Legal

Privacy Policy

Last updated: April 2026  ·  Effective: April 2026
Contents
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Legal basis for processing
  5. Data sharing and third parties
  6. Data retention
  7. Your rights under GDPR
  8. Cookies and tracking
  9. International transfers
  10. Contact and complaints

01 Who we are

Delvasta ("we", "us", "our") is an AI-powered platform for building forms, quizzes, surveys, and lead funnels. The service is operated by Thorsten Meyer, Blomberhstr. 11 C, 82393 Iffeldorf, Deutschland.

We are the data controller for personal data collected through Delvasta.com. For questions about this policy or your data, contact us at [email protected].

02 What data we collect

Data you provide directly

  • Email address and name when you sign up or join the waitlist
  • Account credentials (stored securely, passwords hashed)
  • Billing information processed via our payment provider
  • Any content you create within the platform (forms, quiz questions, responses)
  • Communications you send us via email or contact form

Data collected automatically

  • IP address and approximate location (country/region level)
  • Browser type, operating system, and device information
  • Pages visited, features used, and time spent (usage analytics)
  • Referring URLs and UTM parameters
  • Error logs and performance data

Data from respondents (your end users)

When you publish a Delvasta form, your respondents submit data directly into your account. You are the data controller for this data. We act as a data processor on your behalf and process it only according to your instructions and this policy.

03 How we use your data

  • To provide, operate, and improve the Delvasta platform
  • To send you your account confirmation and access link
  • To communicate product updates, early access notifications, and relevant announcements
  • To process payments and manage your subscription
  • To respond to your support requests and inquiries
  • To monitor platform security and prevent abuse
  • To comply with legal obligations under German and EU law

We do not sell your personal data. We do not use your data to train AI models. We do not share your data with advertisers.

04 Legal basis for processing (GDPR Art. 6)

  • Contract performance — processing necessary to deliver the service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, product improvement, and analytics
  • Consent — for marketing communications (you may withdraw at any time)
  • Legal obligation — where required by German law, EU law, or court order

05 Data sharing and third parties

We share data with third-party service providers only where necessary to operate the platform. All processors are bound by data processing agreements and comply with GDPR.

Sub-processors

Delvasta is currently in pre-launch. The definitive list of sub-processors will be published here prior to general availability. A current list is available on request at privacy@delvasta.com. All sub-processors will be bound by data processing agreements and required to comply with GDPR before any data is transferred to them.

We do not share your data with any third party for their own marketing or commercial purposes.

06 Data retention

  • Account data is retained for the duration of your account plus 30 days after deletion
  • Billing records are retained for 10 years as required by German tax law (§ 147 AO)
  • Form response data is retained per your account settings — you control deletion
  • Waitlist email addresses are deleted within 90 days of the platform launch if no account is created
  • Server logs are retained for up to 30 days

07 Your rights under GDPR

As a data subject under EU/EEA law, you have the following rights. Submit requests to [email protected]. We respond within 30 days.

Access (Art. 15)
Request a copy of the personal data we hold about you
Rectification (Art. 16)
Correct inaccurate or incomplete personal data
Erasure (Art. 17)
Request deletion of your data ("right to be forgotten")
Portability (Art. 20)
Receive your data in a structured, machine-readable format
Restriction (Art. 18)
Request that we limit how we process your data
Objection (Art. 21)
Object to processing based on legitimate interests

You also have the right to lodge a complaint with the supervisory authority. In Germany, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit in your federal state, or the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

08 Cookies and tracking

Delvasta uses minimal tracking. We do not use third-party advertising cookies or cross-site tracking.

What we use

  • Strictly necessary cookies — session authentication and security tokens. Required for the service to function. No consent needed.
  • Analytics — we use privacy-first analytics (no cookies, no fingerprinting, EU-hosted) to understand aggregate usage patterns
  • Preference cookies — to remember your UI preferences (theme, language) if applicable

You can control cookie preferences through your browser settings. Blocking strictly necessary cookies will prevent login.

09 International transfers

We prefer EU-hosted infrastructure wherever possible. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46 GDPR.

A list of current sub-processors and their data locations is available on request.

10 Contact and complaints

For privacy-related questions, data subject requests, or to withdraw consent:

Email: [email protected]

Postal: Thorsten Meyer, Blomberhstr. 11 C, 82393 Iffeldorf, Deutschland

We will acknowledge your request within 5 business days and respond in full within 30 days as required by GDPR Art. 12.