Privacy Policy
Effective Date: August 15, 2025
Last Updated: March 5, 2026
1. Information about the collection of personal data and contact details of the person responsible
1.1 General Information
We are pleased that you are using our application PowerLibs (hereinafter "app" or "website"). In the following we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.
We only collect and use your personal data when we have a legitimate reason for doing so. We only collect personal data that is reasonably necessary to provide our services to you.
We do not sell your personal information or any data you provide to our Service in any way.
1.2 Responsible Party
Responsible for data processing regarding this app within the meaning of the General Data Protection Regulation (GDPR) is:
PowerLibs - Dennis Dörflinger
c/o Online-Impressum.de #4974
Europaring 90
53757 Sankt Augustin, Germany
Email: info@powerlibs.com
The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
2. Contact
When contacting us (e.g. via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
3. Automatically Collected Information
When you visit our website, our hosting infrastructure automatically logs standard data provided by your web browser. This may include:
- Your device's Internet Protocol (IP) address
- Your browser type and version
- The pages you visit, the time and date of your visit
- The time spent on each page
- Referrer URL (the page that linked you to us)
- Device type and operating system
Additionally, if you encounter errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device and other technical information related to the problem.
Legal Basis: This data processing is based on our legitimate interests (Article 6 (1) (f) GDPR) in providing a secure, functional website and protecting against misuse. While this information may not be personally identifying by itself, it may be possible to combine it with other data to identify individual persons.
4. Data processing for contract processing
4.1 General Contract Processing
For the processing of contracts concluded via the app, we work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the service providers as part of the contract, insofar as this is necessary for the delivery of the services. We pass on your payment data to the commissioned payment processor as part of the payment process, provided this is necessary for the payment process. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.
4.2 Vercel (Hosting Infrastructure)
Our website and application are hosted on Vercel, Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, your request data (including IP address) is processed by Vercel's infrastructure to deliver the website to you. This applies to all visitors, regardless of whether they have an account.
Legal Basis: The data processing is based on Article 6 (1) (f) GDPR for our legitimate interests in providing a reliable and performant website.
Further information on data protection by Vercel can be found here: https://vercel.com/legal/privacy-policy
4.3 Stripe (Payment Processing)
For payment processing, we use Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. When you make a purchase, we pass on the information you provided during the ordering process together with the information about your order to Stripe. Your data will be passed on in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this.
We have concluded a data processing agreement with Stripe, with which we oblige the provider to protect the data of the app users and not to pass it on to third parties without authorization.
Further information on data protection by Stripe can be found here: https://stripe.com/privacy
4.4 Supabase (Database and Authentication)
For user authentication, database services, and application functionality, we use Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992. When you create an account or use our services, certain personal data is processed by Supabase including email addresses, authentication tokens, and application data.
The data processing is based on Article 6 (1) (b) GDPR for contract performance and Article 6 (1) (f) GDPR for our legitimate interests in providing secure and reliable services.
Further information on data protection by Supabase can be found here: https://supabase.com/privacy
5. Sub-Processor Overview
The following table provides a consolidated overview of all third-party service providers (sub-processors) that may process your personal data on our behalf:
| Company | Purpose | Information Collected | When |
|---|---|---|---|
| Vercel | Hosting + Analytics | IP address, page views | All visitors |
| Supabase | Database + Authentication | Email, auth tokens, app data | After account creation |
| Stripe | Payment processing | Payment info, order data | After purchase |
| OAuth authentication | Email, name | Opt-in (Google sign-in) | |
| DataFast | Analytics | Usage data, visitor ID | Opt-in (cookie consent) |
| Heyo | Feedback widget | Message data, email (if provided) | On-demand (user clicks chat) |
6. User Preferences and Onboarding Data
When you first use PowerLibs, we offer an optional onboarding process to customize your experience. During this process, we may collect the following information:
- Name: Your personal or professional name for personalization
- Project Name: Your project or organization name to customize component previews
- Brand Color Preferences: Your preferred colors for component styling
- Usage Preferences: Settings and preferences for the application interface
Legal Basis: This data collection is based on your explicit consent (Article 6 (1) (a) GDPR) and our legitimate interests in providing personalized services (Article 6 (1) (f) GDPR). You can skip the onboarding process or modify these settings at any time in your account preferences.
Data Usage: This information is used solely to customize your PowerLibs experience, including personalizing component previews and remembering your preferences. We do not share this data with third parties for marketing purposes.
Retention: This data is stored until you delete your account or request its removal. You can update or delete this information at any time through your account settings.
7. Google OAuth Authentication
We offer the option to authenticate via Google OAuth provided by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland. When you choose to sign in with Google, we receive basic profile information (email address, name) from Google to create and manage your account.
The legal basis for this processing is Article 6 (1) (b) GDPR for contract performance and your explicit consent according to Article 6 (1) (a) GDPR. You can revoke this consent at any time by disconnecting Google access in your account settings or by deleting your account.
Data transfers to Google LLC in the US are possible. Further information on Google's privacy practices can be found here: https://policies.google.com/privacy
8. Website Analytics
8.1 Vercel Analytics
We use Vercel Analytics to understand how our website is used and to improve our services. Vercel Analytics is designed to be privacy-friendly and GDPR compliant.
Data Collected: Vercel Analytics collects anonymous, aggregated data including page views, referrers, device types, browser information, and geographic location (country level only). No personal identifiers, IP addresses, or cookies are used.
Legal Basis: We process this data based on our legitimate interests (Article 6(1)(f) GDPR) to analyze website performance and improve user experience.
Data Retention: Analytics data is retained for 24 months and then automatically deleted.
Further information on Vercel's data protection practices can be found here: https://vercel.com/legal/privacy-policy
8.2 DataFast Analytics
We use DataFast Analytics to understand user behavior and conversion rates. DataFast collects usage data and may store cookies or local storage data (such as visitor IDs and session IDs) to identify unique visitors across sessions.
Legal Basis: This data processing is based on your explicit consent (Article 6 (1) (a) GDPR), which you provide via our cookie banner. If you do not consent, no personal data is transmitted to DataFast.
8.3 Heyo Feedback
PowerLibs integrates the Heyo live-chat widget to collect user feedback. The Heyo script is not loaded on page load. It is only loaded when you actively click the feedback button, meaning no data is collected and no cookies are set until you initiate a conversation. When you interact with the widget, data (such as your message, metadata, and potentially your email if provided) is transmitted to Heyo for processing.
Legal Basis: This data processing is based on our legitimate interest in improving our services (Article 6 (1) (f) GDPR) and your voluntary, user-initiated interaction with the feedback widget.
9. Consent Management & Cookies
9.1 Consent Management Platform
We use a custom cookie consent banner built into our website to inform you about the technologies used on our website and to obtain, manage, and document your consent to the processing of your personal data in accordance with GDPR. You can change your cookie preferences at any time via the "Cookie Settings" link in our website footer.
The legal basis for this processing is Art. 6 (1) (c) GDPR (compliance with a legal obligation).
9.2 Types of Cookies
Our website uses the following categories of cookies and local storage:
Essential Cookies (No Consent Required)
- Authentication: To maintain your login session and security
- Preferences: To remember your app settings and preferences
- Security: To protect against cross-site request forgery
- CookieConsent: To save your cookie preferences
- Vercel Analytics: Cookieless performance monitoring (no personal data collected)
- Heyo: Live-chat feedback widget, loaded on-demand only when you click the chat button (no cookies set until interaction)
Analytics Cookies (Requires Consent)
- DataFast: Tracking cookies to analyze visitor behavior
These cookies are only set if you give explicit consent via our Cookie Banner.
10. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this privacy policy:
- Account Data: Until you delete your account or request deletion
- Payment Records: 10 years as required by German tax law
- Support Communications: 3 years after resolution
- Analytics Data: 24 months (Vercel Analytics)
- Legal Obligations: As required by applicable law
All data you enter into our Service will be deleted from our databases within 30 days of you deleting your account. Additionally, any remaining information will be removed from our backups within 90 days after account deletion. If you wish for your personal data to be completely removed from all systems, please send an explicit request to privacy@powerlibs.com.
11. Children's Privacy
Our Service is not directed at children under the age of 16 (in accordance with the German Federal Data Protection Act, BDSG, and EU GDPR). We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us at privacy@powerlibs.com. If we become aware that we have collected personal data from anyone under the age of 16 without verification of parental consent, we will take steps to delete that information from our servers promptly.
12. Your Rights under GDPR
12.1 Your Data Protection Rights
The applicable data protection law grants you comprehensive data subject rights vis-à-vis the person responsible for the processing of your personal data:
- Right to information (Art. 15 GDPR): You have the right to information about your personal data processed by us, processing purposes, categories of data, recipients, storage periods, and your other rights.
- Right to rectification (Art. 16 GDPR): You have the right to immediate rectification of incorrect data and/or completion of incomplete data.
- Right to deletion (Art. 17 GDPR): You have the right to request deletion of your personal data under certain conditions.
- Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing under certain circumstances.
- Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, machine-readable format.
- Right to revoke consent (Art. 7 Para. 3 GDPR): You can revoke your consent at any time with effect for the future.
- Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.
12.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS RESULTING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
12.3 How to Exercise Your Rights
To exercise any of the rights described above, please contact us at privacy@powerlibs.com. Include your name, email address associated with your account, and a description of your request to help us process it promptly.
- All requests can be exercised free of charge.
- We will respond to your request within one (1) month as required by GDPR. In exceptional cases involving complex or numerous requests, this period may be extended by a further two months, in which case we will inform you.
- We may need to request specific information from you to verify your identity before processing your request.
- You will not be discriminated against for exercising any of your rights.
13. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication
- Staff training on data protection
- Incident response procedures
14. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). Data transfers to these providers are protected by:
- Adequacy Decisions: Where the European Commission has determined adequate protection
- Standard Contractual Clauses: EU-approved contract terms ensuring data protection
- Certification Schemes: Such as Privacy Shield successors or similar frameworks
15. External Links
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices. We encourage you to review the privacy policy of every site you visit.
16. Changes to this Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. If the changes are significant, or if required by applicable law, we will notify you by posting the updated policy on our website and updating the "Last Updated" date. Where required by law, we will obtain your consent or give you the opportunity to opt out of any new uses of your personal information. Your continued use of our services after such changes constitutes acceptance of the updated policy.
17. Contact for Privacy Matters
If you have questions about this privacy policy or want to exercise your rights, please contact us:
Privacy Contact:
Email: privacy@powerlibs.com
Address: c/o Online-Impressum.de #4974, Europaring 90, 53757 Sankt Augustin, Germany
This privacy policy complies with the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG).
Last updated: March 5, 2026 | Version 2.0