Privacy Policy
Last updated: May 23, 2026
For consumers in Germany, the rechtsverbindliche deutschsprachige Datenschutzerklärung is available at resistro.org/trust.html. The English version below is provided for international and B2B customers.
1. Controller
Alexander Renz, registered sole proprietorship (Einzelunternehmen) since April 28, 2026.
Jahnstraße 13, 82152 Krailling, Germany. Email: hello@resistro.org
2. Data We Collect
- Account data: Email address, name, hashed password (bcrypt).
- Billing data: Processed by Paddle (our Merchant of Record). We do not store credit card numbers, IBANs or other payment instrument data.
- Technical data: Database names, backup metadata (size, duration, status), agent hostname and version, IP addresses in access logs.
- Backup data: Encrypted with your key. We cannot read it.
3. Legal Basis (Art. 6 GDPR)
- Contract performance (Art. 6(1)(b)): account management, service delivery.
- Legitimate interest (Art. 6(1)(f)): security logging, abuse prevention.
- Legal obligation (Art. 6(1)(c)): retention of billing records (German tax law).
- Consent (Art. 6(1)(a)): marketing emails — opt-in only, revocable any time.
4. Data Processing and Sub-Processors
- Hosting: Hetzner Online GmbH, Germany (EU). Backup data and customer data never leave the EU.
- Payments: Paddle.com Market Ltd, United Kingdom. Paddle acts as Merchant of Record (separate controller for billing data).
- Email: SMTP via our own infrastructure (EU-hosted).
A signed Data Processing Agreement (AVV / DPA) under Art. 28 GDPR is available for Business and Pro plan customers — see resistro.org/avv.html.
5. Data Retention
- Account data: until account deletion + 30 days.
- Backup data: per your retention policy, max 30 days after account cancellation, then permanently deleted.
- Access logs: 90 days.
- Billing records: 10 years (German tax law — § 147 AO).
6. Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Delete your data (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Lodge a complaint with a supervisory authority (in Germany: Bayerisches Landesamt für Datenschutzaufsicht)
To exercise these rights, email hello@resistro.org. We respond within 30 days.
7. Cookies and Tracking
We use only essential cookies (session token stored in localStorage). No tracking cookies, no analytics, no third-party scripts on resistro.org or cloud.resistro.org.
8. Security
All connections use TLS 1.3. Passwords are hashed with bcrypt. Backup data is AES-256 encrypted end-to-end on your server before transmission. Infrastructure is hosted in ISO 27001 certified Hetzner data centers in Germany.
9. International Transfers
Data is stored and processed exclusively within the EU. Paddle (UK) processes billing data under the UK GDPR adequacy decision (Commission Implementing Decision (EU) 2021/1772).
10. Contact
Data Protection contact: hello@resistro.org.
Full Imprint: resistro.org/trust.html