kreativ.mindBack to home

Privacy policy

Last updated: June 2026

This privacy policy explains, pursuant to Art. 13 GDPR, which personal data is processed when you visit this website and use kreativ.mind, and which rights you have. The German version is authoritative.

Controller

Patrick Mathä Niederranna 3, 3622 Mühldorf The electronic contact option can be found in the imprint.

Principles

We process as little data as possible. There is no ad tracking, no third-party analytics cookies and no selling of data. All content data is processed in data centers within the European Union; the only exception is push notifications of the mobile app (see below).

Hosting and server logs

When you visit this website, our hosting provider Vercel Inc. (USA) automatically processes server logs: IP address, date and time, page requested and browser type. The application runs in data centers within the EU; a data processing agreement based on the EU standard contractual clauses is in place with Vercel. Server logs are technically required for secure and stable operation (Art. 6(1)(f) GDPR, legitimate interest) and are deleted after 30 days at the latest.

Account and sign-in

When you create an account, we process your name, email address and sign-in data; the password exclusively as a cryptographic hash, optionally passkeys. Magic-link sign-in generates time-limited login codes. The legal basis is contract performance (Art. 6(1)(b) GDPR). For the signed-in session we set one technically necessary session cookie.

Your content (processing on your behalf)

The content you create in kreativ.mind (clients, contact details, bookings, contracts, notes, messages, documents) is processed exclusively on your behalf and according to your instructions (Art. 28 GDPR). For this data, you are the controller. We do not use this content for our own purposes and do not pass it on to third parties unless required to provide the service (see “Email and files”) or by law. A data processing agreement is available on request.

Email and files

For sending and receiving emails and for storing files we use Amazon Web Services (AWS) in data centers within the EU. Inbound emails to your kreativ.mind address are received and stored there; for outbound emails we log the delivery status. A data processing agreement based on the EU standard contractual clauses is in place with AWS. Legal basis: Art. 6(1)(b) GDPR.

Digital contract signing

When contracts are signed digitally, we process the signer's email address (for the confirmation code), the time of signing and technical evidence data. This processing is required to carry out the signing process and to preserve evidence (Art. 6(1)(b) and (f) GDPR).

Inquiry forms

Data submitted via embedded inquiry forms (e.g. name, email, preferred date) is assigned directly to the provider who created the form. For this data, that provider is the controller; we process it on their behalf.

Cookies

We only set technically necessary cookies: a session cookie for sign-in and, where applicable, a language preference. There are no tracking, analytics or marketing cookies. Technically necessary cookies do not require consent.

Retention

Account and content data is stored for as long as your account exists. After termination you can export your data for 30 days; after that, the account and its content are deleted unless statutory retention obligations (e.g. tax law) require otherwise. Server logs are deleted much earlier (see “Hosting and server logs”).

Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You can withdraw any consent at any time with effect for the future. An informal message via the contact option in the imprint is enough.

Mobile app and push notifications

If you use the kreativ.mind app and enable push notifications, they are delivered via the notification services of Apple (APNs) or Google (FCM). These providers receive the technical data required for delivery (device token and the content of the notification). You can disable push notifications at any time in your device settings. Legal basis: Art. 6(1)(b) GDPR.

Right to complain and changes

You may lodge a complaint with the Austrian data protection authority: Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at. We update this policy when our processing changes; the current version is always available on this page.