Overview
This Privacy Policy explains how Entra Documentation ("we", "our", or "the Service") handles personal data under the EU General Data Protection Regulation (GDPR). The authoritative German version is available at /datenschutz.
Data controller
Ugur Creative Labs UG (haftungsbeschränkt) i.G.
Represented by: Ugur Koc
Email: legal@entradocumentation.com
Purposes and legal bases
- Service delivery (authentication, in-browser export) — Art. 6(1)(b) GDPR (performance of contract).
- Readiness Check sales (invoicing, license management) — Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR (legal retention duties under § 147 AO, § 257 HGB).
- Security and abuse prevention (rate-limiting, logs) — Art. 6(1)(f) GDPR (legitimate interest in protecting the infrastructure).
- Analytics (Plausible) — Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG.
- Waitlist signups — Art. 6(1)(a) GDPR (consent).
Categories of data
- Account email address (from your Microsoft login).
- Billing data handled directly by Stripe (we only receive transaction status and a customer ID).
- Aggregated, anonymous page-view metrics (only with consent).
- Short-lived IP address used solely for rate-limiting.
- We do not store your Entra ID tenant configuration. Short-lived blob staging for very large exports is deleted immediately after generation.
Recipients / processors
- Stripe Payments Europe, Ltd. (Ireland) — payment processing.
- Supabase Inc. (EU region) — license and waitlist database.
- Vercel Inc. (EU Frankfurt) — hosting and API compute.
- Plausible Insights OÜ (Estonia) — cookieless analytics (consent only).
- Microsoft Ireland Operations Ltd. — authentication via your own Entra ID tenant.
Data processing agreements under Art. 28 GDPR are in place with each processor.
International transfers
Where a processor transfers data to a third country (e.g. the USA), we rely on EU Standard Contractual Clauses (Art. 46 GDPR) and, where applicable, the EU-U.S. Data Privacy Framework.
Analytics (Plausible)
We use Plausible Analytics for aggregated, cookieless page-view measurement. Plausible does not use cookies or fingerprinting; we nevertheless only load the script after consent. See plausible.io/data-policy.
Microsoft Entra ID / MSAL
Sign-in runs through your own Microsoft Entra ID tenant via MSAL. Access and ID tokens are held in browser session storage and are not persisted on our servers. We receive only the email address of the signed-in account so we can bind a purchased license to it.
Payments (Stripe)
Checkout is handled entirely by Stripe. We receive a transaction status, a customer ID, and the email address tied to your Microsoft account. Payment details never reach our infrastructure. See stripe.com/privacy.
Retention
- License records: until license expiry plus the statutory 10-year commercial and tax retention period.
- Waitlist signups: until withdrawal, maximum 24 months if the pack has not launched.
- Server and rate-limit logs: up to 30 days.
- Tenant configuration data: not persisted.
Your rights
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17).
- Restriction (Art. 18) and portability (Art. 20).
- Objection for processing based on legitimate interests (Art. 21).
- Withdrawal of consent at any time with effect for the future (Art. 7(3)).
Requests can be sent informally to legal@entradocumentation.com.
Right to lodge a complaint
You can lodge a complaint with a data protection authority, in particular the authority competent for our registered seat or Bundesbeauftragte für den Datenschutz und die Informationsfreiheit.
Changes
We may update this policy. Material changes will be reflected in the "last updated" date at the top.
Contact
Questions about this policy? Email legal@entradocumentation.com.