Privacy policy

Last updated: March 1, 2026

1. Controller

Laschinger Lukas Karl Konstantin, Schackmann Luca Markus GbR, Buchbergerstraße 10c, 82538 Geretsried, Germany

Email: info@webspired.de

2. Scope: Platform vs. host offering

These notices apply to the platform and website functions operated by us.

For host-specific booking pages under a host domain, the respective host may be the data controller. In that case, the host privacy notice also applies.

3. Purposes and legal bases of processing

We process personal data only to the extent required for operating the platform, security, and communication.

  • Provision of the website and technical delivery (Art. 6(1)(f) GDPR).
  • Execution of host login (OTP via email) and session management (Art. 6(1)(b) GDPR).
  • Security, abuse prevention, and access protection (Art. 6(1)(f) GDPR).
  • Payment-related host onboarding processes via Stripe Connect where required (Art. 6(1)(b) GDPR).

4. Categories of processed data

  • Technical connection data (e.g., IP address, timestamp, requested URL, header information).
  • Login and account data for hosts (especially email address, OTP status, session information).
  • Tenant/domain mapping and access permissions for host accounts.
  • Stripe Connect status data for hosts (e.g., status fields for onboarding approval).

5. Recipients and service providers

We use technical service providers to operate the platform, in particular:

  • Vercel (hosting and delivery)
  • Supabase (authentication and database)
  • Stripe (payment infrastructure/Connect onboarding)

Where required, data processing agreements are concluded with service providers.

6. Transfers to third countries

Processing by service providers may also take place in countries outside the EU/EEA. In such cases, we ensure appropriate safeguards under Art. 44 et seq. GDPR, in particular standard contractual clauses and/or existing adequacy decisions.

7. Storage period

We store personal data only as long as necessary for the respective purposes or as required by legal retention obligations. Data is then deleted or anonymized.

8. Cookies and similar technologies

We use technically necessary cookies or session mechanisms, especially for login and protected dashboard areas. We currently do not use tracking or marketing cookies.

9. Your rights

Subject to legal requirements, you have in particular the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing under Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future

10. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your residence, workplace, or the place of the alleged infringement.

11. Obligation to provide data

Providing certain data (e.g., email address for host login) is required to use individual functions. Without this data, we cannot provide the respective functions.

12. No automated decision-making

We do not carry out solely automated decision-making within the meaning of Art. 22 GDPR.

13. Changes to this notice

We update this privacy notice when legal or technical conditions change.