bytemagic

Privacy Policy

Last updated: 31 May 2026

We appreciate your interest in bytemagic. This Privacy Policy explains which personal data is processed when you visit and use our website bytemagic.io.

1. Controller

The controller responsible for data processing on this website is:

Robin Stenger
trading as bytemagic
Mombacher Weg 11
65936 Frankfurt am Main
Germany

Email: hello@bytemagic.io
Phone: +49 6190 9755969

2. General Information on Data Processing

We process personal data only to the extent necessary to provide this website, handle inquiries, send our newsletter, ensure technical security, measure reach, or comply with legal obligations.

Processing is carried out in particular on the following legal bases:

  • Article 6(1)(a) GDPR, where consent has been given;
  • Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract or for pre-contractual measures;
  • Article 6(1)(c) GDPR, where processing is necessary to comply with legal obligations;
  • Article 6(1)(f) GDPR, where processing is necessary to protect legitimate interests.

3. Hosting and Website Provision via Lovable

Our website is created with Lovable and hosted via Lovable Cloud.

Provider:

Lovable Labs Incorporated
1111b South Governors Avenue
Dover, DE 19904
United States

According to our configuration, the Lovable Cloud region used for this website is the EU region.

When you access our website, Lovable may process technical data necessary for providing, securing and maintaining the stability of the website. This may include in particular:

  • IP address;
  • date and time of access;
  • pages accessed;
  • referrer information;
  • browser type and version;
  • operating system;
  • device type;
  • technical error and log data.

Processing is carried out to provide the website, ensure technical security, analyze errors and prevent misuse.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and efficient provision of our website.

Where Lovable processes personal data on our behalf, this is done on the basis of a data processing agreement pursuant to Article 28 GDPR. Lovable may use subprocessors. Although the EU region has been selected, there may still be a third-country connection because Lovable is based in the United States. According to Lovable, suitable data protection mechanisms are provided for this purpose.

4. Lovable Analytics

We currently use analytics features provided through the Lovable dashboard.

According to the information available to us, the dashboard shows aggregated analytics, in particular:

  • source of the visit, such as direct access or search engine;
  • pages accessed;
  • country of access;
  • device type;
  • aggregated analytics for a period of up to 90 days.

To our knowledge, we cannot view individual user profiles or individual user datasets.

As it has not yet been conclusively clarified whether Lovable Analytics uses cookies, local storage, fingerprinting or comparable technologies, Lovable Analytics is only used after consent via our consent banner where technically required.

The legal basis for analytics technologies requiring consent is Article 6(1)(a) GDPR in conjunction with Section 25 TDDDG. Consent can be withdrawn at any time with effect for the future.

5. Cookies and Similar Technologies

Our website may use technically necessary cookies or similar technologies required for the operation of the website. These may include technologies necessary for security, consent management or technical website provision.

Technically necessary technologies are used on the basis of Section 25(2) TDDDG and Article 6(1)(f) GDPR.

For non-essential technologies, in particular analytics and tracking, we obtain prior consent via a consent banner. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25 TDDDG.

Consent can be withdrawn or changed at any time with effect for the future.

6. Contact via Contact Form

If you contact us via the contact form, we process the data you enter.

The contact form contains the following fields:

  • name;
  • email address;
  • company;
  • inquiry type;
  • message.

We use this data to process your inquiry, communicate with you and, where applicable, carry out pre-contractual measures or contract-related communication.

The legal basis is Article 6(1)(b) GDPR where the inquiry relates to a contract or pre-contractual measures. In other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in processing and responding to inquiries.

The content submitted via the contact form may be stored in our ticket system.

7. Contact via Email

If you contact us by email, we process your email address, the content of your message and any other personal data you provide.

Our email server is operated on a cloud server provided by Hetzner.

Provider:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Processing is carried out to handle your inquiry and communicate with you.

The legal basis is Article 6(1)(b) GDPR where the inquiry relates to a contract or pre-contractual measures. In other cases, the legal basis is Article 6(1)(f) GDPR.

8. YouTrack Ticket System

We use YouTrack as a ticket system to process and manage customer inquiries, support cases and other communications.

The ticket system is operated by us on our own hardware on-premises. No external cloud provider processes ticket data on our behalf for this ticket system.

In the ticket system, we process in particular the following data:

  • email address;
  • content of the inquiry or ticket;
  • any other personal data that you voluntarily provide in your message.

Processing is carried out to handle inquiries, document support processes and ensure traceable communication with customers and interested parties.

The legal basis is Article 6(1)(b) GDPR where processing is necessary for pre-contractual measures or contract performance. Otherwise, processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in the structured processing, documentation and tracking of inquiries.

Tickets are generally stored for approximately two years and then cleaned up, unless statutory retention obligations or other legitimate reasons require longer storage.

9. Contact by Phone

If you contact us by phone, we process the information you provide during the call to the extent necessary to handle your request.

Phone calls are not recorded.

The legal basis is Article 6(1)(b) GDPR where the call relates to a contract or pre-contractual measures. In other cases, the legal basis is Article 6(1)(f) GDPR.

10. Newsletter

You can subscribe to our newsletter on our website.

We use a double opt-in procedure for newsletter subscriptions. After subscribing, you will receive an email asking you to confirm your subscription. You will only be added to the newsletter distribution list after this confirmation.

For the newsletter, we generally store your email address. In addition, technical proof of consent may be stored, in particular the time of subscription, the time of confirmation and the consent text used.

The newsletter is sent via our own mail server, which is operated on a cloud server provided by Hetzner.

The legal basis for sending the newsletter is your consent pursuant to Article 6(1)(a) GDPR.

You may unsubscribe at any time via the unsubscribe link included in each newsletter. After unsubscribing, your email address may be stored in a suppression list to ensure that you no longer receive newsletters and to document the previous consent or unsubscribe request.

11. Newsletter Tracking with Matomo

We intend to statistically evaluate the use of our newsletter using a self-hosted Matomo instance.

In particular, newsletter opens and clicks on links in the newsletter may be recorded. Technically, this may be done using tracking pixels or specially marked links.

We only use newsletter tracking where valid consent has been given. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25 TDDDG, where information is stored on or accessed from the end device or comparable technologies are used.

Where possible, the analysis is carried out in aggregated form and without creating personal recipient profiles. We use the analysis to improve the relevance and quality of our newsletter.

You can withdraw your consent at any time with effect for the future.

12. Website Analytics with Matomo

We may use a self-hosted Matomo instance to analyze the use of our website.

Matomo is open-source software for statistically evaluating website visits. In particular, the following data may be processed:

  • pages accessed;
  • time of access;
  • referrer;
  • browser used;
  • operating system used;
  • device type;
  • approximate location;
  • IP address in shortened or anonymized form;
  • interactions with the website.

We operate Matomo ourselves and do not transfer the data to Matomo Cloud or other external analytics providers.

Matomo is configured in a privacy-friendly manner. This includes, in particular, IP anonymization, the shortest feasible retention periods for raw data and no personal user profiles where technically possible.

Where Matomo uses cookies, local storage, fingerprinting or comparable technologies, or where non-essential analytics processing is carried out, Matomo is only used after consent via our consent banner.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25 TDDDG. Consent can be withdrawn at any time with effect for the future.

13. No External Media or Social Media Plugins

Our website currently does not embed external media or widgets such as YouTube videos, Google Maps, external social media feeds or comparable third-party content.

We also do not use social media plugins.

If external media, widgets or social media plugins are added in the future, this Privacy Policy will be updated accordingly.

14. No Direct Booking or Ordering via the Website

It is currently not possible to directly book or order products or services through the website.

If booking, ordering, payment or customer account features are introduced in the future, this Privacy Policy will be updated accordingly.

15. Retention Period

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

The following principles apply in particular:

  • contact inquiries and support tickets are generally stored for approximately two years and then cleaned up;
  • newsletter data is stored until you unsubscribe. After unsubscribing, limited storage may continue for documentation purposes and to prevent future newsletter delivery;
  • technical log data is stored only for as long as necessary for security, error analysis and operation;
  • analytics data is, where possible, evaluated only in aggregated form and for a limited period.

16. Recipients of Personal Data

Personal data may be transferred to technical service providers where this is necessary for operation, hosting, email delivery, security or maintenance.

This includes in particular:

  • Lovable Labs Incorporated for hosting, website provision and Lovable Analytics;
  • Hetzner Online GmbH for server infrastructure and email operation;
  • where applicable, technical service providers supporting us in operating our systems.

Data is only transferred to third parties where there is a legal basis, consent has been given, or we are legally obliged to do so.

17. Third-Country Transfers

Some service providers may be based outside the European Union or the European Economic Area or may process data in third countries.

This applies in particular to Lovable Labs Incorporated, which is based in the United States.

Where personal data is transferred to third countries, this is done only on the basis of appropriate safeguards, such as an adequacy decision by the European Commission, standard contractual clauses or other legally provided mechanisms.

18. Obligation to Provide Personal Data

Providing personal data is generally voluntary.

However, certain data is required for specific functions. For example, without an email address, we cannot respond to inquiries or send the newsletter.

19. Automated Decision-Making

Automated decision-making, including profiling within the meaning of Article 22 GDPR, does not take place.

20. Your Rights

Subject to the statutory requirements, you have the following rights:

  • right of access to personal data processed;
  • right to rectification of inaccurate data;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object to certain processing operations;
  • right to withdraw consent with effect for the future;
  • right to lodge a complaint with a data protection supervisory authority.

To exercise your rights, you can contact us at any time:

hello@bytemagic.io

21. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority.

The supervisory authority generally responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Wilhelmstraße 7
65185 Wiesbaden
Germany

Email: poststelle@datenschutz.hessen.de

22. Right to Object under Article 21 GDPR

Where we process personal data on the basis of Article 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to such processing.

If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defense of legal claims.

23. Withdrawal of Consent

You may withdraw any consent you have given at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

24. Changes to this Privacy Policy

We may update this Privacy Policy if the legal situation, our website or the services we use change.

In particular, this Privacy Policy will be updated if booking functions, customer accounts, payment providers, a blog, external media, additional analytics tools or other third-party providers are introduced.