Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.

The responsible party for data processing on this website is:

This website is hosted by Vercel Inc. (San Francisco, USA). When using the website, technical data (IP address, browser type, access time) is recorded in server logs. Data transfer to the USA is based on the EU-US Data Privacy Framework, for which Vercel is certified.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable website delivery).

When you access this website, data is automatically collected that your browser transmits and stored in log files of our hosting provider (Vercel): IP address, date and time of access, name and URL of the file retrieved, amount of data transferred, HTTP status code, browser used including version, operating system, referrer URL. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in trouble-free operation and IT security). This data is not combined with other data sources. Retention: 14 days, then automatic deletion. In case of concrete indications of abusive use (e.g. brute-force, DDoS) we reserve the right to retain individual log entries longer.

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" in your browser's address bar and by the lock icon. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Some of the services we use (in particular the AI providers, Stripe, and Brevo) process data in the United States. Legal basis for transfer: (1) the European Commission's Adequacy Decision on the EU-US Data Privacy Framework (DPF, effective 10 July 2023) for certified providers, supplemented by (2) EU Standard Contractual Clauses (SCC) pursuant to Implementing Decision 2021/914. Data Processing Agreements (DPA) under Art. 28 GDPR are in place with all processors. Copies of the safeguards applied are available on request.

Insofar as you, as a business user of our software, enter data of your own customers (names, email, address, invoice items), you act as the data controller vis-à-vis these end-customers (Art. 4(7) GDPR). We process this data exclusively on your behalf and in accordance with your instructions (Art. 28 GDPR). The Data Processing Agreement (DPA) is part of our General Terms and Conditions and is automatically concluded upon acceptance of the T&Cs. The technical and organizational measures (TOMs) applied are documented there as well. A separate signature is not required; upon request we will provide a PDF copy.

We do not make decisions that have legal effects on you or similarly significantly affect you, solely on the basis of automated processing — including profiling — within the meaning of Art. 22 GDPR.

Our offer is aimed at business users, self-employed persons, and companies. The website and our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has transmitted personal data to us, we will delete it without delay.

Insofar as data processing is based on your consent (e.g., analytics via Umami, optional AI features), you may withdraw that consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of consent until its withdrawal remains unaffected (Art. 7(3) GDPR). You can withdraw consent for analytics via the cookie banner; other withdrawals by email to contact@balane.tech.

You have the following rights at any time regarding your personal data:

To exercise your rights, please contact: contact@balane.tech

You have the right to complain to the competent supervisory authority: