Data protection and GDPR compliance
Last updated: 11/29/2025
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy informs you about which data we collect, how we use it and what rights you have.
The data controller as defined by the GDPR is:
Infinity Projects
[Your Full Legal Name/Company Name]
[Street Address]
[Postal Code, City]
Email: [Your Email Address]
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type and browser version, Operating system used, Referrer URL, Host name of the accessing computer, Time of the server request, IP address. This data is not merged with other data sources. The data is recorded on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.
If you contact us via the contact form or email, the data you provide will be stored by us for the purpose of processing your request and in case of follow-up questions. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested.
When you register for our services, we collect the data you provide during registration (email address, name if provided). This data is processed for the purpose of fulfilling the contract and providing our services (Art. 6 (1) lit. b GDPR). For authentication, we use third-party services such as Google OAuth. When you sign in with Google, we receive your email address and basic profile information from Google. Google's privacy policy applies to the processing of your data by Google.
When you purchase our services, we process payment data necessary for payment processing. We use PayPal for payment processing. Your payment data is processed directly by PayPal and we do not store complete payment information on our servers. The processing is based on Art. 6 (1) lit. b GDPR (contract performance) and Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient payment processing).
Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser. Some of the cookies we use are deleted after the end of the browser session (session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases. However, deactivating cookies may limit the functionality of our website.
We use the following third-party services: Google OAuth for authentication, PayPal for payment processing, Supabase for database and authentication services. Each service processes data according to its own privacy policy. We only integrate services that comply with GDPR requirements.
We store your personal data only as long as necessary for the purposes for which it was collected or as required by law. User account data is stored as long as your account exists. Transaction data is stored for 10 years in accordance with commercial and tax law retention requirements. Log files are deleted after 90 days.
Under the GDPR, you have the following rights: Right to information (Art. 15 GDPR), Right to rectification (Art. 16 GDPR), Right to erasure (Art. 17 GDPR), Right to restriction of processing (Art. 18 GDPR), Right to data portability (Art. 20 GDPR), Right to object (Art. 21 GDPR), Right to withdraw consent (Art. 7 (3) GDPR), Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. All data transmission is encrypted using SSL/TLS technology.
We reserve the right to amend this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.