Privacy Policy

1. Overview

We take privacy seriously. RGATE does not require user accounts. We do not send emails. We do not use tracking cookies. We do not build marketing profiles. We do not collect personal data beyond what is technically necessary to operate the service.

2. No User Accounts

• No login is required.
• We do not maintain user profiles.
• We do not operate user databases.

3. No Cookies

We do not use cookies for advertising, behavioral tracking, or cross-site profiling.

4. Analytics

We use Plausible Analytics, a privacy-focused analytics provider.

• No cookies
• No cross-site tracking
• No personal profiling
• No sale of data

Plausible collects limited, aggregated information such as page views, referral sources, and approximate geographic region.

5. Infrastructure & Hosting

Our infrastructure is hosted primarily within the European Union (Frankfurt, Germany). Service providers may include:

• AWS (Frankfurt region)
• Railway
• Supabase
• Redis
• Vercel
• Cloudflare

These providers may process limited technical data (such as IP addresses) as part of standard server operations.

6. Payment Processing

Payments are processed by Stripe. We do not store credit card information. Payment data is processed directly by Stripe under its own privacy policy and security standards.

7. Scan Data

When a scan is performed:

• We analyze publicly accessible deployment endpoints.
• We do not request credentials.
• We do not access private databases.
• We do not store API keys.
• We do not intentionally collect personal data.

Scan data and reports are stored only as long as necessary to provide the service.

8. Data Retention

We retain only minimal technical logs required for:

• Security
• Fraud prevention
• System integrity

We do not operate marketing databases or email lists.

9. GDPR (European Union)

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) applies. Under the GDPR, you have the right to:

• Access your personal data
• Request correction
• Request deletion
• Restrict processing
• Object to processing
• Data portability

Because we do not maintain user accounts or personal data profiles, most requests will be limited to technical log data. Legal basis for processing: We process minimal technical data under: • Legitimate interest (service operation and security) • Contractual necessity (payment processing via Stripe) You may contact us at privacy@nystart.earth regarding any GDPR-related request.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These include the right to:

• Know what personal information is collected
• Request deletion
• Opt out of the sale of personal information
• Non-discrimination for exercising privacy rights

We do not sell personal information. We do not use personal information for behavioral advertising. Requests may be submitted to: privacy@nystart.earth

11. Australia Privacy Notice

If you are located in Australia, the Privacy Act 1988 (Cth) may apply. We collect only minimal technical data necessary to operate our service. We do not collect sensitive information. You may request access to or correction of personal information by contacting us at: privacy@nystart.earth

12. International Transfers

Our infrastructure is primarily located in the European Union. Where third-party providers process data outside the EU, they operate under appropriate safeguards and standard contractual protections where required.

13. Changes

We may update this policy to reflect operational or legal changes. The latest version will always be available on this page.

14. Contact

For privacy-related questions: Nystart GmbH Leonore-Mau-Weg 2 D-22763 Hamburg Email: privacy@nystart.earth