1. General Information

This web application ("Eloora") processes personal data exclusively in accordance with applicable data protection laws, in particular the GDPR. This privacy policy explains what data is processed for what purpose and what rights you have.

2. Data We Collect

Registration & Login

To use the app, registration with an email address and password is required. This data is used exclusively for managing your user account.

Passwords are stored encrypted (via Supabase Auth with bcrypt).

Rental Administration Data

As a landlord using Eloora, you enter information about your compounds, garages, tenants (including names, contact details, and IBANs), leases, and payment history. This data is processed on your behalf to provide the administration features of the app.

Bank Transaction Data

When you upload CSV bank statements for payment matching, the individual transactions (booking date, payer name, IBAN, amount, purpose) are parsed and stored. The original CSV file itself is not retained after processing.

AI Assistance

When you use the built-in AI assistant for payment matching or administrative tasks, the relevant content of your request is transmitted to our AI provider for processing. Responses are returned to you and are not used to train the provider's models.

Server Logs

The hosting provider Vercel may collect technical data (e.g., IP address, browser type, access time) to ensure the operation of the app.

3. Purpose of Data Processing

• Providing the garage administration features (compounds, garages, tenants, leases, payments)
• User account management and authentication
• Matching incoming bank transactions against expected payments, partly assisted by AI
• Sending transactional notifications related to your account (for example, signup confirmations)
• System security, bot protection, and error analysis

4. Legal Basis

Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in operating and securing the app).

5. Data Recipients

• Supabase Inc. (authentication and database services)
• Vercel Inc. (hosting and web analytics)
• Anthropic, PBC (AI processing via Claude, used for the built-in assistant and payment matching)
• Resend (transactional email delivery, for example signup notifications)
• Cloudflare, Inc. (bot protection on the signup form via the Turnstile service). When you open the signup form, Cloudflare receives technical signals from your browser (such as IP address, user agent, and interaction metadata) to distinguish humans from automated abuse. See the Cloudflare Turnstile Privacy Addendum for details.

These service providers act as data processors within the meaning of the GDPR, some with headquarters in the USA. GDPR-compliant contracts (standard contractual clauses) exist.

6. Data Retention

• User account data: stored as long as your account exists
• Rental administration data (compounds, garages, tenants, leases, payments): stored as long as your account exists, or until you archive or delete individual records
• Server logs by Vercel: according to the provider, maximum 30 days

7. Your Rights

You have the right at any time to:

• Information about your stored data
• Correction of incorrect data
• Deletion of your data ("right to be forgotten")
• Restriction of processing
• Data portability
• Object to processing

Please contact us at: janik.dietz@irgendwas.com

8. SSL Encryption

The connection to this web app is made via a secure HTTPS connection.

9. Changes

This privacy policy may be updated as needed. The current version is always available on the website.

Legal Notice (Impressum)

Information according to § 5 TMG:

Janik Dietz
Wolframstraße 25
86161 Augsburg
Germany
Email: janik.dietz@irgendwas.com

Responsible for content according to § 55 para. 2 RStV:
Janik Dietz