BoiledPlate Privacy Policy
Last updated: June 2026
1. Controller
Emilio Irmscher
Max-Saupe-Straße 41
09131 Chemnitz, Germany
privacy@boiledplate.ai
Responsible for the processing of personal data on boiledplate.ai is the service provider named above and in the legal notice.
2. What data we process
Account data: when you sign up we process your email address, an encrypted password (or your Google account id when you use Google sign-in), and the profile name you optionally provide. Purchase data: when you buy BoiledPlate, payment is processed entirely by Stripe — we never see your full payment details. We store the purchase record (plan, amount, currency, Stripe identifiers) and the GitHub username you enter at checkout. Emails: we send transactional emails only (welcome, purchase confirmation, password reset). Server logs: technical access data (IP address, time, requested URL) is processed to operate and secure the site.
3. Purposes and legal bases
We process account, purchase, and delivery data to perform the contract (Art. 6(1)(b) GDPR). Server logs and security measures rest on our legitimate interest in operating the site safely (Art. 6(1)(f) GDPR). Billing records are kept to meet statutory retention duties (Art. 6(1)(c) GDPR).
4. Processors and recipients
We use the following service providers. Where they process data outside the EU/EEA, transfers rest on EU standard contractual clauses and, where applicable, the EU-US Data Privacy Framework:
- Supabase Inc. — Database hosting, authentication (EU / USA)
https://supabase.com/privacy - Stripe Payments Europe, Ltd. / Stripe, Inc. — Payment processing (EU (Irland) / USA)
https://stripe.com/privacy - Resend (Plus Five Five, Inc.) — Transactional email delivery (USA)
https://resend.com/legal/privacy-policy - GitHub, Inc. (Microsoft) — Product delivery (access to the private code repository) (USA)
https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement - Vercel Inc. — Website hosting (EU / USA)
https://vercel.com/legal/privacy-policy
5. Product delivery via GitHub
The product is delivered as access to a private GitHub repository. The GitHub username you provide at checkout is stored with your purchase and transmitted to GitHub to send the repository invitation. Your acceptance and repository access are governed by GitHub's own privacy terms.
6. Cookies
We use strictly technical cookies only: Supabase authentication tokens (keeping you signed in), your language preference, and a short-lived cookie remembering a started checkout. No tracking, analytics, or advertising cookies are set — which is why this site shows no cookie banner.
7. Retention
Account data is stored until you delete your account. Purchase and billing records are retained for the statutory retention periods (up to 10 years under German tax law). Server logs are deleted on a short rotation.
8. Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability, and objection (Art. 15–21 GDPR). To exercise them, contact the address listed under section 1.
9. Right to lodge a complaint
You may complain to a data protection supervisory authority at any time. The authority responsible for us:
State Data Protection Commissioner of Saxony
Bernhard-von-Lindenau-Platz 1
01067 Dresden, Germany
saechsdsb@slt.sachsen.de · +49 351 85471-101
10. Security
All traffic is TLS-encrypted. Application data is protected by row-level security policies; payment data never touches our servers.
11. Changes
We update this policy when the service or legal requirements change. The current version is always published on this page.