Last updated: 2026-03-21
EUDAssist is operated by Alex K., reachable at info@eudassist.com. This privacy policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).
Email address and hashed password, collected when you create an account. If you register or sign in using a third-party provider (e.g. Google), completing that sign-in constitutes your acceptance of our Terms of Service and this Privacy Policy. Purpose: providing and managing your account. Legal basis: performance of contract.
The manufacturers and EUDAMED certificates you choose to monitor. Purpose: delivering the certificate monitoring and alerting service. Legal basis: performance of contract. Retention: retained until you delete the item or your account.
An alternative email address you may optionally provide for alert delivery. Purpose: sending certificate expiry and revocation alerts. Legal basis: performance of contract. Retention: retained until you remove it or delete your account.
Records of which alert emails were sent, to which address, and when. Purpose: preventing duplicate alerts. Legal basis: legitimate interests. Retention: 90 days.
If you generate a Personal Access Token (PAT) to connect an AI assistant via MCP, we store a SHA-256 hash of the token, its expiry date, and the timestamp of its last use (last_used_at). The raw token is never stored. Purpose: authenticating API requests and monitoring token health. Legal basis: performance of contract. Retention: deleted when you revoke the token or delete your account.
Subscription status and Stripe customer identifiers. Payment card details are processed exclusively by Stripe and are never stored on our servers. Purpose: managing paid subscriptions. Legal basis: performance of contract.
We use only technically necessary cookies. We do not use tracking, advertising, or analytics cookies.
en or de) so you are redirected to the correct language after login. Expires after 30 days. Contains no personally identifying information.We share personal data with the following third-party service providers. Where these providers are based in the United States, transfers are made under the EU-US Data Privacy Framework adequacy decision or Standard Contractual Clauses (SCCs).
| Provider | Role | Data shared | Location |
|---|---|---|---|
| Supabase | Database & authentication | All account and application data | EU / US |
| Resend | Transactional email | Email address, alert content | US |
| Sentry | Error monitoring | Anonymised error reports | US |
| Vercel | Application hosting | HTTP traffic (including IP addresses) | US / EU |
| Stripe | Payment processing | Billing information | US |
Under the GDPR you have the following rights:
To exercise any of these rights, contact us at info@eudassist.com. We will respond within 30 days.
All data is encrypted in transit (TLS) and at rest. Access to personal data is restricted to the service components that require it.
If we make material changes we will update the “Last updated” date at the top of this page. Continued use of the service after the effective date constitutes acceptance of the revised policy.
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).
Questions about this privacy policy: info@eudassist.com