GDPR Compliance
Privacy Policy
Last updated: March 6, 2026 · Applies to scoim.io
1. Controller
The controller responsible for data processing on this website is:
Marcell Dechant
Löttringhauser Str. 4, 44225 Dortmund, Germany
Email: marcell.dechant@proton.me
2. Data Protection Officer
No Data Protection Officer has been appointed. For a small SaaS operated by a private individual, appointment is typically not required under GDPR Art. 37. For privacy-related enquiries, contact: marcell.dechant@proton.me
3. What data we collect and why
3.1 Account & Authentication
When you log in via Discord OAuth, we receive and store: Discord user ID, display name, email address, and avatar URL.
Legal basis: GDPR Art. 6(1)(b) — performance of contract
Retention: Until account deletion or 2 years of inactivity
3.2 Organization Data
We store organization names, member lists (Discord user IDs + roles), inventory items, transaction records, cargo logs, and audit logs that you and your organization create.
Legal basis: GDPR Art. 6(1)(b) — performance of contract
Retention: Until the organization is deleted or 2 years after last activity
3.3 Payment Data (PRO subscribers)
We use Stripe for payment processing. We store: Stripe customer ID, subscription ID, subscription status, and billing period. We do NOT store full card numbers — these are handled entirely by Stripe.
Legal basis: GDPR Art. 6(1)(b) — performance of contract; Art. 6(1)(c) — legal obligation (invoicing)
Retention: 10 years (legal requirement for financial records)
3.4 Email Communications
We send transactional emails (welcome email, invoices) via Resend. We do NOT send marketing emails or newsletters without separate explicit consent.
Legal basis: GDPR Art. 6(1)(b) — performance of contract
Retention: Email logs held by Resend per their retention policy
3.5 Server Logs
Our hosting provider (Render.com) may log IP addresses and request metadata for security and stability purposes.
Legal basis: GDPR Art. 6(1)(f) — legitimate interest (security and stability)
Retention: Approx. 30 days — managed by Render.com
3.6 Cookies and Local Storage
We use only strictly necessary and functional cookies. No analytics, advertising, or tracking cookies are used. See our Cookie Information page for details.
4. Data Processors (Third Parties)
We share personal data with the following processors strictly as necessary to provide the service:
| Processor | Purpose | Location | DPA |
|---|---|---|---|
| Stripe Inc. | Payment processing | USA (SCC) | stripe.com/legal/dpa |
| Resend Inc. | Transactional email | USA (SCC) | resend.com/legal/dpa |
| Render.com | App hosting + MongoDB | USA (SCC) | render.com/privacy |
| Discord Inc. | Authentication (OAuth) | USA (SCC) | discord.com/privacy |
| Google LLC | Sheets sync (optional, admin opt-in) | USA (SCC) | workspace.google.com/intl/en/terms/dpa |
5. International Transfers
Several processors are based in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) pursuant to GDPR Art. 46(2)(c) and/or the EU–US Data Privacy Framework where applicable.
6. Your Rights (GDPR Chapter III)
You have the following rights regarding your personal data:
- ▸Art. 15 — Access: Request a copy of your personal data.
- ▸Art. 16 — Rectification: Correct inaccurate data we hold about you.
- ▸Art. 17 — Erasure: Delete your account and associated personal data.
- ▸Art. 18 — Restriction: Limit how we process your data in certain circumstances.
- ▸Art. 20 — Portability: Receive your data in machine-readable format.
- ▸Art. 21 — Object: Object to processing based on legitimate interest.
To exercise these rights: go to Settings → Data & Privacy, or email marcell.dechant@proton.me. We respond within 30 days.
7. Right to Lodge a Complaint
You may lodge a complaint with your national data protection authority. In Germany: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), www.ldi.nrw.de. If you reside in another EU country, contact your local supervisory authority.
8. Changes to This Policy
We will update the "Last updated" date at the top of this page when we make changes. For material changes, we will notify you via in-app dialog requiring your acknowledgement.