Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller is weldingOS. For any privacy-related requests, contact us at privacy@weldingos.com.

2. Data Collected and Purposes

2.1 Authentication Data

We use Firebase Authentication (Google LLC) to manage platform access. We collect your email address and, if provided, display name. This data is necessary to provide the service (legal basis: performance of a contract, Art. 6(1)(b) GDPR).

2.2 Payment Data

Payments are handled by Stripe, Inc.. We do not store credit card data on our servers. Stripe receives the data necessary to process payments and manage subscriptions (legal basis: performance of a contract).

2.3 Usage Data

Firestore stores subscription status (active/inactive), chosen plan, and update timestamp — strictly necessary for service delivery.

2.4 Security Logs

We log security events (failed login attempts, payment anomalies) for up to 90 days to protect users and the system (legal basis: legitimate interest, Art. 6(1)(f) GDPR).

3. Cookies

We use only essential technical cookies necessary for the service (Firebase authentication session). We do not use profiling or advertising cookies. See our Cookie Policy for details.

4. Data Recipients

Your data may be shared with:

  • Google LLC / Firebase — authentication and database (Standard Contractual Clauses)
  • Stripe, Inc. — payment and subscription management (GDPR-compliant DPA)

We do not sell or share your data with third parties for commercial purposes.

5. Data Retention

  • Account data: for the duration of the contractual relationship + 12 months
  • Payment data: retained by Stripe according to their policy
  • Security logs: 90 days
  • Rate limiting data: automatically deleted after the time window

6. Your Rights

Under GDPR (Arts. 15–22) you have the right to:

  • Access your personal data
  • Rectify or erase it
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, write to privacy@weldingos.com. You also have the right to lodge a complaint with your local supervisory authority.

7. Security

We apply appropriate technical and organisational measures to protect your data: HTTPS/TLS encryption, server-side Firebase token verification, and least-privilege database access.