Data protection, privacy, legal
Yes, fully compliant. The privacy notice is published and the registry application is filed. Your data is stored within the EU (Frankfurt), never sold to third parties, and can be deleted on request.
As long as your account is active. If you delete your account, all data is permanently erased within 30 days (excluding invoice/subscription records required by law).
Only with your written consent during a support request. The product team sees anonymized usage statistics only and cannot access content/brand data.
Yes — daily automated backups with 30-day retention. In a disaster, recovery is guaranteed for the last 24 hours of data (RPO 24h, RTO 4h).
Yes — /app/settings → Download My Data button. All brand, content, and settings data is emailed to you in JSON format within 24 hours. This is your data-portability right.
Currently Magic Link (one-time link via email) provides passwordless sign-in. TOTP 2FA (Google Authenticator) is on the Q2 2026 roadmap. SSO (SAML/OIDC) is shipping with Enterprise.