Logo
Logo

Privacy Notice

Privacy Notice

We are happy you are using our service. The protection of your personal data is important to us. Here we explain in plain language what data we process, why we do so, and what rights you have.

1. Who is responsible?

The entity responsible for processing your data is:

StackForge UG (haftungsbeschränkt)
Bergstr. 4
84107 Weihmichl
Germany

Email: privacy@pastely.eu
Website: www.stack-forge.eu

Do you have questions about data protection? Just write to us!

2. What data do we process – and why?

Creating and managing an account

When you create or edit an account with us, we store:

  • Email address – so we can reach you and identify your account
  • Name data – for identification and addressing you
  • Access credentials (password or passkey) – so you can log in securely
  • Language settings – so the service is displayed in your preferred language

Legal basis: Art. 6(1)(b) GDPR – We need this data to fulfil the contract with you (i.e. so you can use our service).

How long do we store the data? We delete this data when you close your account.

Public profile (Tree)

When you set up a public profile (Tree), you can voluntarily provide the following information there:

  • Avatar (profile picture)
  • Profile data (username, display name, description text)
  • Links to social networks
  • Custom links
  • Texts for legal pages (e.g. your own imprint or your own privacy policy)

Important: All information in the public profile is entirely voluntary. You decide what you enter there and make publicly visible. Do not provide any data there that you do not wish to share publicly.

Legal basis: Art. 6(1)(a) GDPR – You give your consent by actively entering and publishing the data.

How long do we store the data? We delete this data when you close your account or remove the relevant information yourself.

Plan upgrade (paid services)

When you book a paid plan, we process:

  • Payment information and methods (e.g. credit card, SEPA)
  • Billing address
  • Invoice data (e.g. amount, date, service)

Legal basis: Art. 6(1)(b) GDPR – We need this data to process the contract.

Payment service provider: For payment processing we use the service Mollie B.V. (Keizersgracht 126, 1015CW Amsterdam, Netherlands). Your payment data is transmitted directly to Mollie. Information on data protection at Mollie can be found at: https://www.mollie.com/de/legal/privacy

How long do we store the data? Invoice and payment data must be retained for 10 years due to statutory retention obligations.

Referral programme (refer a friend)

When you invite other people to use our service, we process:

  • Referral code – a unique code assigned to you

This code is used to track successful referrals.

Legal basis: Art. 6(1)(b) GDPR – The processing is part of using the referral programme.

How long do we store the data? We delete this data when you close your account.

Link shortening

When you use our link shortening service or click on a shortened link, we temporarily capture:

  • IP address
  • Browser information (in particular browser type, operating system)
  • Time of access

We use this data exclusively for statistical analysis (i.e. how often a link was clicked). For the statistics, the data is anonymised – meaning it is no longer possible to trace the statistics back to you as an individual. The plain-text data (including IP address etc.) is stored only as briefly as necessary and then deleted.

Legal basis: Art. 6(1)(f) GDPR – We have a legitimate interest in anonymous usage statistics to improve our service.

How long do we store the data? The non-anonymised data is deleted immediately after anonymisation.

Server log files

When you access our website and services, technical information is automatically stored in so-called log files:

  • IP address
  • Browser information (e.g. browser type and version)
  • Time of access

This data helps us to ensure the operation of the website and to identify technical problems.

Legal basis: Art. 6(1)(f) GDPR – We have a legitimate interest in the secure and stable operation of our services.

How long do we store the data? Log files are automatically deleted after 14 days.

Sign in with Instagram (Social Login)

You can also sign in to Pastely using your Instagram account instead of creating a separate password. If you choose this option, you will be redirected to Instagram and log in there. Instagram (Meta Platforms Ireland Ltd.) will then share certain data from your profile with us.

The data we receive depends on the permissions you grant on Instagram. Typically this includes:

  • Instagram user ID – a unique identifier for your Instagram account
  • Username
  • Name
  • Email address (if stored in your Instagram account and shared)

We use this data exclusively to create your Pastely account and to identify you when you log in. We do not store your Instagram password at any time.

Note: Signing in via Instagram is voluntary. You can also use Pastely with an email address and a password of your own.

Third-party provider: During Social Login, data is transferred between your browser and Meta's servers. This process is subject to Meta's privacy policy. You can find information at: https://privacycenter.instagram.com/policy

Legal basis: Art. 6(1)(a) GDPR – You give your consent by actively selecting Instagram login and confirming the permissions on Instagram. You can withdraw this consent at any time by disconnecting Pastely in your Instagram settings and informing us.

How long do we store the data? We delete this data when you close your account.

Website statistics (anonymous tracking)

To understand how our website is used, we use the open-source tool Umami. Umami runs exclusively on our own servers in the EU – no data is transmitted to external providers.
Tracking is completely anonymous. No cookies are set and no personal profiles are created. Only the following is recorded:

  • Page views – which pages are visited and how often
  • Referrer – which website you came from (e.g. a search engine or another link)
  • Approximate location – the country or region is determined on the basis of the IP address; the IP address itself is not stored

The data collected in this way cannot be traced back to you as an individual and is used exclusively to improve our offering.

Legal basis: Art. 6(1)(f) GDPR – We have a legitimate interest in anonymously analysing the use of our website in order to develop it further. As the data is collected in a fully anonymised manner and no cookies are used, consent is not required.

How long do we store the data? The anonymised statistical data is stored for 12 months and then deleted.

3. Is data shared with others?

We only share your data when necessary:

  • Payment processing: With Mollie B.V. (see section 2.3)
  • Legal obligations: When we are required to do so by law or official orders

We do not sell your data to third parties.

We operate our hosting exclusively in Europe with local European partners (no companies from the USA or similar), who act as data processors on our behalf.

4. Your rights

You have the following rights regarding your personal data:

  • Access – You can ask what data we have stored about you.
  • Rectification – You can request that incorrect data be corrected.
  • Erasure – You can request the deletion of your data, provided no statutory retention obligations stand in the way.
  • Restriction of processing – You can request that we only process your data in a restricted manner.
  • Data portability – You can request that we provide your data to you in a commonly used format.
  • Objection – You can object to the processing of your data based on our legitimate interests.
  • Withdrawal of consent – If you have given us consent, you can withdraw it at any time. This does not affect the lawfulness of the processing carried out prior to the withdrawal.

To exercise your rights, simply write to us at: privacy@pastely.eu

5. Right to lodge a complaint

If you believe that we are not processing your data lawfully, you can lodge a complaint with a data protection authority. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 1349
91504 Ansbach
Germany

https://www.lda.bayern.de/

A list of all German data protection authorities can be found at: https://www.bfdi.bund.de

6. Changes to this privacy policy

We update this privacy policy when something changes about our services or legal requirements. The current version can always be found on this page.

Last updated: 15 March 2026