Public Beta
Sign in Get API key

Privacy Policy

As of: April 2026

1. Privacy at a glance

The following information provides a simple overview of what happens to your personal data when you visit this website or use our service. Personal data is any data that can be used to personally identify you.

2. Data controller

Christian Jäkl e.U.
Nesslbachweg 17
9551 Tschöran
Austria
Email: admin@else.events

3. Hosting

Our website, API and database are hosted on servers located in Falkenstein, Germany (data centre operator: Hetzner Online GmbH). The servers are operated by us. When you visit the website, the following information is automatically stored in server log files:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Time of the server request

Server log files are automatically deleted after 14 days. This data is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in error-free operation).

4. Contact form

When you send us a message via the contact form on our website, the following data is transmitted:

  • Name
  • Email address
  • Message text

This data is used exclusively to process your enquiry and is not shared with third parties. The data is deleted after your enquiry has been resolved, unless statutory retention obligations apply. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

5. Authentication (Clerk)

For registration and login in our application, we use Clerk (Clerk, Inc., USA). Clerk enables login via:

  • Google account (OAuth)
  • Apple account (OAuth)
  • Email address

The following data is transmitted to or processed by Clerk:

  • Email address
  • First and last name
  • Profile picture (if provided by the OAuth provider)
  • Clerk user ID

Clerk stores this data on servers in the USA. The Clerk Privacy Policy applies. Data transfer to the USA is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Bot protection (Cloudflare Turnstile)

To protect our contact form and authentication endpoints from automated requests (bots, spam, brute-force), we use Cloudflare Turnstile, a service provided by Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). Turnstile is used in two contexts:

  • Website contact form: When you submit the contact form, a Turnstile check runs in the background.
  • Registration and sign-in: Our authentication provider Clerk (see section 5) triggers a Turnstile check on suspicious requests.

The following data is transmitted to Cloudflare:

  • IP address
  • User agent and browser characteristics (e.g. screen resolution, language settings)
  • Anonymised behavioural signals from your interaction (mouse/keyboard signals)
  • Cookie/token data used to verify the challenge

Cloudflare processes this data exclusively for bot mitigation and, according to its own statements, does not share personal data with third parties. Data is processed on servers worldwide, including in the USA. The Cloudflare Privacy Policy applies. Data transfer to the USA is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in defending against abusive requests and the secure operation of our service).

7. Data we store

In our database (PostgreSQL, server in Falkenstein, Germany) we store the following personal data:

  • User ID, first and last name, email address
  • Profile picture URL
  • Selected plan and subscription status
  • Payment information: Mollie customer ID, subscription ID, payment timestamps (once paid subscriptions are active, see section 9)
  • Registration date, trial expiration date, plan expiration date
  • User settings (e.g. display preferences)
  • API keys (hashed), API key labels and their creation timestamps
  • Event payloads submitted to our API — by default, recipient identifiers are stored only as a salted hash; raw identifiers are retained only for the minimum time required for delivery and are then removed
  • Matching rules, email templates and delivery logs (delivery status, timestamps, provider message IDs)
  • Webhook endpoint URLs and their delivery history

This data is stored for as long as your account exists. When you delete your account, all personal data is immediately anonymised and subsequently fully deleted (see section 14). Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

8. Transactional email delivery (Postmark)

For the actual delivery of the transactional and marketing emails that our service generates on your behalf, we use Postmark (ActiveCampaign, LLC, USA). When an email is sent, the following data is transmitted to Postmark:

  • Recipient email address
  • Sender email address and display name you configured
  • Email subject and rendered content
  • Headers required for delivery (Message-ID, tracking IDs)

Postmark stores this data on servers in the USA only for as long as required to deliver the email and to provide delivery status, then purges it according to its own retention policy. The Postmark Privacy Policy applies. Data transfer to the USA is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in reliable email delivery).

9. Payment processing (Mollie)

Paid subscriptions are in preparation. Once activated, payment processing will be handled by Mollie (Mollie B.V., Netherlands). At that point, you will be redirected to Mollie's checkout page when making a purchase or subscription. Mollie will process:

  • Email address
  • Payment information depending on the chosen payment method
  • Customer ID and subscription ID

We do not store any credit card numbers or bank details ourselves. Mollie processes data on servers in the EU. The Mollie Privacy Policy will apply. Legal basis: Art. 6(1)(b) GDPR (contract performance).

10. Local storage (localStorage)

We store the following in your browser's localStorage:

  • Consent status (consent banner) – technically necessary

Technically necessary data does not leave your browser and can be deleted at any time via your browser settings.

11. Cookies

Our application uses cookies from Clerk for authentication (session management). These are technically necessary and cannot be disabled without limiting functionality. We do not use advertising or tracking cookies.

12. Your rights (Art. 15–21 GDPR)

You have the right at any time to:

  • Access (Art. 15 GDPR) – What data we have stored about you
  • Rectification (Art. 16 GDPR) – Correction of inaccurate data
  • Erasure (Art. 17 GDPR) – Deletion of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) – Export of your data in a common format
  • Objection (Art. 21 GDPR) – Against processing based on legitimate interests

To exercise your rights, contact us at admin@else.events.

13. Right of withdrawal

Where the processing of your personal data is based on consent, you have the right to withdraw that consent at any time. The lawfulness of processing carried out prior to the withdrawal remains unaffected. You can declare your withdrawal by email to admin@else.events or by clearing your browser data.

14. Data deletion

When you delete your account, all personal data is immediately anonymised (name, email, profile picture). A daily cleanup process then fully deletes the entire record including all API keys, rules, templates and delivery logs. Data held by third-party providers (Clerk, Postmark, Mollie, Cloudflare) is handled according to their respective privacy policies.

15. Data security

Communication between your browser and our servers is exclusively encrypted via HTTPS/TLS. Access to our servers is protected by firewalls and SSH keys. API keys are stored only as salted hashes; recipient identifiers in event payloads are hashed by default.

16. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Austria is:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
www.dsb.gv.at

17. Changes

We reserve the right to update this privacy policy to reflect changes in the law or our service. The current version is always available on this page.