An'gard

1. Controller

Project An’gard
c/o Agnes Fojan
Fabriksteig 10
9500 Villach
Austria

Email: info@an-gard.com
Web: www.an-gard.com

Since no legal entity currently exists, Max Mustermann is responsible as a natural person within the meaning of the GDPR.

2. General information

We process personal data solely on the basis of the applicable legal provisions (GDPR, TKG 2021). This policy informs you about the type, scope and purposes of processing as well as your rights.

3. Data collection on this website

a) Access data / server log files

When you access the website, the following data, among others, are processed: IP address, date/time, pages/files accessed, referrer URL, browser and operating system. The processing serves technical provision, stability and security.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

b) User accounts (registration and email verification)

After registering an account, we send a verification email (double opt-in). Your account is activated only after confirmation.

Data processed

Email address (required)
Username (required)
First and last name (optional, for personal salutation)
Date/time of registration and verification

Note on data minimization (Art. 5(1)(c) GDPR): For an account, email and username are generally sufficient. First and last name are optional and can be changed or removed at any time.

Legal bases: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (security and abuse prevention).

c) Security and abuse prevention (CSRF and rate limiting)

We use essential security measures such as CSRF protection and rate limiting to safeguard the service and prevent misuse.

For CSRF protection, an essential cookie (XSRF-TOKEN) is set; it does not track and is required for secure form submissions.

For rate limiting, we temporarily process your IP address and/or user ID to limit requests. This data is stored server-side in memory/cache and automatically expires after the configured window (e.g., seconds/minutes).

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

d) Transactional emails (password reset and verification)

For necessary account-related messages (e.g., password reset and verification), we send transactional emails. Processing is limited to delivering these messages; content is not used for other purposes.

Legal bases: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (security and abuse prevention).

4. Contact form and email

If you contact us, we process your details (name, email address, message) to handle your request and for follow-up questions. Your data will not be shared with third parties.

Legal bases: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in communication).

5. Newsletter and community (Brevo, double opt-in)

a) Registration and double opt-in

For dispatch and management we use the European service Brevo (formerly Sendinblue), Sendinblue SAS, 106 Boulevard Haussmann, 75008 Paris, France. After registering, you will receive a confirmation email (double opt-in). Your address is only activated after confirmation.

b) Data processed

Email address (required)
First and last name (optional, for personal salutation)
Date/time of registration and confirmation
IP address (proof of consent)
optional: interests, community/role details

Note on data minimization (Art. 5(1)(c) GDPR): For a newsletter, the email address is generally sufficient. First and last name are collected only if required for personalized content. You can change or remove this information at any time.

c) Processing by Brevo

Processing takes place on servers within the EU. We have concluded a data processing agreement (Art. 28 GDPR) with Brevo. Details: brevo.com/de/legal/privacypolicy/.

d) Withdrawal

You can withdraw your consent at any time—via the unsubscribe link in every email or by contacting info@an-gard.com. After unsubscribing, data for the newsletter will be deleted unless statutory retention obligations prevent this.

Legal basis: Art. 6(1)(a) GDPR (consent).

6. Test-user management

If you register as a test user, we process contact and organizational data (e.g., first and last name, email address) as well as feedback on app/prototype usage. Processing serves the planning of tests, communication, and product improvement.

Legal bases: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in development and quality assurance). Where tests are contractually agreed, Art. 6(1)(b) GDPR (contract/contract initiation) also applies.

7. Cookies and analytics

We currently do not use analytics tools (e.g., Google Analytics, Matomo) and do not use non-essential cookies. Should this change, we will inform you in advance and—where required—obtain your consent.

Essential cookies in use

laravel_session — maintains your login session (essential)
XSRF-TOKEN — protects against cross-site request forgery (essential)
locale — remembers your language preference (essential)

These cookies are necessary for the website to function and do not require consent.

8. Storage duration and deletion

We store personal data only as long as necessary for the respective purpose or as long as legal obligations exist. Data from newsletter and test-user registrations will be deleted after withdrawal, objection, or project end.

You can delete your user account at any time in the profile area. Deletion takes place without undue delay unless statutory retention obligations prevent this.

9. Your rights

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Withdrawal of consent given (Art. 7(3) GDPR)

10. Changes to this policy

We will adjust this policy when new functions are added (e.g., app launch) or legal situations change. The current version is always available on this page.

11. Contact and supervisory authority

If you have questions about data protection, please contact info@an-gard.com.

Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
Web: www.dsb.gv.at

Privacy Policy