Last updated: June 2025
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
CleverApprove UG (haftungsbeschränkt)
Musterstraße 12, 10115 Berlin, Germany
Email: privacy@cleverapprove.de
When you create an account, we store your email address and, optionally, your name. Authentication uses magic links: we send a one-time login link to your email address. No password is stored. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Retention: as long as your account exists, plus 30 days after deletion.
After login we set a single, technically necessary session cookie. This cookie identifies your authenticated session and is required for the service to function. It is set as HttpOnly and Secure; it cannot be read by JavaScript. No tracking or advertising cookies are used. Legal basis: § 25(2) No. 2 TTDSG (strictly necessary); Art. 6(1)(f) GDPR (legitimate interest in a secure, functional service). The cookie expires after 30 days or when you sign out.
Files you upload as part of an approval request, as well as any message text, approval decisions, comments, and annotations, are stored to provide the core service. Legal basis: Art. 6(1)(b) GDPR. Files are deleted within 90 days after a request is closed or deleted.
When you add recipients to a request, we store their name, email address, and/or phone number solely to deliver the approval notification and process their response. Recipients are not required to create an account. Legal basis: Art. 6(1)(b) GDPR. Recipient data is deleted along with the associated request.
Billing is handled by Stripe, Inc. (see section 3). We do not store full payment card details. We receive and store your Stripe customer ID, subscription status, and billing email. Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(c) GDPR (legal obligation for invoice retention). Invoices are retained for 10 years as required by German commercial law.
Our infrastructure generates access logs (IP address, timestamp, URL, HTTP status code) for security and operational purposes. We use Sentry for automated error tracking; error reports may contain stack traces and request metadata. Logs are retained for 14 days; Sentry events for 90 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in system stability and security).
We use the following sub-processors. Each has been contractually bound under Art. 28 GDPR:
Amazon Web Services (AWS) – File Storage
Uploaded files are stored on AWS S3. Storage region: eu-central-1 (Frankfurt). AWS Inc., 410 Terry Ave N, Seattle, WA 98109, USA. Data transfer to the US is covered by the EU-US Data Privacy Framework.
Twilio Inc. – Email and SMS/WhatsApp Notifications
Notification delivery (magic links, approval invitations) is handled via Twilio's messaging APIs. Twilio Inc., 375 Beale St, San Francisco, CA 94105, USA. Data transfer covered by standard contractual clauses (SCCs).
Stripe – Payments
Subscription billing is processed by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland. Stripe processes payment card data under PCI DSS compliance. See Stripe’s privacy policy at stripe.com/privacy.
Sentry – Error Monitoring
Functional errors are reported to Sentry (Functional Software Inc. dba Sentry, 45 Fremont St, San Francisco, CA 94105, USA). Data transfer covered by SCCs. Error events may contain partial request data but are stripped of file content.
Some processors listed in section 3 are based in the United States. Transfers are safeguarded by the EU-US Data Privacy Framework adequacy decision and/or standard contractual clauses (Art. 46(2)(c) GDPR).
Under the GDPR you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@cleverapprove.de. We will respond within 30 days.
You have the right to lodge a complaint with the supervisory authority responsible for us:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de
We may update this privacy policy as our services evolve or legal requirements change. The current version is always available at this URL. Material changes will be communicated via email.
Diese Seite nutzt ein einziges Session-Cookie, das für die Authentifizierung technisch notwendig ist. Keine Tracking- oder Werbe-Cookies. Datenschutz