (Art. 21 GDPR)
Object to processing based on legitimate interests.
Withdraw consent (Art. 7(3) GDPR)
Withdraw consent at any time without affecting prior processing.
Lodge a complaint (Art. 77 GDPR)
File a complaint with the Austrian Data Protection Authority.
To exercise any right, contact us at privacy@webora.dev. We respond within 30 days (Art. 12(3) GDPR).
8. Supervisory Authority — Austrian DSB
You have the right to lodge a complaint with the competent supervisory authority:
Österreichische Datenschutzbehörde (DSB)
Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
www.dsb.gv.at →9. Security
We implement appropriate technical and organisational measures per Art. 32 GDPR — including TLS encryption, hashed passwords, and access controls — to protect your data against unauthorised access or disclosure.
10. Children's Privacy
Our services are not directed at children under 14. If you believe a child has provided data, contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date.
Also see our Cookie Policy
Full details on the cookies we use and how to manage them.