Last updated: 2026-05-21
EUDAssist is operated by Alexander Knispel, c/o GAM, Pappelallee 64, 10437 Berlin, Deutschland. Contact: info@eudassist.com. This privacy policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).
Email address and hashed password, collected when you create an account. When you register or sign in with a third-party provider (e.g. Google), you are shown our Terms of Service and Privacy Policy notice before completing sign-in. Purpose: providing and managing your account. Legal basis: performance of contract.
The manufacturers and EUDAMED certificates you choose to monitor. Purpose: delivering the certificate monitoring and alerting service. Legal basis: performance of contract. Retention: retained until you delete the item or your account.
An alternative email address you may optionally provide for alert delivery. Purpose: sending certificate expiry and revocation alerts. Legal basis: performance of contract. Retention: retained until you remove it or delete your account.
Records of which alert emails were sent, to which address, and when. Purpose: preventing duplicate alerts. Legal basis: legitimate interests. Retention: 90 days.
If you generate a Personal Access Token (PAT) to connect an AI assistant via MCP, we store a SHA-256 hash of the token, its expiry date, and the timestamp of its last use (last_used_at). The raw token is never stored. Purpose: authenticating API requests and monitoring token health. Legal basis: performance of contract. Retention: deleted when you revoke the token or delete your account.
Our hosting provider (Vercel) automatically records HTTP access logs containing IP address, page path, and timestamp when you access any page. These logs are used solely for infrastructure security and availability monitoring. Legal basis: legitimate interests. Retention: up to 30 days.
Subscription status and Stripe customer identifiers. Payment card details are processed exclusively by Stripe and are never stored on our servers. Purpose: managing paid subscriptions. Legal basis: performance of contract.
We use only technically necessary cookies. We do not use tracking, advertising, or analytics cookies.
en or de) so you are redirected to the correct language after login. Expires after 30 days. Contains no personally identifying information.| Provider | Role | Data shared | Location | Transfer basis |
|---|---|---|---|---|
| Supabase | Database & authentication | All account and application data | EU / US | EU-US DPF |
| Resend | Transactional email | Email address, alert content | US | SCCs |
| Sentry | Error monitoring | Pseudonymised error reports (stack traces; no account data) | US | SCCs |
| Vercel | Application hosting | HTTP access logs (IP address, page path, timestamp) for up to 30 days | US / EU | SCCs |
| Stripe | Payment processing | Billing information | US | EU-US DPF |
Under the GDPR you have the following rights:
To exercise any of these rights, contact us at info@eudassist.com. We will respond within 30 days.
All data is encrypted in transit (TLS) and at rest. Access to personal data is restricted to the service components that require it.
If we make material changes we will update the “Last updated” date at the top of this page. Continued use of the service after the effective date constitutes acceptance of the revised policy.
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).
Questions about this privacy policy: info@eudassist.com