Privacy Policy

1. Overview

Session Vault processes personal data in accordance with the principle of data minimisation. This website uses no tracking cookies, no web analytics, and no advertising technologies. The Chrome Extension stores all user data exclusively locally in your browser — we never have access to your session data at any time.

2. Hosting & Server Logs

Provider

This website is hosted by Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA. Vercel is certified under the EU-US Data Privacy Framework.

Automatically Collected Data

When you visit this website, Vercel automatically collects the following technical data (server logs):

• IP address (anonymised after a short period)
• Date and time of access
• Requested URL, referrer URL
• Browser type and version, operating system
• HTTP status code, amount of data transferred

Legal basis: Art. 6(1)(f) GDPR (legitimate interests – security, error analysis, and operation of the website). Logs are deleted after no more than 30 days.

For more information on data protection at Vercel: vercel.com/legal/privacy-policy

3. External Resources & CDN

Google Fonts

This website loads fonts from the Google Fonts service (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) directly from Google's servers. In doing so, your IP address is transmitted to Google. Google is certified under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests – consistent presentation of the website). Google's privacy policy: policies.google.com/privacy

Stylesheets (Tailwind CSS)

The styling of this website is built with Tailwind CSS and served as a single static stylesheet (/styles.css) directly from our own hosting (Vercel). It is not loaded from a third-party CDN, so no additional IP transmission to an external styling provider takes place.

Paddle Checkout

To enable purchases, this site loads the checkout script of Paddle.com Market Ltd from cdn.paddle.com. This establishes a connection to Paddle when the page loads; no purchase data is transmitted unless you start a checkout. See paddle.com/legal/privacy.

Cookies

This website sets no cookies of its own. We use neither analytics cookies nor tracking or marketing cookies. Third-party services (Google Fonts, Paddle) may set cookies in accordance with their own privacy policies.

4. Contact by Email

If you contact us by email (e.g. via the Enterprise contact form or directly at anfrage@flowent.de), we process the data you provide (name, email address, message content) solely for the purpose of handling your enquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interests in responding to enquiries). Data will be deleted after the matter has been fully resolved, unless a statutory retention obligation applies.

5. Payment Processing, Licence Delivery & Purchase Data

Purchases of paid licences are processed by Paddle.com Market Ltd (Judd House, 18–29 Mora Street, London EC1V 8BT, United Kingdom) acting as our Merchant of Record (reseller). Your payment and billing data are collected and processed directly by Paddle under its own privacy policy: paddle.com/legal/privacy. We do not receive or store your full payment-card details.

To deliver your licence and fulfil the contract, we process your email address and the licence record. The licence record is stored on Neon, Inc. (serverless PostgreSQL) and the licence-delivery email is sent via Resend (Plus Five Five, Inc.); each acts as a processor on our behalf under a data-processing agreement. Privacy policies: neon.tech/privacy-policy, resend.com/legal/privacy-policy.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(c) GDPR (statutory retention periods under §§ 147 AO, 257 HGB — up to 10 years for invoices).

6. Chrome Extension – Local Data Storage

chrome.storage.local

The Session Vault Chrome Extension stores all captured session data (tab URLs, titles, groups, timestamps) exclusively in chrome.storage.local – directly within your browser profile on your device. This data never leaves your device and is never transmitted to our servers.

The stored data includes exclusively: tab URLs, page titles, tab group names, capture timestamps, and session names you have chosen yourself. No page content, login credentials, or cookies are captured.

We have no access to this data.

JSON Export (Downloads API)

When exporting your sessions as a JSON file, the extension uses the Chrome Downloads API. The generated file is saved directly to your local downloads folder. No data is transferred to external servers.

Legal Basis

As no personal data is transmitted to us and all data is processed exclusively locally, Art. 4(7) GDPR (controller) does not apply with regard to local data storage. You are solely responsible for the data stored locally on your device.

7. Optional Google Drive AppData Sync

Session Vault offers an optional synchronisation feature via the Google Drive API. This feature is disabled by default and must be explicitly enabled by the user.

How It Works

Once explicitly enabled, session data is stored in encrypted form in a private app data folder in your Google Drive (drive.appdata scope). This folder is:

• Not visible to other Google Drive users
• Not accessible to other apps or services
• Accessible exclusively to the Session Vault Extension

Data Processing by Google

Synchronisation occurs directly between your browser and Google Drive. Authentication uses the open standard OAuth 2.0. We never receive access to your Google account or your Google Drive data at any time.

The processing of your data by Google is governed by the privacy policy of Google LLC: policies.google.com/privacy

Withdrawal of Consent

You may disable Google Drive synchronisation at any time in the Extension settings, and delete the stored AppData via your Google account at myaccount.google.com/permissions. Local data storage (chrome.storage.local) is not affected by this.

Legal basis: Art. 6(1)(a) GDPR (consent given by explicitly enabling the feature).

8. Your Rights (Art. 15–22 GDPR)

You have the following rights with respect to the personal data we hold about you:

• Right of Access (Art. 15 GDPR): You may request information about the personal data we process about you.
• Right to Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
• Right to Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
• Right to Restriction of Processing (Art. 18 GDPR): You may request that processing be restricted.
• Right to Data Portability (Art. 20 GDPR): You may request that your data be provided in a machine-readable format.
• Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests.
• Right to Withdraw Consent (Art. 7(3) GDPR): Any consent you have given may be withdrawn at any time with effect for the future.

To exercise your rights, please contact: anfrage@flowent.de

9. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (Art. 77 GDPR). The competent supervisory authority for our registered address in Baden-Württemberg is: