Legal Information

Privacy Policy

This page provides key information for customers that need a signed Privacy Policy.

This Privacy Policy explains how Philip Simon (doing business as "archiv.cc") ("we", "u", or "our") collects, uses, and protects your personal data when you visit our website https://www.archiv.cc/ and use our website builder platform (the "Service").

We process your data in accordance with the European General Data Protection Regulation (GDPR).

(Note: If you use our Service to build websites and process data of your own visitors, please refer to our Data Processing Agreement (DPA) which governs our role as a Data Processor).

1. Controller Identity and Contact Details

The Data Controller responsible for processing your personal data is:

  • Philip Simon (doing business as "archiv.cc")
  • Liebfrauenstraße 70
  • 64289 Darmstadt
  • Germany
  • Email: philip.si@protonmail.com

2. What Data We Collect and Why

We only collect personal data that is strictly necessary to provide our Service, process your payments, and ensure the security of our platform.

a) When you visit our website (Server Logs)

When you simply browse our website, our hosting provider automatically collects standard server log data. This includes your IP address, browser type, operating system, referring URL, and time of access.

  • Purpose: To ensure the technical stability and security of our website.
  • Legal Basis: Our legitimate interest (Art. 6(1)(f) GDPR) in maintaining a secure and functional website.
  • Provider: We use Vercel Inc. for cloud hosting and content delivery. While our primary compute region is Frankfurt, Germany (EU), Vercel utilizes a global Edge Network (CDN) to ensure fast loading times. This means website content may be delivered from, and visitor IP addresses may be briefly processed by, edge servers located globally, nearest to the visitor's location (including the United States).

b) When you create an account (Freemium or Paid)

To provide you with the website builder, you need to register an account. We collect your email address, a password, and your account settings/projects.

  • Purpose: To create your account, provide the SaaS functionality, and communicate with you regarding updates or support.
  • Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR).
  • Provider: We use Supabase Inc. for database hosting and user authentication. Data is stored on servers located in Frankfurt, Germany (EU).

c) When you purchase a Premium Plan or Lifetime Deal

If you upgrade to a paid plan or purchase a Lifetime Deal, we collect billing details (name, email) and transaction information. We do not store your full credit card details. Payment processing is handled securely by our payment provider.

  • Purpose: To process your payment, fulfill our contract, and comply with tax laws.
  • Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR).
  • Provider: We use Stripe Payments Europe, Ltd. Stripe may process some of your data (e.g., for fraud prevention) as an independent controller. For details, please review Stripe’s Privacy Policy.

d) Single Sign-On (SSO) and Third-Party Integrations

You can choose to register, log in, or enhance your account using third-party services like Google or GitHub (OAuth / Single Sign-On).

  • Data Processed: When you authenticate via these providers, we receive specific profile information from them (such as your name, email address, profile picture, and a unique provider ID) to create and manage your account. If you connect GitHub to use specific platform features (e.g., repository access), we request strictly necessary API permissions, which you must explicitly grant during the authorization process.
  • Purpose: To simplify your registration and login process, and to provide core platform integrations.
  • Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR) and your explicit consent provided during the OAuth authorization flow (Art. 6(1)(a) GDPR).
  • Providers: Google (Google Ireland Limited / Google LLC) and GitHub (GitHub B.V. / GitHub, Inc.). These providers process your data as independent controllers. We do not control their data processing practices; please refer to their respective Privacy Policies for further details.

e) Marketing and Newsletter

If you explicitly opt-in during registration, we may use your email address to send you marketing communications, product updates, and special offers regarding our Service.

  • Purpose: To inform you about new features, updates, and promotions.
  • Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR).
  • Right to Withdraw Consent: You can withdraw your consent at any time, free of charge, by clicking the "unsubscribe" link included in every marketing email or by updating your account settings.
  • Provider: We use Resend to manage and send these campaigns. This provider acts as our data processor.

3. Cookies and Local Storage

Our Service uses strictly necessary cookies and local storage to function properly (e.g., to keep you logged in via Supabase Auth and to securely process payments via Stripe). Because these technologies are technically essential to provide the Service you requested, they do not require prior active consent under the ePrivacy Directive / GDPR.

4. International Data Transfers

While we prioritize hosting your data on servers within the European Union (Frankfurt), our infrastructure partners (Vercel, Supabase, Stripe) are headquartered in the United States. In cases where data is transferred to or accessed from the US, this is safeguarded by the EU-US Data Privacy Framework (DPF), to which these companies are certified, and/or standard contractual clauses (SCCs) approved by the European Commission.

5. Data Retention

We retain your personal data only for as long as your account is active or as needed to provide you the Service. If you delete your account, your data will be permanently erased within 30 days, unless statutory retention periods (such as German tax and commercial laws requiring us to keep invoices for up to 10 years) dictate otherwise.

6. Your Rights under the GDPR

As a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate data.
  • Right to Erasure ("Right to be forgotten"): You can request the deletion of your account and data.
  • Right to Restriction of Processing: You can ask us to temporarily suspend processing your data.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at support@archiv.cc. You also have the right to lodge a complaint with a data protection supervisory authority in your country or in Germany.