Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data in the sense of the GDPR is:

Mikalai Filaniuk
Friedrichstraße 34
80801 München
Germany

Email: contact@burnzy.co

2. Scope of This Policy

This Privacy Policy applies to the website and service available at https://burnzy.co and any subpages or backend services that belong to it. By creating an account or using Burnzy, you agree to the processing of your personal data as described in this policy.

3. Data We Collect

3.1 Account and Authentication Data

When you create an account or log in, we collect your email address and a hashed version of your password. Passwords are never stored in plain text. We also use authentication cookies to keep you logged in and to secure access to your account.

3.2 Usage and Technical Data

When you use Burnzy, our servers may automatically log technical data such as your IP address, browser type and version, device information, access times, and the pages or API endpoints you access. These logs help us operate and secure the service and to detect abuse or errors in our FastAPI backend and PostgreSQL database.

3.3 Billing and Payment Data (Stripe)

Payments for Burnzy subscriptions are processed by our payment provider Stripe. We do not store full payment details such as full credit card numbers. On our side, we only store identifiers that are needed to manage your subscription, such as Stripe customer IDs, subscription IDs and price IDs and information about whether a payment or subscription is active, canceled or expired. All sensitive payment information is processed directly by Stripe in accordance with their own privacy policy.

3.4 Cookies

Burnzy uses cookies only for authentication and session management. These cookies are required to keep you logged in and to protect your account. We do not use cookies for advertising purposes and do not place third-party tracking or marketing cookies.

4. Purposes and Legal Bases

We process your personal data to create and manage your account, provide access to the features of Burnzy, manage your subscription, handle billing and payments, secure our systems, and comply with legal obligations. The legal basis for these processing activities is usually the performance of a contract with you (Art. 6(1)(b) GDPR), our legitimate interest in operating a secure and reliable service (Art. 6(1)(f) GDPR), or compliance with legal obligations (Art. 6(1)(c) GDPR), for example in the case of tax and billing records.

5. Third-Party Services

5.1 Stripe

We use Stripe to process payments securely. When you start or renew a subscription, your payment data is transferred directly to Stripe. Stripe may process data such as your payment method, billing address and transaction details. We only receive the information needed to manage your subscription internally, such as Stripe customer IDs and subscription status. For more information, please refer to Stripe’s own privacy policy at stripe.com/privacy.

5.2 Other Technical Services

Burnzy is built using technologies such as FastAPI, PostgreSQL and React. These technologies themselves do not involve separate data controllers but are tools used on our own infrastructure or hosting provider to deliver the service.

6. Data Storage and Retention

Your account and usage data are stored in our databases as long as your account is active. If you request deletion of your account, we will delete or anonymize your personal data, unless we are legally required to keep it longer. Billing and payment related information may need to be stored for several years to comply with German tax and commercial law. Log data used for security and debugging is typically retained only for a limited period.

7. Your Rights

Under the GDPR, you have various rights regarding your personal data. You have the right to request access to the data we store about you and to receive a copy of it. You may ask us to correct inaccurate data or to delete your personal data where the legal requirements are met. You may also request that we restrict certain processing activities, object to processing based on legitimate interests, and request data portability for information you have provided. If you have given consent for a specific processing activity, you can withdraw that consent at any time with effect for the future.

If you believe that we are not handling your personal data in accordance with data protection laws, you have the right to file a complaint with a data protection supervisory authority. In Germany, this is in particular the authority of your place of residence or the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) for Bavaria.

8. Data Deletion and Account Closure

You may request deletion of your account and personal data at any time by contacting us via email. Once we verify your identity, we will delete or anonymize your data unless legal retention obligations require us to keep certain records for a longer period. Subscription and payment data that is required for accounting and tax purposes can only be deleted once those obligations have expired.

9. Security Measures

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse or alteration. This includes the use of HTTPS encryption, hashed and salted passwords, access controls on our backend systems and monitoring for suspicious activity. No system can be absolutely secure, but we strive to follow industry best practices to keep your data safe.

10. International Data Transfers

Some of our service providers, such as Stripe, may process data outside the European Union or the European Economic Area. In such cases, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to ensure that your data is protected in accordance with GDPR requirements.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our service, legal requirements or technical developments. The current version is always available on this page. If we make significant changes, we may notify you by email or via a notice within the app.

12. Contact

If you have any questions about this Privacy Policy, your personal data or your rights under data protection law, you can contact us at:

Email: contact@burnzy.co
Address: Friedrichstraße 34, 80801 München, Germany