Datenschutz (Privacy Policy)

1. Controller and contact

The controller responsible for processing under Art. 4(7) GDPR is:
TeachIt UG
Im Grün 38
76646 Bruchsal
Deutschland
E-Mail: webmaster@teachit.study

Further provider details are available in our Impressum.

No additional data protection officer has been appointed.

2. Scope

This policy applies to personal data we process when you register for an account, sign in, use SimStack Cloud or self-hosted services, manage billing, or otherwise interact with our websites and APIs. It does not cover third-party websites linked from our services.

3. Categories of data we process

• Account data: email address, username, hashed password, account status (pending/active), admin flag, registration and consent timestamps.
• Authentication data: session tokens and cookies required to keep you signed in across SimStack properties (see our essential cookies page).
• Billing and payment data: service plan, credit balance, spending limits, Stripe customer and subscription identifiers, payment status. Card details are collected and processed directly by Stripe; we do not store full payment card numbers on our servers.
• Usage and workflow data: simulation workflows, nodes, models, logs, and files you create or upload in your workspace, as necessary to provide the service.
• Technical data: IP address, browser type, request timestamps, and similar metadata generated when you access our services, used for security, fraud prevention, and operation of the platform.

4. Purposes and legal bases (Art. 6 GDPR)

5. Stripe payment processing

We use Stripe, Inc. and its affiliates ("Stripe") to process payments for self-hosted subscriptions and cloud credit top-ups. When you checkout or manage billing, Stripe may collect payment method details, billing address, device identifiers, and fraud-prevention signals. Stripe acts as an independent controller or processor depending on the processing activity; see Stripe's privacy policy at stripe.com/privacy.

Stripe may set essential cookies such as __stripe_mid and __stripe_sid for fraud prevention and checkout sessions. Details are listed on our cookies page.

6. Cookies and similar technologies

We use only essential cookies and local storage required for authentication, session management, consent records, and Stripe checkout. We do not use optional marketing or analytics cookies in this portal. For a full list, purposes, and retention periods, see our essential cookies page.

7. Recipients and processors

We share personal data with service providers who process data on our behalf under data processing agreements where required, including:

• Stripe — payment processing and billing infrastructure.
• Hosting and infrastructure providers — operating servers, databases, and backups for SimStack Cloud.[TODO: Hosting provider name and location]
• Email or support tools, if used for account notifications or support requests.[TODO: Email/support processor, if any]

We may also disclose data where required by law, to protect our rights, or in connection with a merger or acquisition subject to appropriate safeguards.

8. International transfers

Some processors (including Stripe) may process data outside the European Economic Area. Where this occurs, transfers are made on the basis of appropriate safeguards such as EU Standard Contractual Clauses and, where applicable, supplementary measures. You may request further information about transfer mechanisms by contacting us at webmaster@teachit.study.

9. Retention

• Account data: retained for as long as your account exists and as needed thereafter for legal claims or statutory retention periods.
• Billing records: retained in accordance with German commercial and tax law (typically up to 10 years for accounting records).
• Authentication tokens and session cookies: until logout, expiry, or end of session as described on the cookies page.
• Workflow data: retained while your workspace is active unless you delete it or we delete it following account closure, subject to backup retention cycles.

10. Your rights

Under the GDPR you have the following rights, subject to applicable conditions and exceptions:

• Access (Art. 15): obtain confirmation and a copy of your personal data.
• Rectification (Art. 16): request correction of inaccurate data.
• Erasure (Art. 17): request deletion where no overriding legal basis requires retention.
• Restriction (Art. 18): request limited processing in certain circumstances.
• Data portability (Art. 20): receive data you provided in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
• Objection (Art. 21): object to processing based on legitimate interests; we will cease unless we demonstrate compelling grounds.
• Withdraw consent (Art. 7(3)): where processing is based on consent, without affecting prior lawful processing.

To exercise your rights, contact webmaster@teachit.study. We respond within one month, extendable where permitted by law.

11. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement. For users in Baden-Württemberg, Germany, the competent authority is typically:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
www.baden-wuerttemberg.datenschutz.de

12. Security

We implement appropriate technical and organizational measures to protect personal data, including password hashing, access controls, encrypted connections (HTTPS), and restricted access to production systems. No method of transmission or storage is completely secure; please use a strong, unique password and keep credentials confidential.

13. Children

SimStack is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us so we can delete it.

14. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Material changes will be communicated where required by law. The current version is always available at this page.