Privacy Policy
This policy explains which personal data BLUN processes, the legal basis for processing, and your rights under the GDPR and Austrian data-protection law.
Controller
Mayk Biletti · Sportplatzgasse 32b · 2443 Leithaprodersdorf · Österreich. Email: legal@blun.ai
Data we process
- Account data: email address, display name, workspace name, and hashed password.
- Session token stored in an HttpOnly cookie for secure login sessions.
- Payment data is processed by Stripe; BLUN stores only the Stripe customer reference.
- Server logs: IP address, user agent, and request path, retained for 14 days.
- Theme and locale preferences.
Legal basis
- Art. 6(1)(b) GDPR for account and subscription performance.
- Art. 6(1)(f) GDPR for security, abuse prevention, and server logs.
- Art. 6(1)(a) GDPR for optional marketing email consent.
Recipients
- Stripe Inc. for payment processing, with a data-processing agreement in place.
- Hetzner Online GmbH for EU hosting and infrastructure processing.
- Postal on BLUN-managed EU mail infrastructure.
International transfers
Stripe may process data in the USA. Safeguards include the EU-US Data Privacy Framework and standard contractual clauses where required.
Retention
Account data is retained until account deletion. Accounting-relevant records are retained for seven years under Austrian tax law.
Your rights
You may request access, rectification, erasure, restriction, portability, or object to processing under GDPR Articles 15-21. You may also lodge a complaint with the Austrian Data Protection Authority.
Cookies
BLUN uses only technically necessary cookies. No tracking cookies and no third-party pixels are set on this surface.
Workspace: BLUN HQ · Last updated: 2026-07-01

