Skip to content

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for this website is:

[Company Name]
[Street Address]
[Postal Code, City], Germany
Email: privacy@materialref.com

2. Data We Collect

We collect only the data necessary to provide the Service:

  • Account data — email address, display name (optional), company name (optional), provided during registration.
  • Subscription & payment data — subscription tier, Stripe customer ID. Payment details (credit card numbers) are processed exclusively by Stripe and never stored on our servers.
  • Usage data — daily lookup counts, saved materials, API usage statistics.
  • Technical data — IP address, browser type, operating system, pages visited, collected via server logs and analytics. No fingerprinting.

3. Purpose of Processing

  • Providing and maintaining the Service (Art. 6(1)(b) GDPR)
  • Processing payments and managing subscriptions (Art. 6(1)(b) GDPR)
  • Enforcing rate limits and preventing abuse (Art. 6(1)(f) GDPR)
  • Improving the Service through aggregated, anonymized usage analysis (Art. 6(1)(f) GDPR)
  • Sending transactional emails — magic links, subscription confirmations (Art. 6(1)(b) GDPR)
  • Newsletter, if you opted in (Art. 6(1)(a) GDPR — revocable at any time)

4. Legal Basis

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6(1)(b)) — to provide the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f)) — for fraud prevention, security, and service improvement.
  • Consent (Art. 6(1)(a)) — for optional communications such as the newsletter.

5. Third-Party Processors

We use the following third-party services to operate materialref.com. All have been selected for their GDPR compliance:

ServicePurposeData Location
SupabaseAuthentication, databaseEU (Frankfurt)
VercelHosting, edge functionsEU (Frankfurt)
StripePayment processingEU / US (SCCs)
PlausiblePrivacy-friendly analyticsEU

6. Cookies

materialref.com uses only technically necessary cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party marketing pixels.

  • sb-*-auth-token — Supabase authentication session (HttpOnly, Secure, SameSite=Lax)

Since we only use essential cookies, no cookie consent banner is required under ePrivacy Directive recital 25 / TTDSG §25(2).

7. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

  • Access (Art. 15) — request a copy of your personal data
  • Rectification (Art. 16) — correct inaccurate data
  • Erasure (Art. 17) — request deletion of your data
  • Restriction (Art. 18) — restrict processing
  • Portability (Art. 20) — receive your data in a machine-readable format
  • Objection (Art. 21) — object to processing based on legitimate interest
  • Withdraw consent (Art. 7(3)) — at any time, without affecting prior processing

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

8. Data Retention

We retain your personal data only as long as necessary for the purposes stated above, or as required by law. Upon account deletion, personal data is removed within 30 days. Anonymized, aggregated usage data may be retained indefinitely.

9. Contact

For any data protection inquiries, please contact us at:

privacy@materialref.com