Privacy Policy

1. Data Controller

Nikolaus Redl

Email: nik@specialtytokens.com

VAT ID: ATU82884407

(hereinafter “we”, “us”, or “Specialty Tokens”)

2. General Information

The protection of your personal data is important to us. This privacy policy informs you about the processing of your personal data on our website and in our application in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

3. Data We Collect

3.1 Account Data

When you register and use our service, we process:

• Email address
• Name (if provided)
• Profile picture (if provided by your SSO provider)
• WorkOS user ID (for authentication)

3.2 Usage Data

For billing and service improvement, we collect:

• Session data (start time, end time)
• Feature usage and configuration
• Connection status (not contents of connected systems)

3.3 Analytics Data

We use PostHog for product analytics. We collect:

• Page views and navigation
• Feature usage
• Device information (browser, OS, screen size)

We do not track terminal content, commands, source code, or any user-generated content.

3.4 Payment Data

Payments are processed through our payment processor as Merchant of Record. We do not store credit card data. The payment processor handles your payment information and issues invoices.

4. Legal Basis

We process your data based on the following legal grounds (Article 6 GDPR):

• Contract performance (Art. 6(1)(b)): Account data, usage data, billing data
• Legitimate interest (Art. 6(1)(f)): Analytics for service improvement, security
• Consent (Art. 6(1)(a)): Optional marketing communications

5. Third-Party Processors

We use the following service providers to deliver our service:

• WorkOS Inc. (USA) — Authentication
• Convex, Inc. (USA) — Database and backend
• PostHog, Inc. (USA) — Product analytics
• Cloudflare, Inc. (USA) — CDN and security
• Vercel, Inc. (USA) — Hosting

Data transfers to the USA are based on Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR.

6. Data Retention

• Account data: Until you delete your account
• Usage and billing data: 7 years (legal retention requirement under Austrian tax law)
• Analytics data: 2 years

7. Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15): Know what data we store about you
• Rectification (Art. 16): Correct inaccurate data
• Erasure (Art. 17): Delete your data
• Restriction (Art. 18): Restrict processing
• Data portability (Art. 20): Export your data
• Object (Art. 21): Object to processing
• Withdraw consent (Art. 7): Withdraw any given consent

To exercise your rights, contact us at: nik@specialtytokens.com

8. Cookies

We use technically necessary cookies for:

• Authentication and session management
• Security features

Analytics cookies (PostHog) are used to improve our service. You can disable cookies in your browser settings.

9. Data Security

We implement technical and organizational measures to protect your data, including:

• Encrypted data transmission (TLS/HTTPS)
• Encryption for sensitive data (environment variables, API keys)
• Token-based authentication
• Isolated environments per workspace

10. Supervisory Authority

You have the right to lodge a complaint with the data protection authority:

11. Changes

This privacy policy may be updated from time to time. The current version is always available on this page. We will notify you of material changes by email.