Privacy notice
How we handle your data.
This notice explains which personal data we process on amphidata.de, for what purpose, on which legal basis, and what your rights are. The applicable law is the EU GDPR together with the German BDSG.
01 Data controller
The data controller in the sense of Art. 4(7) GDPR is the entity listed in our imprint. For privacy enquiries please write to hello@amphidata.de.
02 Hosting & server logs
This website is served via Lovable Cloud (Supabase, EU-hosted). On every request, technically necessary server logs are processed: shortened IP address, timestamp, user agent, referrer, requested URL, HTTP status code.
Legal basis is Art. 6(1)(f) GDPR (legitimate interest in operating and securing the site). Logs are deleted or anonymised after no more than 14 days.
03 Cookies
We do not use tracking or marketing cookies. Only strictly necessary cookies / localStorage entries are used, e.g. to remember your theme preference (light / dark). No consent under § 25 TTDSG is required, since this storage is strictly necessary to deliver the function you requested.
04 Analytics
We use the first-party web analytics built into Lovable Cloud. Only aggregated reach and pageview counts are recorded. No personal profiles, no cross-device tracking, no sharing with third parties, no transfers to third countries.
Legal basis is Art. 6(1)(f) GDPR (legitimate interest in measuring reach). Because the processing is cookieless and not personally identifiable, no consent is required.
05 Contacting us
When you contact us by email (hello@amphidata.de), we process the information you provide to handle your request (Art. 6(1)(b) or (f) GDPR). We delete this data once your request has been handled, unless statutory retention periods apply.
06 Founding-partner application form
Data submitted via the form at /partners (company, role, number of sites, email, setup, frustration) is processed solely to evaluate your application as a founding partner (Art. 6(1)(b) GDPR – pre-contractual measures).
Submission is encrypted in transit (TLS). Delivery and storage run through Lovable Cloud and Lovable Email (both EU-hosted). Data-processing agreements under Art. 28 GDPR are in place with these processors.
We delete application data no later than 12 months after the selection process closes, unless you are admitted to the pilot programme.
07 Recipients and processors
We only share data with carefully selected processors acting on our instructions: Lovable Cloud / Supabase (hosting, database, analytics, transactional email) – servers in the EU.
No transfers to third countries take place. We do not sell personal data.
08 Your rights
You have the right, at any time, to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21 GDPR).
Please send any such request informally to hello@amphidata.de.
09 Right to lodge a complaint
You may lodge a complaint with a data-protection supervisory authority, in particular the one competent for your place of residence or our place of establishment (Art. 77 GDPR).
10 Changes to this notice
We update this privacy notice whenever the technical or legal framework changes. The current version is always available at /privacy.
Last updated: 23 May 2026