BugPin

Privacy Policy

Last updated: February 1, 2026

1. Controller and Contact Information

Controller pursuant to Art. 4(7) GDPR:

Arantic Digital
Langwieder Hauptstr. 18, 81249 Munich, Germany
Email: info@arantic.com

2. Overview of Data Processing

2.1 Scope and Purpose

This Privacy Policy explains how we collect, process, and protect your personal data when using the BugPin platform in accordance with:

  • EU General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (BDSG)
  • German Telecommunications Digital Services Data Protection Act (TDDDG)

2.2 Categories of Data Subjects

  • Registered users and account holders
  • Website visitors
  • Business contacts and customers

3. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds:

Purpose Legal Basis Reference
Contract performance (providing services) Art. 6(1)(b) GDPR Necessary for contract
Account management Art. 6(1)(b) GDPR Necessary for contract
Payment processing Art. 6(1)(b) GDPR Necessary for contract
Technical operation of website Art. 6(1)(f) GDPR Legitimate interest
Security and fraud prevention Art. 6(1)(f) GDPR Legitimate interest
Legal compliance Art. 6(1)(c) GDPR Legal obligation
Marketing (with consent) Art. 6(1)(a) GDPR Consent
Analytics (with consent) Art. 6(1)(a) GDPR Consent

4. Personal Data We Collect

4.1 Data You Provide Directly

  • Account data: Name, email address, password (hashed)
  • Company information: Company name, business address, VAT ID
  • Payment data: Billing address, payment method details (processed by Paddle)
  • Communication data: Support inquiries, feedback

4.2 Data Collected Automatically

Server log files (Art. 6(1)(f) GDPR):

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Referrer URL
  • Date and time of access
  • Pages visited

Purpose: Technical operation, security, error analysis

4.3 User-Generated Content

  • Bug reports, screenshots, annotations, comments
  • Legal basis: Art. 6(1)(b) GDPR (contract performance)

5. Cookies and Tracking Technologies (§ 25 TDDDG)

5.1 Strictly Necessary Cookies

These cookies are essential for website functionality and do not require consent:

  • Session management
  • Security tokens
  • Load balancing

5.2 Optional Cookies (Consent Required)

The following cookies are only set after you provide explicit consent:

  • Analytics cookies for usage analysis
  • Functionality cookies for preferences

Your Rights: You can withdraw cookie consent at any time via our cookie settings. You can also configure your browser to block cookies.

6. Data Recipients and Third-Party Processors

We share your data with the following categories of recipients:

6.1 Payment Processing

  • Paddle.com (Merchant of Record)
  • Purpose: Payment processing, invoicing, tax compliance
  • Data shared: Name, email, billing address, payment details
  • Legal basis: Art. 6(1)(b) GDPR
  • Privacy Policy: https://www.paddle.com/legal/privacy

6.2 Email Services

  • Purpose: Transactional and service emails
  • Data shared: Email address, name
  • Legal basis: Art. 6(1)(b) GDPR

6.3 Hosting and Infrastructure

  • Location: EU/Germany
  • Purpose: Server hosting, data storage
  • Data Processing Agreement: In place per Art. 28 GDPR

7. International Data Transfers

7.1 Transfers to Third Countries

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards:

  • EU-US Data Privacy Framework: For US-based processors certified under the framework
  • Standard Contractual Clauses (SCCs): Art. 46(2)(c) GDPR
  • Adequacy Decisions: Art. 45 GDPR

7.2 Your Rights Regarding Transfers

You may request information about the specific safeguards applied to international transfers of your data.

8. Data Retention Periods

Data Category Retention Period Legal Basis
Account data Duration of contract + 3 years § 195 BGB (limitation period)
Invoices/Payment records 10 years § 147 AO (tax retention)
Server logs 30 days Art. 6(1)(f) GDPR
Support correspondence 3 years after resolution Art. 6(1)(f) GDPR
Consent records Until withdrawal + 3 years Art. 7(1) GDPR

9. Your Rights (Art. 15-22 GDPR)

You have the following rights regarding your personal data:

9.1 Right of Access (Art. 15 GDPR)

You may request confirmation of whether we process your data and obtain a copy of that data.

9.2 Right to Rectification (Art. 16 GDPR)

You may request correction of inaccurate data or completion of incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

You may request deletion of your data when:

  • Data is no longer necessary for the original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data was processed unlawfully

Exceptions: We may retain data where required by law (e.g., tax records).

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request restriction of processing under certain circumstances.

9.5 Right to Data Portability (Art. 20 GDPR)

You may request your data in a structured, commonly used, machine-readable format.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 How to Exercise Your Rights

Contact us at: info@arantic.com or via our contact form.

We will respond within one month (extendable by two months for complex requests per Art. 12(3) GDPR).

10. Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
https://www.lda.bayern.de

You may also contact the supervisory authority in your place of residence or work.

11. Automated Decision-Making (Art. 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

12. Data Security (Art. 32 GDPR)

We implement appropriate technical and organizational measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

13. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website

The "Last updated" date at the top indicates the most recent revision.

15. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights:

Email: info@arantic.com

Or contact us via our contact form.

This Privacy Policy is provided in English. For users in Germany, all statutory rights under GDPR and BDSG remain fully applicable.