Privacy Policy

We are very pleased about your interest in our company and our platform DailyBuddy. The protection of your personal data is of the highest priority to the management of SB Code UG (haftungsbeschränkt). The use of our website https://dailybuddy.net is generally possible without providing personal data. However, if you make use of special services through our website or our SaaS platform (e.g., registration, use of DailyBuddy, participation in the affiliate program), the processing of personal data may become necessary. The processing of personal data (e.g., name, address, email address, phone number) is always carried out in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection provisions. With this privacy policy, we inform you about the type, scope, and purposes of the processing of personal data and explain the rights to which you are entitled.

1. Controller

The controller within the meaning of the GDPR is:

2. General Data Processing When Visiting Our Website

Each time our website is accessed by a data subject or an automated system, a series of general data and information is collected and stored in the server log files. The following data may be collected:

• browser type and version used
• operating system used
• referrer URL (the previously visited page)
• sub-pages accessed
• date and time of access
• IP address
• internet service provider of the accessing system
• other similar data and information used for threat prevention in the event of attacks on our IT systems

We do not draw any conclusions about the data subject from this general data. This data is processed for the following purposes:

• correct delivery of the content of our website
• ensuring the long-term functionality of our IT systems
• prevention and analysis of attacks on our systems
• statistical evaluation to improve our offerings

The legal basis for this is Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of our online offering). The log files are generally deleted automatically after a short period, unless further retention is required for evidentiary purposes.

3. Contact (Email / Contact Form)

If you contact us by email or via a contact form, we process the personal data you submit (e.g., name, email address, phone number, content of the message) in order to handle your inquiry. The legal basis is, depending on the context, Art. 6(1)(b) GDPR (contract performance or pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). The data is stored only as long as necessary for processing your inquiry or as required by statutory retention obligations.

4. Registration and Use of the DailyBuddy Platform

4.1 Registration as a Customer / User

Registration is required to use our SaaS platform DailyBuddy. As part of the registration and use, we process in particular:

• master data (e.g., name, company, address)
• contact data (e.g., email address, phone number)
• access data (e.g., username, password – password stored only in hashed form)
• contract and billing data (e.g., booked modules, contract terms)

Processing is carried out for the purpose of establishing and performing the usage agreement for DailyBuddy. The legal basis is Art. 6(1)(b) GDPR.

4.2 Use of DailyBuddy (Projects, Tasks, Files, Links)

In the course of using the platform, we also process data that you enter or generate via DailyBuddy, e.g.:

• project data (e.g., board contents, timelines, comments)
• tasks and subtasks (e.g., descriptions, due dates, priorities, reminders)
• files sent via DailyBuddy Send (stored in encrypted form)
• saved links and favorites
• data of invited team members (e.g., name, email address)
• game scorecard data (e.g., player names, ratings, rankings)

Insofar as this data concerns you personally (e.g., your own profile), we are the controller within the meaning of the GDPR; insofar as it concerns data of third parties (e.g., team members, invited users), you are the controller, and we process this data as a processor (see section “Data Processing Agreement”). Legal bases:

• Art. 6(1)(b) GDPR (performance of the usage relationship with you)
• Art. 6(1)(f) GDPR (legitimate interest in providing and improving our platform), where permissible

5. Encryption and Data Security

All data transmissions on DailyBuddy are encrypted by default (TLS/SSL). For file transfers via DailyBuddy Send, optional end-to-end encryption is additionally available, so that file contents are not accessible even on the server side. The server infrastructure is located in certified data centers within the EU (Germany).

6. Payment Processing via Stripe

For the processing of paid subscriptions, we use the payment service provider Stripe Payments Europe, Ltd. (and affiliated companies). When concluding a subscription, personal data (e.g., name, email, billing data, payment data) is transmitted to Stripe depending on the payment method. Stripe processes this data in its own capacity or as a joint controller for payment processing and fraud prevention. The legal basis for the data transfer is Art. 6(1)(b) GDPR (contract performance) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in secure payment processing). For further information on data processing by Stripe, please refer to Stripe’s privacy policy.

7. Affiliate Program

If you participate in our affiliate program, we process, among other things:

• registration data (e.g., name, email address, company if applicable)
• affiliate ID, tracking link/code
• information about referred new customers
• commission data and billing information (e.g., bank details, payout amounts)

Processing is carried out for the purpose of administering the affiliate program, calculating commissions, and fulfilling our legal obligations (e.g., tax documentation requirements). Legal bases:

• Art. 6(1)(b) GDPR (performance of the affiliate agreement)
• Art. 6(1)(c) GDPR (statutory retention obligations)

8. Data Processing Agreement (Art. 28 GDPR)

Insofar as we process personal data of third parties (e.g., team members, invited users, project participants) within the scope of DailyBuddy, we generally act as a processor within the meaning of Art. 28 GDPR. We conclude a data processing agreement (DPA) with our customers for this purpose. This agreement governs in particular:

• subject matter and duration of processing
• nature and purpose of processing
• type of personal data and categories of data subjects
• obligations and rights of the controller (our customers)
• our obligations as a processor, including technical and organizational measures (TOMs)

The DPA is made available during the registration process or within the application and is concluded by appropriate confirmation (e.g., via checkbox).

9. Routine Deletion and Retention Period

We process and store personal data only for the period necessary to achieve the respective purpose or as required by statutory retention periods. Criteria for retention periods:

• contract and billing data: in accordance with commercial and tax law requirements (generally 6–10 years)
• log files: generally short retention periods, unless security or evidentiary reasons require otherwise
• account data: until deletion of the account or termination of the contractual relationship, unless statutory obligations require otherwise
• files sent via DailyBuddy Send: according to the expiration date selected by the user or until manual deletion
• support and contact inquiries: until final processing and, if applicable, beyond that in accordance with statutory retention periods

After the storage purpose ceases to apply or statutory periods expire, data is routinely deleted or anonymized.

10. Recipients and Categories of Recipients

We only share personal data to the extent necessary for the purposes described or where there is a legal obligation. Possible recipients include, for example:

• hosting and IT service providers (server operation, maintenance, backup)
• payment service providers (e.g., Stripe)
• tax advisors, lawyers, authorities (where required by law)

With service providers that process personal data on our behalf, we conclude appropriate data processing agreements pursuant to Art. 28 GDPR.

11. Rights of the Data Subject

Data subjects have the following rights under the GDPR:

• Right of access (Art. 15 GDPR): information about stored personal data
• Right to rectification (Art. 16 GDPR): correction of inaccurate or completion of incomplete data
• Right to erasure (Art. 17 GDPR): deletion of personal data, provided no statutory retention obligations or other legal bases apply
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR): receipt of data in a structured, commonly used, and machine-readable format
• Right to object (Art. 21 GDPR) to processing based on Art. 6(1)(e) or (f) GDPR
• Right to withdraw consent (Art. 7(3) GDPR) with effect for the future

To exercise your rights, you can contact us at any time: Email: info[at]sbcode.de

12. Right to Lodge a Complaint with a Supervisory Authority

Data subjects have the right to lodge a complaint with a data protection supervisory authority if they believe that the processing of their personal data violates the GDPR. The competent authority is generally the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement. For Baden-Württemberg, for example: the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

13. Legal Bases for Processing

Unless otherwise stated in detail in this privacy policy, the following applies:

• Art. 6(1)(b) GDPR: processing for the performance of a contract or for the implementation of pre-contractual measures
• Art. 6(1)(c) GDPR: processing for compliance with legal obligations (e.g., tax and commercial law obligations)
• Art. 6(1)(f) GDPR: processing for the purposes of legitimate interests (e.g., IT security, fraud prevention, improvement of our offerings)
• Art. 6(1)(a) GDPR: processing based on consent (e.g., for certain marketing activities), if obtained

14. Automated Decision-Making / Profiling

We do not use exclusively automated decision-making within the meaning of Art. 22 GDPR and do not engage in profiling that produces legal effects or similarly significantly affects you.

15. Currency and Changes to This Privacy Policy

This privacy policy is currently valid and has the status of February 5, 2026. Due to the further development of DailyBuddy, our website, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is always available at https://dailybuddy.net/data-protection.