Privacy Policy

Last updated: [Date before launch]

1. Controller

The controller responsible for data processing on this website is:

Adam Gabler
[Address]
[Email]

(See our Impressum for full contact details.)

2. Data We Collect

When you use SLASH, we collect and process the following data:

  • Account data: Email address, hashed password, invite code used
  • Subscription data: Plan type, credit balance, billing history (processed by Stripe)
  • API key: Your Anthropic API key, stored with AES-256-GCM encryption
  • Usage data: Tool call counts for credit deduction
  • Technical data: IP address, browser type (server logs, auto-deleted after 30 days)

3. Purpose & Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR): Account management, license validation, credit system, API key storage
  • Legitimate interest (Art. 6(1)(f) GDPR): Security, fraud prevention, server logs
  • Consent (Art. 6(1)(a) GDPR): Marketing communications (if opted in)

4. Data Processors

  • Stripe Inc. — Payment processing (USA, EU Standard Contractual Clauses)
  • Hostinger — Server hosting (EU)
  • Anthropic — AI API calls are made directly with your own API key; SLASH does not process or store your prompts or AI responses

5. Cookies

We use a single essential cookie (slash_token) for authentication. This is a strictly necessary httpOnly cookie and does not require consent. We do not use tracking, analytics, or advertising cookies.

6. Data Retention

  • Account data: Retained until account deletion
  • Billing data: Retained for 10 years (German tax law, AO § 147)
  • Server logs: Auto-deleted after 30 days
  • API keys: Deleted immediately upon user request or account deletion

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure of your data (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact us at [email]. You also have the right to lodge a complaint with a supervisory authority (Art. 77).

8. Security

We implement appropriate technical and organizational measures to protect your data, including AES-256-GCM encryption for API keys, bcrypt password hashing, HTTPS encryption, and httpOnly cookies for authentication tokens.

9. Changes

We may update this privacy policy from time to time. We will notify registered users of significant changes via email.