← Back to TrialBase

Privacy Policy

Last updated: April 10, 2026

1. Controller

TrialBase is operated by Christian Wiessner (see Impressum for full contact details). We are the controller for the processing of personal data described in this policy within the meaning of the EU General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: Email address, full name (optional), authentication provider (email/password or Google OAuth).
  • Payment data: Processed exclusively by Stripe. We store a Stripe customer ID and subscription status but never see or store credit card numbers.
  • Usage data: Q&A queries submitted to the AI assistant, search queries, pages visited (via cookie-free Plausible analytics).
  • Technical data: IP address (logged transiently by hosting providers), browser type, error reports (via Sentry).

3. Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR): Account creation, subscription management, and access to the wiki and Q&A features.
  • Legitimate interest (Art. 6(1)(f) GDPR): Error monitoring, security, and analytics to improve the service.
  • Consent (Art. 6(1)(a) GDPR): Where required (e.g. optional marketing emails, if applicable).

4. Sub-Processors

We use the following third-party services to operate TrialBase. Data transfers to the US are covered by EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

ServicePurposeLocation
Supabase (EU Frankfurt)Database, authentication, file storageEU (Frankfurt, DE)
StripePayment processing and subscription managementEU/US
Anthropic (Claude API)AI-powered Q&A and content compilationUS
OpenAIText embeddings for semantic searchUS
VercelWeb application hosting and CDNEU/US
HetznerPipeline server for content processingEU (Falkenstein, DE)
ResendTransactional emails (verification, password reset)US
SentryError monitoring and performance trackingEU/US
Plausible AnalyticsPrivacy-friendly website analytics (no cookies, no personal data)EU

5. Retention Periods

  • Account data: Retained until you delete your account. Upon deletion, personal data is removed within 30 days.
  • Invoices and payment records:10 years (German tax law, AO § 147).
  • Audit logs: 2 years for security auditing purposes.
  • Q&A conversation history: Retained while your account is active. Deleted with your account.
  • Error reports (Sentry): Automatically purged after 90 days.

6. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17):Request deletion of your data (“right to be forgotten”). Use the account deletion feature in Settings, or contact us directly.
  • Data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Restriction (Art. 18): Request restriction of processing.
  • Objection (Art. 21): Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@trialbase.app.

7. Cookies

TrialBase uses only essential cookies required for authentication (session tokens set by Supabase) and a cookie consent preference cookie. We do not use marketing or tracking cookies. Plausible Analytics operates without cookies and does not collect personal data.

8. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for TrialBase is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit (LfDI) of the relevant German federal state.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notice. The “Last updated” date at the top reflects the most recent revision.