Skip to main content
civet

Legal

Privacy Policy

Last updated: 15 May 2026

This notice informs you in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR) about the processing of personal data when you visit project-civet.dev and use the associated services.

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR is the entity named in the Imprint. For full legal name, postal address, email and phone number of the controller please refer to the Imprint.

For general data-protection inquiries you can reach us at datenschutz@project-civet.dev.

We process personal data only for the purposes set out below and only on the basis of the legal grounds specified for each, in accordance with Art. 6(1) GDPR.

(a) Waitlist / pre-registration When you sign up to the waitlist we process your email address in order to notify you when the alpha programme opens. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measure at your request) and our legitimate interest in an orderly launch, Art. 6(1)(f) GDPR.

(b) Optional occasional product updates If you tick the corresponding consent box, we will additionally send you occasional product updates by email. The legal basis is your consent, Art. 6(1)(a) GDPR. You may withdraw consent at any time with effect for the future (see Section 7).

(c) Sign-in and account functionality Where you create a user account after the alpha programme opens, we process the data required to sign you in, authenticate you and secure your session. The legal basis is Art. 6(1)(b) GDPR (performance of contract) together with Art. 6(1)(f) GDPR (legitimate interest in the security of authentication).

(d) Essential cookies We use essential cookies (e.g. session cookies, cookie-banner status) on the basis of Art. 6(1)(f) GDPR and § 25(2) No. 2 TDDDG; consent is not required.

(e) Functional cookies We set functional cookies (e.g. language and theme preferences) only if you have explicitly consented. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

3. Recipients and categories of recipients

We pass personal data only to the categories of recipients listed below and only to the extent required to deliver the respective purpose.

  • Hosting infrastructure provider (Cloudflare) — delivery of the website and edge serving within the EU jurisdiction (processor under Art. 28 GDPR).
  • Email infrastructure provider (Resend, EU region eu-west-1 Frankfurt) — delivery of confirmation and update emails (processor under Art. 28 GDPR).

A complete list of sub-processors is available on request. A publicly available sub-processor list will follow in a later phase.

4. Transfers to third countries

There are no transfers of personal data to countries outside the EU or the EEA. All data storage and processing takes place within the EU jurisdiction (Cloudflare EU pinning; Resend EU region eu-west-1 Frankfurt).

5. Retention periods

  • Waitlist: stored until withdrawal, but no longer than 24 months in case of inactivity.
  • Account records: stored for the lifetime of the user account plus any statutory retention periods.
  • Email delivery logs (email_events): 12 months for audit purposes after dispatch or bounce.
  • Cookie-consent records: for the lifetime of the respective consent cookie, no longer than 180 days.

6. Your rights as a data subject

You have the following rights vis-à-vis us:

  • right of access (Art. 15 GDPR),
  • right to rectification (Art. 16 GDPR),
  • right to erasure (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to data portability (Art. 20 GDPR),
  • right to object to processing (Art. 21 GDPR).

To exercise these rights an informal message to datenschutz@project-civet.dev is sufficient.

Where processing is based on consent under Art. 6(1)(a) GDPR (in particular optional product updates and functional cookies) you may withdraw consent at any time with effect for the future. The lawfulness of processing carried out up to the point of withdrawal remains unaffected. You can adjust your cookie consent at any time via the “Cookie settings” link in the page footer.

8. Right to lodge a complaint

You have the right to lodge a complaint with a data-protection supervisory authority regarding our processing of your personal data. The competent authority is regularly the state data-protection authority of the federal state in which our registered office is located, and, additionally, the Federal Commissioner for Data Protection and Freedom of Information (BfDI). Final local jurisdiction will be determined once the company has been registered (see Imprint).

9. Provision obligation

Providing your data for the waitlist is voluntary; there is no statutory or contractual obligation to provide it. If you later register for a user account, providing the data necessary for sign-in is a prerequisite for using the service; without that data the contract cannot be performed.

10. Automated decision-making

No automated individual decisions within the meaning of Art. 22 GDPR take place. AI-generated documents are reviewed and approved exclusively by the treating veterinarian.

11. Cookies and similar technologies

We use only two categories of cookies:

  • Essential: session security, sign-in and the status of your cookie consent. These cookies cannot be disabled.
  • Functional: storage of your language and theme preferences. We set these cookies only with your consent.

We do not set tracking or advertising cookies. You can re-open and adjust your cookie consent at any time via the “Cookie settings” link in the page footer.

Cookies

We use essential cookies so civet works, and functional cookies that remember your preferences (such as language and theme). No tracking or advertising cookies.

Learn more in our privacy policy