Privacy Policy

1. Controller

Butterflies IT UG (haftungsbeschränkt)
Represented by: Andreas Mali
Hagenower Str. 73
19061 Schwerin
Germany
Email: info@compliso.de

2. Overview of Data Processing

The following overview summarises the types of personal data processed, the purposes of processing, and the data subjects concerned.

Types of Data Processed

  • Identity data (e.g. names, addresses)
  • Contact data (e.g. email addresses)
  • Content data (e.g. configurations entered, generated legal texts)
  • Usage data (e.g. pages visited, access times)
  • Meta/communication data (e.g. IP addresses, browser type)
  • Payment data (e.g. PayPal transactions)

Categories of Data Subjects

  • Registered users (website operators, agencies)
  • Visitors to the marketing website compliso.de
  • Contact request and communication partners

Purposes of Processing

  • Provision of the SaaS platform (cookie banner, scanner, legal text generator, consent analytics)
  • Registration and account management
  • Billing and payment processing
  • Contact requests and communication
  • Security measures and abuse prevention
  • Improvement of our services

3. Legal Basis

Below is an overview of the legal bases under the GDPR on which we process personal data:

  • Consent (Art. 6(1)(a) GDPR) — The data subject has given consent to the processing of their personal data.
  • Performance of a contract (Art. 6(1)(b) GDPR) — Processing is necessary for the performance of a contract or pre-contractual measures.
  • Legal obligation (Art. 6(1)(c) GDPR) — Processing is necessary for compliance with a legal obligation.
  • Legitimate interests (Art. 6(1)(f) GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller.

4. Security Measures

We take appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, disclosure, and availability safeguards. Personal data is transmitted via an SSL-encrypted connection. Passwords are stored exclusively in encrypted (hashed) form.

5. Registration and User Account

Users can create a user account on our platform. The following data is collected during registration:

  • Email address
  • Password (stored exclusively in encrypted form)
  • Name (optional)
  • Company name (optional)

During use of the platform, the following additional data is processed: domain URLs, banner configurations, scan results, generated legal texts, consent statistics, and team memberships.

Purpose: Provision of the user account and the SaaS features (cookie banner, website scanner, legal text generator, consent analytics).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Storage period: Until the user deletes their account or requests deletion.

6. Contact Form and Email Contact

When you use the contact form, your data (name, email, subject, message) is processed exclusively for the purpose of handling your enquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in handling enquiries).
Storage period: Enquiries are deleted after completion of processing, unless statutory retention obligations apply.

7. Payment Processing

Payment processing for paid subscriptions is handled via PayPal. When using PayPal, payment data is transmitted directly to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

We do not store any complete payment data such as credit card numbers or bank account details. We only store the PayPal subscription ID for payment attribution.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
PayPal privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

8. Hosting and Server Log Files

Provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
Server location: Germany (EU)

Each time our website is accessed, the following data is automatically stored in server log files:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the retrieved file
  • Browser type and version
  • Operating system used
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our services).
Storage period: 30 days.

We have concluded a data processing agreement (DPA) with IONOS, which ensures that personal data is processed only in accordance with our instructions and in compliance with the GDPR.

9. Cookies

We use technically necessary cookies to ensure the functionality of the website (e.g. session cookies for the login area, JWT tokens for authentication).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
No tracking cookies or marketing cookies are used.

10. External Services and Data Processing

Data Processing Exclusively Within the EU

We place great importance on the protection of your data. All services and servers we use are located exclusively within the European Union. No personal data is transferred to third countries (outside the EU/EEA).

  • Web server: Germany (IONOS)
  • Email delivery: Germany/France (Brevo)
  • CDN: EU servers (BunnyCDN)
  • Database: Germany (IONOS)

Email Delivery (Brevo)

For sending emails (e.g. registration confirmations, notifications, password resets), we use the service Brevo (formerly Sendinblue).

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany
Server location: EU (Germany/France)
Data processed: Email address, name, email content
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
Privacy policy: https://www.brevo.com/legal/privacypolicy/

Content Delivery Network (BunnyCDN)

For delivery of static content (e.g. banner widget script), we use the service BunnyCDN.

Provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia
Server location: EU
Data processed: IP address, browser type, retrieved content
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the fast and secure delivery of our services)

11. Your Rights as a Data Subject

You are entitled to the following rights:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about your stored personal data.
  • Right to rectification (Art. 16 GDPR): You have the right to have inaccurate data corrected.
  • Right to erasure (Art. 17 GDPR): You have the right to have your data deleted ("right to be forgotten").
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your data.
  • Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw consent at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority.

Competent Supervisory Authority

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern
(State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania)
Werderstraße 74a
19055 Schwerin
www.datenschutz-mv.de

12. Changes to This Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will apply to your subsequent visits.

Last updated: February 2026