Skip to content

Privacy policy

This is an English convenience translation. The German Datenschutzerklärung is the primary, binding version.

This policy covers paasbox.com (the public website) and the customer console at console.paasbox.com (account, team, billing, clusters) with its API.

The console shows this policy at signup.

When you use the console, distinguish the role in which we process: as controller (account, team, billing, support) or as processor (the personal data inside your cluster and your Hetzner project). For processing on your behalf, the data processing agreement (DPA) applies in addition; the two documents do not contradict each other on who plays which role.

Controller: TODO(owner): legal entity name and address, as in the imprint. Contact: support@paasbox.com.

Like practically every web server, ours records requests: IP address, timestamp, requested URL, referrer, and browser identification. We use these logs to operate the site securely and diagnose faults (legitimate interest, Art. 6(1)(f) GDPR). Logs are kept short-term and are not merged with other data.

Section titled “Analytics — no cookies, no consent banner needed”

We use a self-hosted instance of umami, a privacy-focused analytics tool. It sets no cookies, stores no persistent identifiers, does not track you across sites, and aggregates page views anonymously. IP addresses are not stored. Because no cookies or comparable identifiers are used and no personal profiles are built, no consent banner is required; the legal basis is our legitimate interest in understanding aggregate site usage (Art. 6(1)(f) GDPR). The analytics data never leaves our own infrastructure.

If you subscribe to the newsletter, we process your email address to send it — with double opt-in (you confirm the subscription by email) and an unsubscribe link in every mail. Legal basis: consent (Art. 6(1)(a) GDPR), revocable anytime. Dispatch uses Mailjet (EU data centers) as processor. Until the newsletter launches, no subscription data is collected.

If you email us, we process your address and the content of your message to answer it (Art. 6(1)(b) or (f) GDPR). Support correspondence is kept as long as needed to handle the matter and any follow-ups.

Customer console: processing as controller

Section titled “Customer console: processing as controller”

For the following processing we are the controller. The categories follow the data the console actually collects.

For your user account we process your name, email address, an encrypted stored password, the verification status of your email, and optionally an avatar, language, and time zone. The legal basis is performance of the contract (Art. 6(1)(b) GDPR). We keep this data for the life of the account and delete it afterwards unless a statutory retention duty applies.

Accounts are organised into teams. We process the team name, memberships and roles, and invitations (the invitee’s email address and the inviting person). The legal basis is contract performance and our legitimate interest in administering team collaboration (Art. 6(1)(b) and (f) GDPR).

Billing is handled through the payment provider Stripe as a processor. We process the data needed for billing (Stripe customer and subscription identifiers, plan, currency, payment status, invoice and usage data, spend caps, and credits). We do not process full card details; those are collected and processed directly by Stripe. The legal basis is contract performance (Art. 6(1)(b) GDPR) and compliance with legal retention duties (Art. 6(1)(c) GDPR). We keep billing-relevant records for the periods required by commercial and tax law (typically up to ten years, § 147 AO, § 257 HGB).

If you contact support or use the console’s chat/assistant, we process the content of your messages to handle your request (Art. 6(1)(b) or (f) GDPR). This data is kept as long as needed for handling and traceability.

To manage clusters in your own Hetzner project, you supply a Hetzner API token. We store it encrypted, never display it again after validation (not in the console, the API, or to support), and use it solely on your instructions to manage your cluster resources. You can rotate it at any time or revoke it at Hetzner. The legal basis is contract performance (Art. 6(1)(b) GDPR).

We process the cluster metadata needed to provide the service (including cluster and team name, region, Kubernetes version, configuration, status) and an activity log of cluster and billing actions (including the acting person and the audited issuance of short-lived kubeconfig credentials). The legal basis is contract performance and our legitimate interest in security and traceability (Art. 6(1)(b) and (f) GDPR).

Programmatic access uses API keys that we store only as a hash; they are bound to a user and team. The legal basis is contract performance (Art. 6(1)(b) GDPR).

Like the website server, the platform logs requests (including IP address, timestamp, request) to operate the console and API securely and diagnose faults (Art. 6(1)(f) GDPR). Logs are kept short-term.

For the personal data inside your cluster, you are the controller; we process it solely on your behalf under the DPA. Concretely:

  • Application and workload data (contents on worker nodes, in volumes and databases) reside exclusively in your own Hetzner project. We do not access it.
  • The provider-held control-plane state (etcd) and its backups may contain personal data you place there (e.g. in Kubernetes Secrets/ConfigMaps). We process this only on your instructions and exclusively in the EU; it is deleted when the cluster is deleted or the contract ends. You can export it beforehand at any time via kubeconfig/API.

Which personal data is contained there is determined solely by you; we do not analyse the contents. The detail (categories, technical and organisational measures, sub-processors) is set out in the DPA.

We use carefully selected processors:

  • Stripe — billing (see above).
  • Mailjet — newsletter dispatch (EU data centers; see above).
  • Hetzner — operating the platform and control-plane infrastructure (seeds, etcd) in EU data centers. For the resources in your own Hetzner project, you have your own separate contract with Hetzner.
  • S3-compatible object storage (EU) — storage of the etcd backups.

The website, the console, and the control planes we operate run in Hetzner data centers in the European Union. Analytics data stays on our own infrastructure; newsletter data is processed by Mailjet in the EU; the cluster state (etcd) and its backups reside in the EU. Your application data lives in your own Hetzner project in the EU. Billing via Stripe may be an exception.

Otherwise we do not transfer data outside the EU/EEA.

Under the GDPR you can request access to your personal data, rectification, erasure, restriction of processing, and data portability, and you can object to processing based on legitimate interest. Where processing rests on consent, you can withdraw it at any time with effect for the future. You also have the right to lodge a complaint with a data-protection supervisory authority. To exercise any of these rights, email support@paasbox.com.

We update this policy when the data processing of the website or the console changes (for example when the newsletter goes live or a processor is added). The current version is always at this address.

Last updated: 2026-07-09.