Data protection · App
Privacy policy
This policy covers the sur.plus product application (app.surpluspurpose.com). The landing page (surpluspurpose.com) has its own privacy notice.
Controller
Florian Lechner, Landsberger Straße 57, 82266 Inning am Ammersee-Stegen, Germany — service@surpluspurpose.com
What we process
Demo workspace (/demo): no account, no tracking, no cookies. Sample data only; nothing you enter is persisted.
Customer workspace (after sign-in): account e-mail and workspace profile (role, organization), the operational data your organization enters (listings, needs, matches, messages, documents) and a security audit trail. Legal basis: performance of contract (Art. 6(1)(b) GDPR) and legitimate interest in platform security (Art. 6(1)(f) GDPR).
Cookies
The app uses strictly necessary authentication cookies (Supabase session) only. No analytics, no advertising, no third-party trackers — which is why there is no cookie banner.
Processors and hosting
Hosting: Netlify (site delivery and server functions). Database and authentication: Supabase, EU region (Frankfurt). Sign-in e-mails are delivered via the authentication provider. Data processing agreements are in place with these providers.
Retention
Operational records (matches, certificates, audit trail) are kept as long as your contract runs and afterwards as required by statutory retention duties. Workspace data is exportable before account closure and deleted 30 days after.
Your rights
You have the rights of access, rectification, erasure, restriction, portability and objection (Art. 15–21 GDPR), and the right to lodge a complaint with a supervisory authority (for Bavaria: BayLDA, Ansbach). Contact us at service@surpluspurpose.com.
Status: pre-launch validation phase. This policy will be revised when payment processing (Stripe) and additional integrations go live.