Privacy Policy
Last updated: February 27, 2026
Introduction
Protecting your personal data is of particular importance to us. We process your data exclusively on the basis of legal provisions (GDPR, Austrian DSG, TKG 2003). This privacy policy informs you about the key aspects of data processing on our platform WebBase (webbase.dev).
Data Controller
Anton Alpha GmbH Maurer Lange Gasse 64/3 1230 Vienna, Austria Email: office@anton-alpha.com
Data We Collect
Account Data
During registration, we collect: email address, display name (optional), authentication provider (email/password or Google OAuth). This data is required to provide the service.
Payment Data
For paid subscriptions, we process payment data through our payment provider Stripe. We only store the Stripe Customer ID and Subscription ID. Credit card data is never stored on our servers — it is processed directly by Stripe in a PCI-DSS compliant manner.
Project Data
When you create projects, we store: project name, type, subdomain, files (in Git repositories), build logs, and deployment status. Environment variables are stored encrypted with AES-256-GCM.
API Keys
API keys are stored exclusively as SHA-256 hashes. The plaintext key is shown only once at creation and is never stored by us afterwards.
Log Data
We log actions in audit logs including: timestamp, user ID, action, IP address, and result. These logs serve security and traceability purposes and are automatically deleted after 90 days.
Legal Basis
- ▸Contract Performance (Art. 6(1)(b) GDPR): Processing to provide our service, including account creation, project management, and billing.
- ▸Consent (Art. 6(1)(a) GDPR): Google OAuth sign-in is based on your explicit consent.
- ▸Legitimate Interest (Art. 6(1)(f) GDPR): Audit logging and security measures to protect our platform and users.
Third Parties and Data Transfers
Google Firebase (Authentication & Firestore): Identity management and database. Processing based on EU Standard Contractual Clauses (SCCs). Privacy Policy: https://firebase.google.com/support/privacy
Stripe (Payment Processing): PCI-DSS certified payment processing. Data transfer to the USA based on EU SCCs. Privacy Policy: https://stripe.com/privacy
Gitea (Git Repositories): Self-hosted on our own infrastructure in the EU (Google Cloud, region europe-west3, Frankfurt). No data transfer to third parties.
Google Cloud Platform: Hosting infrastructure in the EU (europe-west3). Processing based on EU Standard Contractual Clauses.
Cookies and Tracking
We use only technically necessary cookies for Firebase authentication (session management). We do not use any analytics, tracking, or advertising cookies. There is no third-party tracking.
Data Security
We protect your data with: TLS encryption (HTTPS) for all connections, AES-256-GCM encryption for environment variables, SHA-256 hashing for API keys, comprehensive audit logging of all actions, and access control through Firebase Security Rules.
Your Rights
Under the GDPR, you have the following rights:
- ▸Access to your stored data (Art. 15 GDPR)
- ▸Rectification of inaccurate data (Art. 16 GDPR)
- ▸Erasure of your data (Art. 17 GDPR)
- ▸Restriction of processing (Art. 18 GDPR)
- ▸Data portability (Art. 20 GDPR)
- ▸Objection to processing (Art. 21 GDPR)
To exercise your rights, please contact office@anton-alpha.com.
Retention Periods
Account data is stored until account deletion. Audit logs are automatically deleted after 90 days. Payment data is subject to statutory retention periods (7 years). Project data is stored until deleted by the user.
Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (Datenschutzbehoerde)
Barichgasse 40-42, 1030 Vienna, Austria
https://www.dsb.gv.atChanges
We reserve the right to update this privacy policy to reflect changes in legal requirements or modifications to our service. The current version is always available on this page.