Legal

Privacy Policy

1. Controller

Responsible for data processing on this website is:
Muhammed Akbas
Schierholzstraße 63, 30655 Hannover, Deutschland
Email: hello@stampa.app

For complete address details and VAT ID, see Imprint.

2. Hosting & Data Processing

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel stores technical log data (IP, browser, time) for a maximum of 7 days to ensure operation. Data processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR).

Our database and auth backend run on Supabase Inc., region eu-central-1 Frankfurt. This ensures personal data is stored within the EU.

Payments are processed via Stripe Payments Europe Limited (Dublin, Ireland). Please see Stripe's Privacy Policy.

Emails (login links, push notifications) are sent via Resend, Inc. (USA) — Standard Contractual Clauses per Art. 46 GDPR.

3. What Data We Collect

During registration: Company name, email address, industry. Legal basis: Contract performance (Art. 6 para. 1 lit. b GDPR).

During login: Unique session IDs for authentication. With Google login: your name + your profile picture (optional).

During operation (data processing on behalf of our merchant customers): Customer first name, stamp counter status, visit timestamps, optionally birth month. This data belongs to the merchant who processes it with us.

4. Wallet Passes

When a customer adds a stamp card to Apple or Google Wallet, a pseudonym (serial), a push token, and the device library ID are stored. These enable push updates to the wallet card. No advertising — only functional updates.

5. Cookies

We use only technically necessary cookies (session, CSRF, scan session). No tracking, no advertising, no analytics.

6. Your Rights

You have the right at any time to access, correct, delete, restrict processing, data portability, and object (Art. 15–21 GDPR). Send requests to hello@stampa.app.

Request data deletion

Right to lodge a complaint: You may contact the competent data protection authority (in Germany: your state data protection officer).

7. Data Retention

Account data: as long as the contract exists, then deleted after 30 days (exceptions: invoices retained 10 years per § 147 AO).

Customer data (stamps, wallet cards): deletable by the merchant at any time; deleted 30 days after account termination.

Last updated: 06/04/2026 · This text is a template and must be reviewed by legal counsel before production use.