1. Data Controller
The data controller for this website and the Kaspay POS application is specified in our Imprint.
2. Data We Collect and Legal Basis
Purchase Data (Contract Performance - Art. 6(1)(b) GDPR)
- Email address
- Name (for invoicing)
- Address (if provided)
- VAT number (EU businesses)
- Purchase and invoice records
Tax Records (Legal Obligation - Art. 6(1)(c) GDPR)
- Invoices and orders - retained 10 years (ยง 147 AO)
- Business correspondence - retained 6 years (ยง 257 HGB)
Newsletter (Consent - Art. 6(1)(a) GDPR)
- Email address (only with your explicit consent)
- Unsubscribe anytime via link in email
Technical Data (Legitimate Interest - Art. 6(1)(f) GDPR)
- IP address (security and rate limiting, deleted after 24 hours)
- Access logs (security, deleted after 7 days)
- Server statistics (Hetzner, anonymized IPs only)
Important: Kaspay POS is non-custodial. We never access your cryptocurrency, private keys, or wallet data. All wallet data stays on your device.
3. Data Sharing
We only share data with:
- NOWPayments (payment processing)
- Email service (customer communication)
- Authorities (if legally required)
We never sell your data.
4. Your Rights (GDPR)
You have the right to:
- Access your data (Art. 15)
- Correct your data (Art. 16)
- Delete your data (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent (Art. 7)
To exercise these rights: Use our GDPR Request Form or contact us via Imprint.
You can file complaints with the Hamburg Data Protection Authority:
datenschutz.hamburg.de
5. Cookies
We use only essential cookies for:
- Security (CSRF protection)
- Rate limiting
The Kaspay POS application doesn't use cookies.
6. Changes
We may update this policy. Check the "Last updated" date for the latest version.