SANDBANK Logo

Privacy Policy

Updated: 02 Dec 2025

Scope

This privacy policy applies to the marketing website https://sandbank.cloud as well as opt‑in features (waitlist, newsletter, product updates, discounts, blog updates) and our internal admin area (Admin Console).

We process data in accordance with the GDPR and applicable e‑privacy rules (e.g. TDDDG).

The website is aimed exclusively at businesses.

1. Controller

Zweigen

Paul Zehm (sole proprietorship)

Koberg 20

23552 Lübeck

Germany

support@sandbank.cloud

0151 / 207 73 290

2. Data Protection Officer

No DPO appointed (not legally required).

4. Hosting, security, server & WAF logs

Our website servers run in European data centres provided by OVHcloud S.A.S. (EU). Domain management and our email inboxes are provided by mittwald CM Service GmbH & Co. KG (Germany/EU).

We use an OVHcloud load balancer with Web Application Firewall (OWASP CRS) plus self‑hosted observability (OTEL/SigNoz, EU) and a dedicated Redis database for rate‑limits (EU).

4.1 Processed log data (site + /api/public/opt-in)

When visiting our website and API we process:

IP address

date and time

hostname, path, HTTP method, HTTP status

user‑agent, referrer (if any)

request/trace ID, rate‑limit decision

no request bodies

Purposes: delivery, stability, security, abuse detection, rate‑limits.

4.2 Storage locations & retention

SystemRetentionLocation
OVHcloud web server/WAF14 daysEU
Observability (OTEL/SigNoz)7 daysself‑hosted, EU
Redis rate‑limitsshort‑livedself‑hosted, EU
Mittwald mail/domain logsprovider default (short-term technical logging)EU (Germany)

IP addresses are not anonymized but used exclusively for security and operational purposes.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests: stability, security, abuse prevention).

5. TLS/SSL

Transport encryption according to current best practice.

7. Cookies & local storage (marketing site)

7.1 Essential cookies

klaro – stores consent status (365 days).

WAF security cookie (OVHcloud) – attack detection, ~30 minutes.

No session/CSRF cookies for opt‑in (stateless API).

7.2 Analytics (only with consent)

PostHog cookies/storage: pseudonymous IDs, events, technical data.

8. Web analytics (PostHog, self‑hosted in the EU)

We process pseudonymous IDs, events, and technical data. No third‑country transfers. Session replay is disabled by default. Event retention: up to 180 days.

Legal basis: consent (Art. 6(1)(a) GDPR; applicable e‑privacy rules).

You can withdraw consent at any time via the cookie settings.

9. Waitlist, newsletter, product updates

Public API /api/public/opt‑in processes:

email address, optional name, locale

preferences (categories), UTM parameters, path/referrer

double‑opt‑in token (hash only), DOI status

worker/job metadata (PgBoss), delivery status at the mail service

StorePurposeLocation
Marketing Postgres (dedicated)opt‑in data, preferences, DOI statusEU
Redis (dedicated)rate‑limits for public APIEU
PgBoss queue/workerDOI sending, cleanup jobsEU
SMTP – Brevosending DOI and marketing emailsEU region

Brevo: no open/click tracking enabled.

Legal basis: consent (Art. 6(1)(a) GDPR); proof/blacklist: Art. 6(1)(f) GDPR.

Retention: active subscriptions remain stored until withdrawn/unsubscribed. After unsubscribing, we delete email/name (PII) and keep only pseudonymous DOI proof (e.g. email hash, timestamps, status) for up to 3 years.

9.1 Admin area (internal)

For operations, support, and administration we use an internal admin area (Admin Console). Access is restricted to authorized personnel only and protected by technical controls (e.g. access-restricted network environment, rate-limits) as well as authentication and role-based access control (RBAC).

Processed data

Admin account: user ID, email address, roles/permissions, session key, MFA claims (as provided by the IdP).

Tenant & user administration: organization/tenant IDs, user IDs, invites (email, role, status, timestamps, invitedBy/revokedBy), suspension/deactivation reasons (if provided).

Support inbox: support case IDs, organization reference, requester email address, status/category, snippets and reply texts; where applicable ticket references (e.g. Zammad ticket ID/link).

Marketing/opt‑in administration: opt‑in status/preferences, sending status (outbox), template key, delivery status (no open/click tracking).

API keys (admin): name, prefix, permissions, rate-limits, expiration (plain key only on issuance).

Technical & audit data: IP address, user‑agent, request ID, timestamps, actions/resources (audit logs).

Cookies/storage (admin area)

NamePurposeLifetime
__Host-sandbank.admin-session-tokenadmin session (login)4 hours
__Host-sandbank.admin-csrf-tokenCSRF protection (login)session
__Host-sandbank.admin-csrf-bff-tokenCSRF protection (admin API)session
__Host-sandbank.admin-device-iddevice identifier (session security)180 days
sandbank.admin-fpsession binding/fingerprint (security)4 hours

Legal bases: Art. 6(1)(b) GDPR (contract performance/support) and Art. 6(1)(f) GDPR (operations, security, abuse prevention, auditability). Where required, legal obligations may apply as well (Art. 6(1)(c) GDPR), e.g. compliance/retention duties.

Recipients/processors: ZITADEL (authentication/IdP), OVHcloud (hosting) and – where used – Zammad (ticketing) and Brevo (email delivery for opt‑ins/marketing). No marketing analytics/tracking is performed in the admin area.

10. Contact via email/phone

Data: name (if provided), email address, content, meta/header data.

Recipient: our email provider mittwald CM Service GmbH & Co. KG (Germany/EU).

Storage: until completion of the request and up to 12 months thereafter unless longer statutory retention applies.

Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract) and Art. 6(1)(f) GDPR (legitimate interest in replying to requests).

12. No external embeds

no videos

no maps

no chat widgets

no social plugins

13. Data subject rights

access

rectification

erasure

restriction

data portability

objection

withdraw consent

14. Complaint

You may lodge a complaint with a supervisory authority.

15. No automated decision‑making

No profiling, no automated decisions.

16. Changes to this policy

We update this policy when services, legal requirements or technical processes change. Current version: December 2025.

17. Annex – processing overview

ProcessingPurposeDataLegal basisRecipientsThird countryRetention
Server/WAF logsSecurity, operation, rate-limitsfull IP, time, host, path, method, status, user‑agent, referrer (if any), request/trace ID, RL decisionArt. 6(1)(f) GDPROVHcloud, OTEL/SigNoz (self‑hosted)no14 days (OVH), 7 days (observability)
Consent managementManage consentconsent status, timestamp, browser IDe‑privacy; Art. 6(1)(c/f) GDPRself‑hostedno365 days
PostHog (analytics)Web analyticspseudonymous IDs, events, technical dataArt. 6(1)(a) GDPR; e‑privacyself‑hosted (OVH)noup to 180 days
Opt‑in / newsletterDOI, delivery, preferencesemail (encrypted), optional name (encrypted), categories, UTM, DOI token hash; after unsubscribe: pseudonymous proof only (email hash, status, timestamps), PII deletedArt. 6(1)(a/f) GDPRmarketing Postgres, Redis RL, PgBoss, Brevonoactive: until withdrawn; proof: 1095 days
Admin area (internal)Operations, support, security, auditadmin account (ID, email, roles), tenant/user administration (IDs, invites), support cases (email, snippets/replies), technical data (IP, user-agent, request ID), audit logsArt. 6(1)(b/f) GDPROVHcloud (hosting), ZITADEL (IdP), Zammad (ticketing, where used)nosessions up to 4h; audit logs as needed (typically short periods)
Contact via email/phoneCommunicationcontact details, contentArt. 6(1)(b/f) GDPRMittwald (email provider)noup to 12 months