Last updated: May 2026
Privacy Policy
This Privacy Policy explains how EdgeAccess collects, uses, and protects your personal data when you use our service.
1. Data Controller
The controller responsible for your personal data is:
atio GmbH
Karlstr. 37
D-89073 Ulm, Germany
Email: info@atio.de
2. Data We Collect and Why
| Category | Data | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Account | Email, full name, password hash, company name | Authentication and account management | Art. 6(1)(b) GDPR — contract performance | Duration of account + 30 days after deletion |
| Team access | Email, role, invitation history | Access control and team management | Art. 6(1)(b) GDPR | Duration of account |
| Billing | Email, company name, subscription status | Subscription and payment management | Art. 6(1)(b) GDPR | 10 years (§ 147 AO — German tax law) |
| Security logs | IP address, email, timestamps of login events | Fraud prevention and security monitoring | Art. 6(1)(f) GDPR — legitimate interests | 365 days |
| Audit logs | User actions, IP address, timestamps | Compliance and operational audit trail | Art. 6(1)(f) GDPR | 365 days (configurable per workspace) |
| Consent | Timestamp of Terms of Service acceptance | Legal record of consent | Art. 6(1)(c) GDPR — legal obligation | Duration of account + 3 years |
We do not use tracking pixels, advertising cookies, or sell data to third parties.
3. Processors and Sub-processors
We share data with the following processors under data processing agreements:
- Stripe, Inc. — payment processing. Card data is processed exclusively by Stripe and never stored on our servers. Stripe's privacy policy: stripe.com/privacy
- Hetzner Online GmbH — server hosting (Germany/EU)
- Cloudflare, Inc. — CDN and DDoS protection
- Resend, Inc. — transactional email delivery
4. Data Transfers Outside the EEA
Stripe, Cloudflare, and Resend may process data in the United States. Transfers are covered by the EU–US Data Privacy Framework or Standard Contractual Clauses where required.
5. Your Rights
Under GDPR you have the right to:
- Access (Art. 15) — request a copy of your personal data
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — request deletion of your data ("right to be forgotten")
- Restriction (Art. 18) — restrict how we process your data
- Portability (Art. 20) — receive your data in a machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interests
To exercise any of these rights, email info@atio.de. We will respond within 30 days.
You also have the right to lodge a complaint with the supervisory authority in your EU member state. In Germany: Bundesbeauftragter für den Datenschutz (BfDI).
6. Cookies and Local Storage
We use only essential cookies and browser local storage necessary for the service to function (authentication tokens and session state). We do not use analytics, advertising, or tracking cookies. See our Cookie Policy for details.
7. Security
Passwords are stored as bcrypt hashes. Data is transmitted over TLS. Access is controlled by role-based permissions. We do not store payment card data.
8. Changes to This Policy
We may update this policy from time to time. We will notify you by email and update the "Last updated" date above. Continued use of the service after notification constitutes acceptance.
9. Contact
For privacy-related enquiries:
Email: info@atio.de
Post: atio GmbH, Karlstr. 37, D-89073 Ulm, Germany