Skip to content

— Legal

Privacy.

Short, clear, GDPR-compliant. We store as little as possible — and we tell you exactly what we store and why.

Controller

The data controller under the GDPR and the Austrian Data Protection Act is Seelance, operating as a sole trader (Einzelunternehmen) registered in Austria. Full provider details are listed at seelance.at/imprint. For privacy enquiries: hello@seelance.at.

What we process and why

When you simply visit the site, we only process technical server logs (IP address, user agent, timestamp, requested resource). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operation and security). Retention: 14 days, then automatic deletion.

Waitlist and account requests

If you provide your email address (waitlist or account creation), we process it solely to notify you at launch or set up your access. Legal basis: Art. 6(1)(b) GDPR (contract performance) or (a) (consent) for the waitlist. Retention: until account activation or your withdrawal — then deletion within 30 days. No transfer to third parties for marketing purposes.

Banking connection (PSD2)

If you connect your bank via Enable Banking (a licensed PSD2 aggregator, EU region), we receive read-only access to account movements — no permission to initiate payments. We store transaction data encrypted in the EU; access tokens rotate every 90 days. You can revoke the connection at any time in account settings; after revocation, personal banking data is deleted within 30 days. Legal basis: Art. 6(1)(b) GDPR. Enable Banking is a separate controller under Art. 26 GDPR.

Processors

We use carefully selected processors. Each is bound by an Art. 28 GDPR processing agreement. Currently: Vercel Inc. (hosting, EU region), Supabase (database, EU region), Enable Banking Oy (PSD2 banking aggregation, EU region), Anthropic PBC (product chat, agent responses and receipt OCR via Claude Vision, USA — Standard Contractual Clauses under Art. 46(2)(c) GDPR plus a Data Processing Addendum), Groq Inc. (landing-page chat widget, USA — SCCs and DPA), PostHog (product analytics, EU region — only after consent), Resend Inc. (transactional email, USA — EU processing region with SCCs under GDPR Chapter V). A complete list with status and purposes is available on request at hello@seelance.at.

Cookies and local storage

We do not use tracking cookies. Only technically necessary mechanisms are set: a single Local Storage entry in your browser (seelance:consent) records your choice regarding anonymous usage analytics. We do not load any analytics or advertising scripts unless you have explicitly consented. You can reset your choice at any time by clearing the named entry in your browser settings.

Anonymous usage analytics (only with consent)

If you consent in the cookie banner, we then load pseudonymous usage analytics that help us understand which pages are useful. We measure page views and coarse device information — no mouse movements, no form inputs, no session content. Legal basis: Art. 6(1)(a) GDPR. You can withdraw consent at any time via the cookie reset or by email — withdrawal is as easy as giving consent.

International transfers

Where data is transferred to recipients outside the EEA — in particular Anthropic, Groq and Resend in the USA — this is based on the European Commission's Standard Contractual Clauses plus technical and organisational supplementary measures (encryption, data minimisation, purpose limitation). Resend processes email in an EU region, but the contracting party is based in Delaware/USA — therefore SCCs apply here as well.

Your rights

You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). We respond to enquiries at hello@seelance.at within the legal timeframe of one month. You may also lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at).

Data security

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Backups run encrypted in EU data centres. We report data breaches to the supervisory authority within 72 hours under Art. 33 GDPR and notify affected users without delay.

Changes

We announce material changes to this notice at least 30 days in advance by email to users with active accounts. The current version date is shown at the bottom of this page.

Contact

We respond to privacy questions at hello@seelance.at — typically within 48 hours.

Last updated: April 2026. Changes are announced on this page.