Privacy Policy

Last updated: April 7, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Constantin Schneider

Klemens-Eisenbarth-Straße 12

73433 Aalen, Germany

Email: [show email]

2. Data We Collect

2.1 Account Data

When you register for Minuttes, we collect:

  • Full name
  • Email address
  • Company name
  • Account URL (slug)

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.2 Payment Data

Payment processing is handled entirely by Polar Software, Inc. ("Polar") as Merchant of Record. Polar collects your payment information directly. We do not store credit card numbers or bank details. We receive from Polar: your Polar customer ID, checkout ID, and subscription status.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.3 Server Log Data

When you visit our website, our web server automatically collects:

  • IP address
  • Date and time of the request
  • Requested URL
  • HTTP status code
  • Browser type and version
  • Referring URL

This data is not combined with other data sources. Log files are deleted automatically after 30 days.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring website security and stability.

2.4 Monitoring Data (SaaS Application)

The Minuttes application collects technical operational data from your WordPress site via the Minuttes plugin, including: Action Scheduler job statuses, hook names, execution counts, database table statistics, cron event timing, and aggregate subscription counts. This data relates to the technical operation of your WordPress site and does not contain personal data of your website visitors or customers.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

3. Cookies

This website uses only technically necessary cookies:

  • Session cookie (laravel_session) — required for website functionality, login state, and CSRF protection. Expires when the browser session ends.
  • XSRF token (XSRF-TOKEN) — required for form security. Expires when the browser session ends.

We do not use analytics, tracking, advertising, or any other non-essential cookies. No consent banner is required for technically necessary cookies under Section 25(2) TDDDG.

4. Third-Party Services

4.1 Polar Software, Inc. (Payment Processing)

We use Polar as our Merchant of Record for payment processing, billing, and subscription management. When you purchase a subscription, Polar collects your name, email address, and payment details. Polar uses Stripe as its payment processor.

Polar Software, Inc. is based in San Francisco, CA, USA. Data transfers to the USA are subject to appropriate safeguards under GDPR Chapter V.

See Polar's Privacy Policy and Buyer Terms.

4.2 Email Service

We use a transactional email service to send account-related emails (verification, welcome emails). The provider processes your name and email address solely for delivering these messages on our behalf.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

4.3 Hosting

Our website and application are hosted on servers located in data centers operated by DigitalOcean, LLC (USA). A data processing agreement is in place.

5. Data Retention

  • Account data: retained for the duration of your subscription and deleted within 30 days of account termination, unless longer retention is required by law (e.g., tax retention obligations under German law: 10 years for invoicing data).
  • Server logs: deleted automatically after 30 days.
  • Monitoring data: deleted when you disconnect a WordPress site or terminate your account.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15) — request a copy of your data
  • Rectification (Art. 16) — correct inaccurate data
  • Erasure (Art. 17) — request deletion of your data
  • Restriction (Art. 18) — restrict processing of your data
  • Data portability (Art. 20) — receive your data in a machine-readable format
  • Objection (Art. 21) — object to processing based on legitimate interest

To exercise any of these rights, contact us at [show email] .

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. You may contact the supervisory authority in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

8. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised date.