Privacy Policy

Introduction

The following information is intended to give you, as the data subject, an overview of the processing of your personal data and your rights under data protection law. Visiting these web pages is generally possible without entering personal data. However, if you wish to use specific features of bun.ink, processing of personal data may be required, for example to register and assign a user interface.

The processing of personal data, such as your name or email address, is carried out in accordance with the General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations. This privacy policy informs you about the scope and purpose of the personal data collected, used and processed.

As the party responsible for processing your data, technical and organisational measures are implemented to ensure the most complete protection possible of the personal data processed. Nevertheless, security gaps can occur with internet-based data transmission and data management, so absolute protection cannot be guaranteed.

Definitions

Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or specific characteristics.

Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the party responsible for the processing.

Processing

Processing means any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, alignment, restriction, erasure or destruction.

Processors, recipients and third parties

Processors process personal data on behalf of the controller. Recipients are bodies to which personal data is disclosed. Third parties are natural or legal persons other than the data subject, the controller, the processor and the persons directly authorised to process the data.

Consent

Consent means any freely given, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

Legal bases

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which consent is obtained for a specific processing purpose.

Where the processing of personal data is necessary for the performance of a contract or to carry out pre-contractual measures, the processing is based on Art. 6(1)(b) GDPR. Insofar as a legal obligation exists, the processing is based on Art. 6(1)(c) GDPR. Processing operations to safeguard legitimate interests may be based on Art. 6(1)(f) GDPR, provided that the interests, fundamental rights and freedoms of the data subject do not override them.

Technology

SSL/TLS encryption

To ensure the security of data processing and to protect the transmission of confidential content, bun.ink uses SSL or TLS encryption. You can recognise an encrypted connection by, among other things, the prefix „https://“ in the browser address bar.

Data collection during your visit

When you use the website for information purposes only, we collect only the data that your browser transmits to the server. This may include in particular the browser type and version, operating system, referrer, the sub-pages accessed, the date and time of access, the IP address and the internet service provider of the accessing system.

This information is required to deliver content correctly, to optimise functions and services, to ensure the lasting functionality of the systems and to provide the information necessary in the event of a cyberattack. The legal basis is Art. 6(1)(1)(f) GDPR.

Sharing data with third parties

Your personal data will not be transferred to third parties for purposes other than those listed below. Data is only shared if you have expressly consented, if sharing is permitted to safeguard legitimate interests, if there is a legal obligation, or if sharing is necessary for the performance of contractual or user relationships.

Cookies

bun.ink may use cookies. These are small files that your browser creates automatically and that are stored on your device. Cookies do not harm your device and do not contain viruses, trojans or other malware.

Cookies may be used to make the use of the website and app more pleasant, for example by storing session information. The data processed by cookies is necessary for the stated purposes to safeguard legitimate interests pursuant to Art. 6(1)(1)(f) GDPR.

You can configure your browser so that no cookies are stored or so that a notice always appears before a new cookie is created. Disabling cookies entirely may mean that not all functions can be used.

Content and use of bun.ink

Registration as a user

You have the option of registering with bun.ink by providing personal data. The personal data transmitted is determined by the respective input form. This may include in particular your name and email address.

The personal data you enter is collected and stored for internal use and functional purposes relating to the respective service. In addition, user-specific data may be created to ensure the functionality of the website and app.

Registration may also store the IP address assigned by the internet service provider as well as the date and time of registration. This storage serves to prevent misuse of the services and, where necessary, to investigate any offences committed.

Customer account and contract processing

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed when you provide it for the performance of a contract or when opening a customer account. You can delete your customer account at any time, provided no statutory retention obligations preclude this.

Contacting us

When you contact bun.ink, for example by email, personal data is collected. This data is stored and used exclusively for the purpose of responding to your enquiry and for the associated technical administration.

Web analytics

Insofar as bun.ink uses web analytics services, this is done to optimise and tailor the website and app to meet demand. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Information on the specific services used will be updated in this privacy policy.

Service providers used

Hosting, authentication and database via Appwrite

bun.ink uses Appwrite Cloud as technical infrastructure for authentication, database functions and storage of projects, documents, snippets, settings and metadata created in the app.

According to the current project configuration, processing takes place through Appwrite Cloud in the Frankfurt, Germany region (EU/EEA). Appwrite processes personal data as a processor within the meaning of Art. 28 GDPR on the basis of a data processing agreement and only within the scope of the commissioned technical services.

GitHub connection and repository synchronisation

If you voluntarily connect your bun.ink account with GitHub, bun.ink processes the required OAuth data, GitHub identifier, repository and branch metadata and encrypted access tokens to provide the requested versioning and synchronisation of your texts.

Document content is transferred to GitHub only if you use a GitHub-linked project and trigger the respective synchronisation, save or repository action. After transfer, GitHub processes the data as an independent provider under its own privacy policies.

More information is available in the GitHub Privacy Statement.

Payment processing via Stripe

For paid subscriptions, checkout, invoice and portal features, bun.ink uses the payment service provider Stripe. Data processed may include in particular name, email address, billing address, payment information, transaction data and Stripe customer and subscription identifiers.

Processing is carried out for the performance of the contract on the basis of Art. 6(1)(b) GDPR. Stripe may also process personal data outside the EU or EEA; where this occurs, appropriate safeguards under Art. 46 GDPR are used, in particular EU Standard Contractual Clauses.

More information is available in the Stripe Privacy Policy.

Email delivery via Resend

bun.ink may use Resend for transactional emails and service-related notifications, such as account, security, billing or support messages. Data processed may include in particular email address, name, delivery information and email metadata.

Depending on the message, the legal basis is Art. 6(1)(b) GDPR for contract-related communication and Art. 6(1)(f) GDPR for the secure and reliable operation of the app. Resend is based in the United States; any third-country transfers are carried out on the basis of appropriate safeguards under Art. 46 GDPR.

More information is available in the Resend Privacy Policy.

Recipients and third-country transfers

Personal data is transferred only where this is necessary for operation, security, contract performance, payment processing, communication or an integration triggered by you. This includes in particular the following categories of recipients:

• Appwrite Cloud for hosting, authentication, database and technical app infrastructure
• Stripe for payment processing, subscriptions, invoices and billing portal
• GitHub for voluntary account connection, repository access and synchronisation of texts triggered by you
• Resend for transactional and service-related emails, where used

Where personal data is transferred to countries outside the EU or EEA, this only occurs where a legal basis and appropriate safeguards are in place, in particular EU Standard Contractual Clauses or explicit consent.

Your rights as a data subject

You have the right to confirmation as to whether personal data concerning you is being processed, as well as a right to information pursuant to Art. 15 GDPR.

You have the right to rectification of inaccurate personal data pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR.

You also have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you pursuant to Art. 21 GDPR. You can withdraw consent under data protection law at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority responsible for data protection regarding the processing of personal data.

Storage, deletion and currency

bun.ink processes and stores personal data only for the period necessary to achieve the storage purpose or where this is provided for by statutory regulations. If the storage purpose no longer applies or a prescribed storage period expires, personal data is routinely blocked or deleted in accordance with statutory regulations.

This privacy policy is currently valid and is as of June 2026. As the website and app are developed further, or due to changed statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed at any time at https://bun.ink/privacy.