Privacy Policy

1. Controller

2. Data Protection Officer

If you have any questions about data protection, please address your enquiry to our Data Protection Officer at the postal address above (keyword: "Data Protection Officer").

3. Visiting our Website

3.1 Server Log Files

When you access blazed.sh, the web server automatically stores certain information transmitted by your browser in so‑called server log files. This includes:

• IP address (anonymised†)
• Date and time of access
• URL and HTTP status code
• Referrer URL
• User‑Agent (browser and operating system)

Processing is technically necessary to display the website (Art. 6 (1)(b) GDPR) and to ensure stability and security (Art. 6 (1)(f) GDPR). Log files are erased after 7 days unless longer retention is required for evidence purposes.

†IP addresses are stored only in truncated form so they cannot be linked to an individual.

3.2 Cookies & Consent Tool

We use cookies and similar technologies. Non‑essential cookies (e.g. for web analytics or marketing) are set only after you have given consent via our Cookie Consent Banner (Art. 6 (1)(a) GDPR in conjunction with § 25 (1) TTDSG). You can withdraw consent at any time in the banner settings.

4. Using the PaaS Platform

When you open an account, deploy containers, or otherwise use our services, we process the following categories of data:

• Account Data – e‑mail address, password (hashed), user ID, organisation, preferred language.
• Billing Data – name, address, VAT ID, payment method, invoices.
• Service Usage Data – container images, deployment metadata, resource usage (CPU, RAM, bandwidth), logs you generate.

Processing is necessary to perform the contract or to take pre‑contractual steps (Art. 6 (1)(b) GDPR). We keep account and billing data for the statutory retention periods (typically 6–10 years under German commercial & tax law).

5. Google Analytics (GA4)

Our website uses Google Analytics 4, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics enables us to analyse user behaviour in order to optimise our site and marketing (Art. 6 (1)(a) GDPR – your consent).

• IP anonymisation is activated; IP addresses are shortened within the EU/EEA.
• Data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google relies on EU Standard Contractual Clauses (SCCs) to ensure an adequate level of protection.
• You can withdraw consent at any time via the Cookie Banner or install the browser add‑on: https://tools.google.com/dlpage/gaoptout.
• The retention period set in Google Analytics is 14 months.

6. Google Fonts

Our website uses Google Fonts to display fonts uniformly. Fonts are loaded locally from our servers (no connection to Google) or (if not cached) directly from Google servers. When retrieved from Google servers, your IP address and device information are transmitted to Google (Art. 6 (1)(f) GDPR – our legitimate interest in a consistent presentation).

You can block external font loading via browser settings or extensions.

7. Marketing Communications

If you create an account, we may send you product updates, usage tips or promotional communications relevant to our services (Art. 6 (1)(f) GDPR – direct marketing to existing customers). You can object at any time in your account settings or via the unsubscribe link in such messages.

We only send newsletters to non‑customers if you opt in (double‑opt‑in) (Art. 6 (1)(a) GDPR).

8. Recipients & Data Transfers

We share personal data with service providers who act as processors pursuant to Art. 28 GDPR, e.g. hosting providers, payment processors, CRM, and analytics providers. A list of processors can be provided upon request.

Where processors are located outside the EU/EEA, data is transferred on the basis of SCCs or an adequacy decision (Art. 46 GDPR).

9. Retention Periods

We store personal data only as long as required for the purposes stated or as mandated by statutory retention obligations.

10. Your Rights

Under the GDPR you have the right to:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7 (3))
• Lodge a complaint with a supervisory authority (Art. 77). The competent authority for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen, Postfach 20 04 44, 40102 Düsseldorf, Germany.

11. Obligation to Provide Data

You are not legally obliged to provide personal data. However, some data (e.g. registration details) are necessary to conclude or perform the contract; without them we cannot provide our services.

12. Automated Decision‑Making

We do not use automated decision‑making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.

13. Data Security

We implement state‑of‑the‑art technical and organisational measures (TOMs) to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available at https://blazed.sh/privacy. If the changes are material, we will inform you within the service environment.