WorkCraft
Login Register

Privacy Policy / Datenschutzerklärung

This is a private website for non-commercial testing purposes. Registration and use are by invitation only.
Dies ist eine private Webseite für nicht-kommerzielle Testzwecke. Registrierung und Nutzung sind nur auf Einladung möglich.

Responsible party ("Verantwortlicher") within the meaning of the GDPR:

1. Which data we process

We process the personal data that you provide when creating an account (e-mail address, name, optional address information) and any data you enter while using the WorkCraft application (e.g. job details, customer contacts). Server log files (IP address, date/time, user-agent, requested URL) are stored for security purposes.

2. Cookies

WorkCraft uses strictly necessary cookies to maintain your login session (workcraftauth) and to protect forms against CSRF (fastapi-csrf-token). These are set automatically because the service would not work without them (Art. 6 (1)(b) GDPR). Optional analytics cookies are stored only after your explicit consent via our cookie banner. You can change your decision at any time via the "Cookie settings" link in the footer.

3. Purpose and legal basis

  • Account administration & service provision – Art. 6 (1)(b) GDPR
  • Security logging & error monitoring – Art. 6 (1)(f) GDPR (legitimate interest)
  • Optional analytics – Art. 6 (1)(a) GDPR (consent)

4. Retention

User accounts and related data are kept until you delete the account. Security logs are rotated after 14 days. Backups are encrypted and stored for 30 days.

5. Your rights

You have the right to access, rectify, erase, restrict processing of your personal data, and to data portability (Art. 15-20 GDPR). You may lodge a complaint with the supervisory authority of the state of Hesse (HBDI).

6. Processors & Third Parties

We use the following data processors to provide our services. Data Processing Agreements (DPAs) are in place with all processors to ensure your data is handled in accordance with GDPR:

  • Mailgun Technologies, Inc. (USA): For sending transactional e-mails (e.g., account verification, password resets). Data transfers are secured by a DPA incorporating Standard Contractual Clauses (SCCs).
  • DigitalOcean, LLC. (USA): For server infrastructure, database hosting, and application operation (e.g., Droplets, Managed Databases). DigitalOcean offers data centers globally, including within the EU (e.g., Frankfurt, Amsterdam). A DPA is in place, and data transfers to non-EU regions, if applicable based on your chosen data center location, are secured by SCCs and/or DigitalOcean's EU-U.S. Data Privacy Framework certification. We strive to utilize their EU-based data centers for EU user data.
  • Google LLC / Google Ireland Limited (USA/Ireland): For AI-powered text and audio extraction. A DPA is in place, and data transfers are covered by SCCs and/or Google's EU-U.S. Data Privacy Framework certification.
  • OpenAI, L.L.C. (USA): For AI-powered text and audio extraction. A DPA is in place, and data transfers are covered by SCCs and/or OpenAI's EU-U.S. Data Privacy Framework certification (if applicable).

You are responsible for reviewing the privacy policies of these third-party services. The selection of LLM providers is per your configuration in the application settings.

Last updated: 2025-05-14

We value your privacy

WorkCraft uses only essential cookies necessary for the site to function (for example, keeping you logged in and protecting your session with CSRF tokens). We would also like to set optional analytics cookies to understand how you use the service and help us improve it. These will be disabled unless you choose to enable them.