Privacy Policy

1. Data Controller

mamarx GmbH

Chodowieckistr. 15, 10405 Berlin, Germany

Email: privacy@sota.io

Managing Director: Malte Marx

2. Overview of Data Processing

We only process personal data to the extent necessary to provide the sota.io platform. We do not process data for advertising purposes or profiling.

3. Hosting

The platform is hosted on servers of Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Hetzner processes data exclusively within the EU (location: Falkenstein, Germany).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable hosting).

4. Server Log Files

Each time you access our website, the following data is automatically collected:

  • IP address (anonymized)
  • Date and time of the request
  • Page/URL accessed
  • HTTP status code
  • Browser type and version
  • Operating system

This data is collected to ensure reliable operation and is deleted after 7 days.

Legal basis: Art. 6(1)(f) GDPR.

5. User Accounts and Authentication

A user account is required to use the platform. Authentication is handled through Supabase (Supabase Inc., region: EU/Frankfurt).

Data processed:

  • Email address
  • Email verification codes (temporary, not stored)
  • Time of registration and last login

Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Beta Waitlist

You can sign up for our beta waitlist on our website. Only your email address is collected and stored in our database (Supabase, EU region Frankfurt).

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time.

7. Cookies

We only use technically necessary cookies for authentication (session cookies). No tracking or analytics cookies are used.

Legal basis: Art. 6(1)(f) GDPR.

8. No Analytics Tools

We do not use any analytics or tracking tools (such as Google Analytics). No tracking of your browsing behavior takes place.

9. Data Sharing with Third Parties

Personal data is not shared with third parties, except:

  • With our hosting provider (Hetzner) for hosting purposes
  • With Supabase for authentication and data storage (EU region)

No data is transferred to countries outside the EU.

10. Your Rights

You have the following rights:

  • Access (Art. 15 GDPR): Right to information about your stored data
  • Rectification (Art. 16 GDPR): Right to correct inaccurate data
  • Erasure (Art. 17 GDPR): Right to deletion of your data
  • Restriction (Art. 18 GDPR): Right to restrict processing
  • Data Portability (Art. 20 GDPR): Right to receive your data in a machine-readable format
  • Objection (Art. 21 GDPR): Right to object to processing
  • Withdrawal (Art. 7(3) GDPR): Right to withdraw given consent

To exercise your rights, contact: privacy@sota.io

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61, 10555 Berlin, Germany

12. Last Updated

As of: February 2026