Privacy Notice

When you visit our website, we automatically collect technical access data including browser type and version, operating system, referrer URL, pages accessed, date and time of access, and your IP address. This processing is necessary for the security and technical operation of the website.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in ensuring website functionality and cybersecurity. You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 GDPR); please contact [email protected]. Augmento has carried out a balancing test; further information is available on request.

Retention: Server log files are automatically deleted after 14 days unless a specific incident requires longer retention for security investigation purposes.

Personal data submitted through contact forms or direct email (name, email address, and the content of your message) is stored and processed for the purpose of responding to your inquiry.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in responding to business communications. You have the right to object to this processing at any time (Art. 21 GDPR); contact [email protected]. Augmento has carried out a balancing test; information is available on request.

Retention: Contact data is deleted within 6 months of the inquiry being resolved, unless a longer statutory retention period applies (e.g., under commercial or tax law) or the contact relates to a contractual relationship, in which case § 2(c) below applies.

When you register for an account, we collect your email address and a hashed version of your password. If you purchase a Subscription, we additionally process your subscription tier, billing status, and Paddle customer ID. This data is required to provide and manage your access to the Service.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.

Retention: Account data is retained for the duration of your account. Upon account deletion, personal data is deleted within 30 days, subject to any statutory retention obligations under commercial law (§ 257 HGB: 6 years for correspondence; 10 years for accounting records under § 147 AO). API keys are revoked immediately upon account deletion and associated log entries are anonymised within 90 days.

When you use the Augmento API, we automatically process API request logs, including your IP address, the endpoint called, query parameters (excluding your credentials), timestamp, and HTTP response codes. This data is processed to ensure the technical operation of the API, monitor compliance with rate limits, and investigate security incidents.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of the subscription contract; and Art. 6(1)(f) GDPR — legitimate interests in service security and abuse prevention. You have the right to object to processing under Art. 6(1)(f) at any time on grounds relating to your particular situation (Art. 21 GDPR). Augmento has carried out a balancing test; information is available on request.

Retention: API usage logs are retained for 90 days and then automatically deleted or anonymised.

Paid subscriptions are processed through Paddle.com Market Ltd (UK/Ireland), who acts as our Merchant of Record. We do not collect or store your payment card details. Paddle processes your payment data as an independent controller under their own privacy policy (available at paddle.com/legal/privacy). We store only your Paddle customer ID and subscription status.

Legal basis: Art. 6(1)(b) GDPR — necessary for contract performance. Billing-related data (e.g., invoice records) is additionally retained under Art. 6(1)(c) GDPR to comply with commercial and tax law retention obligations.

Retention: Paddle customer ID and subscription status are retained for the duration of the contractual relationship and for 10 years thereafter in accordance with § 147 AO (German Fiscal Code) for tax record-keeping purposes.

We use Freshdesk, a customer support platform provided by Freshworks, Inc. (USA), to manage support tickets. When you create a support ticket, your name (if provided), email address and the content of your messages are transmitted to and stored by Freshworks on our behalf.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of a contract; Art. 6(1)(f) GDPR — legitimate interests in providing customer support. You have the right to object to processing under Art. 6(1)(f) at any time (Art. 21 GDPR); contact [email protected]. Augmento has carried out a balancing test; information is available on request.

Retention: Support tickets and associated personal data are retained for 3 years after the ticket is resolved, after which they are deleted or anonymised.

Data transfers to the USA: Freshworks, Inc. participates in the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are additionally in place.

We use Plausible Analytics, a privacy-focused analytics service provided by Plausible Insights OU (Estonia). Plausible does not use cookies, does not collect personal data, and does not track individual users across websites. All data is aggregated and no individual visitor can be identified.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in understanding aggregate website usage patterns. As no personal data is processed, your right to object under Art. 21 GDPR does not apply to this processing activity.

For more information, see: plausible.io/data-policy

Our website is served through the content delivery network and reverse proxy of Cloudflare, Inc. (USA). Your connection is routed through Cloudflare servers, which may process your IP address, HTTP request headers and connection metadata for the purposes of content delivery, DDoS protection and website availability. Cloudflare may set technically necessary cookies for security purposes (e.g., bot detection).

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in website security and performance. You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 GDPR); contact [email protected]. Augmento has carried out a balancing test; information is available on request.

Data transfers to the USA: Cloudflare, Inc. is certified under the EU-US Data Privacy Framework (DPF). Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are additionally in place. For details, see Cloudflare’s Data Processing Addendum at cloudflare.com/privacypolicy.

We use Cloudflare Turnstile (Cloudflare, Inc., USA) to protect registration and authentication forms from automated abuse. Turnstile may process browser characteristics, interaction patterns and your IP address to distinguish legitimate users from bots. No tracking cookies are set.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in preventing automated abuse and ensuring service integrity. You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 GDPR); contact [email protected]. Augmento has carried out a balancing test; information is available on request.

Data transfers to the USA: As described in § 2(i) above for Cloudflare.

We use Resend, Inc. (USA) to deliver transactional emails (e.g., password reset emails, account verification, subscription notifications). Your email address and the content of the transactional message are transmitted to Resend for this purpose.

Legal basis: Art. 6(1)(b) GDPR — necessary for contract performance (account management).

Data transfers to the USA: Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place. Resend, Inc. is certified under the EU-US Data Privacy Framework (DPF).

Retention: Resend retains email delivery logs for 30 days.

Where you access the Service on behalf of a business or organisation (e.g., as an employee, analyst or authorised representative), we process the personal data necessary to manage the institutional subscription account: email addresses, names, job titles (if provided), and communication history.

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of the subscription contract with your organisation; Art. 6(1)(f) GDPR — legitimate interests in maintaining the business relationship. You have the right to object to processing under Art. 6(1)(f) at any time (Art. 21 GDPR); contact [email protected].

Retention: Business contact data is retained for the duration of the subscription and for 3 years after contract termination for correspondence purposes, subject to commercial law retention obligations.