This Privacy Policy explains how AliveCheck.io (“we,” “us,” or “our”) collects, processes, and protects your personal data when you use our website, tools, and services, including the Cloudflare WAF Rule Generator and Premium WAF Rule Library (collectively, the “Service”).
AliveCheck.io is operated by Jan Schwöbel, a sole proprietor registered in Germany, acting as the data controller under GDPR and BDSG. We use Lemon Squeezy for payments, Hetzner Online GmbH for hosting in Germany, Resend for email communications, and Supabase for database services, with data residing in Germany and the USA. By using our Service, you consent to data processing as described herein. Effective: March 23, 2025.
Responsible for data processing under Art. 4(7) GDPR:
Jan Schwöbel
Hofmannstrasse 31B, 81379 München, Germany
Email: [email protected]
For GDPR inquiries: [email protected]
We collect personal data you voluntarily provide, including:
Account Information: Email address, name, and encrypted password (hashed using bcrypt), stored via Supabase.
Profile Information: Optional data like job title or company name.
Payment Information: Processed by Lemon Squeezy; we store only transaction IDs.
Communication Data: Emails or messages sent via Resend for support or feedback.
We automatically collect:
Usage Data: Pages visited, features used, and timestamps, stored via Supabase.
Device Information: IP address, browser type, OS, and device IDs, hosted on Hetzner.
Cookies: See Section 10 for details on cookies and tracking technologies.
Using the WAF Rule Generator, we collect:
Inputs you enter (e.g., rule parameters).
Generated WAF rules (stored temporarily via Supabase unless saved).
Usage metadata (e.g., frequency of generation).
We process your data for:
Service Delivery: To provide, maintain, and improve the Service (e.g., generating WAF rules, processing payments via Lemon Squeezy).
Security: To detect and prevent fraud or threats, hosted on Hetzner.
Communications: To send service-related emails via Resend (e.g., support replies, updates).
Marketing: With your consent, to send promotional emails via Resend (opt-out available).
Analytics: To analyze usage via Supabase and optimize the Service.
Legal Compliance: To meet German and EU legal obligations (e.g., tax records).
Under GDPR (Art. 6) and BDSG, we process your data based on:
Contract (Art. 6(1)(b)): To fulfill our contract with you (e.g., providing the Service).
Legitimate Interests (Art. 6(1)(f)): For our interests (e.g., security, analytics), unless overridden by your rights.
Consent (Art. 6(1)(a)): For optional uses like marketing (revocable anytime).
Legal Obligation (Art. 6(1)(c)): To comply with laws (e.g., German tax requirements).
We share your data only when necessary:
Service Providers: With processors under GDPR-compliant agreements (Art. 28): Lemon Squeezy (payments), Hetzner (hosting, Germany), Resend (email), Supabase (database, Germany/USA).
Legal Requirements: If required by German or EU law, or to protect our rights or safety.
Business Transfers: During a sale or merger, with notice where feasible.
With Consent: At your explicit direction.
We do not sell your data to third parties for marketing purposes.
We retain data only as long as needed for the purposes outlined, or as required by German law (e.g., 10 years for tax records per § 147 AO). Account data is deleted within 30 days of your request (unless legally retained). WAF rule inputs are kept for 90 days unless saved, then deleted or anonymized via Supabase.
We use technical and organizational measures (e.g., encryption, access controls) per Art. 32 GDPR to protect your data, hosted on Hetzner and Supabase. However, no system is fully secure. Notify us at [email protected] if you suspect a breach.
Under GDPR and BDSG (§ 15 ff.), EU/EEA users have these rights:
Access: Request your data (Art. 15).
Rectification: Correct inaccurate data (Art. 16).
Erasure: Request deletion (“right to be forgotten,” Art. 17).
Restriction: Limit processing (Art. 18).
Portability: Receive your data in a structured format (Art. 20).
Objection: Object to processing based on legitimate interests (Art. 21).
Withdraw Consent: Revoke consent anytime (Art. 7(3)).
Complain: Contact a supervisory authority (e.g., Bayerisches Landesamt für Datenschutzaufsicht).
Exercise these rights by emailing [email protected]. We'll respond within one month (extendable per Art. 12(3)).
We use cookies per the ePrivacy Directive and TMG (§ 15):
Essential: Necessary for functionality (no consent needed).
Functional: Store preferences (consent required).
Analytics: Track usage via Supabase (consent required).
Marketing: Ads personalization (consent required).
Consent is obtained via our cookie banner (opt-in for non-essential cookies). Manage settings there or in your browser. Disabling cookies may limit functionality.
Data resides in Germany (Hetzner) and the USA (Supabase, Resend, Lemon Squeezy). Transfers to the USA use Standard Contractual Clauses (Art. 46 GDPR) to ensure GDPR-level protection, as no adequacy decision exists for the USA as of March 23, 2025.
Our Service is not for children under 16 (Art. 8 GDPR). We don't knowingly collect their data. Contact us at [email protected] if you believe we have such data.
We may update this policy, notifying you via email (via Resend) or website banner for significant changes (per Art. 13 GDPR). Review periodically. Last updated: March 23, 2025.
For complaints, contact: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany, or online at www.lda.bayern.de.