Legal

Privacy Policy

Information pursuant to Art. 13/14 GDPR on the processing of personal data by Just Growing GmbH (Syvera).

Last updated: April 2026·Version 1.0·Submit privacy request

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Just Growing GmbH (trading as "Syvera") Silcherstraße 46 71364 Winnenden Germany

Email: datenschutz@syvera.de Web: syvera.com

2. Principles of Data Processing

We process personal data only to the extent necessary to provide our services or where a legal basis exists. Legal bases for processing are, depending on context, Art. 6(1)(a) GDPR (consent), (b) (contract performance), (c) (legal obligation) or (f) GDPR (legitimate interest).

We store personal data only for as long as required for the respective processing purpose or as mandated by statutory retention periods.

3. Data Collection when Visiting our Website

When you visit our website, your browser automatically transmits information to our server. The following data is temporarily stored: IP address, date and time of access, URL accessed, referrer URL, browser and operating system used.

This data is technically necessary to display the website and is deleted after 30 days. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a secure and functional website).

4. Contact

When you contact us by email or via a contact form, we store your details to process your request and for any follow-up queries. Required fields are marked with an asterisk (*).

The processed data will be deleted as soon as the request has been conclusively answered and no retention obligations apply. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or (f) GDPR.

5. User Account & Services

To use the Syvera platform, registration of a user account is required. We process your name, email address, company and password. Processing is carried out for contract performance (Art. 6(1)(b) GDPR).

In connection with using our services, we also process usage data (log data, device information) to ensure operation, and content data that you enter into the platform. A separate Data Processing Agreement (DPA) applies to this data.

Registration data

Name, email address, company name, password (stored as bcrypt hash).

Usage data

Log data, IP addresses, device information, timestamps of actions within the platform.

Content data

All data you enter into the Syvera modules. We process this exclusively on your instructions (data processing).

Retention period

Account data is stored until the account is deleted; upon cancellation, data is deleted after 30 days.

6. Cookies & Similar Technologies

We use cookies to ensure the functionality of our website and to improve its use. Technically necessary cookies are set on the basis of Art. 6(1)(f) GDPR and cannot be disabled.

Session cookie

Session management, login status — deleted when browser is closed.

Preference cookie

Storing language settings — 1 year.

CSRF token

Protection against cross-site request forgery — session-bound.

Analytics cookies (opt-in)

Website usage statistics — 13 months (only with consent).

7. Third-party Services

We use the following third-party services, each with their own privacy policies. Where transfers to third countries occur, we rely on EU Standard Contractual Clauses (Art. 46 GDPR).

Hetzner Online GmbH

Web hosting & data centre — Germany / EU.

Cloudflare, Inc.

CDN, DDoS protection, DNS — USA (EU SCCs). Privacy: cloudflare.com/privacypolicy

Stripe, Inc.

Payment processing — USA (EU SCCs). Privacy: stripe.com/privacy

Postmark / ActiveCampaign

Transactional emails — USA (EU SCCs).

8. Data Transfers to Third Parties

Your personal data will only be shared with third parties where this is necessary for contract performance, you have given consent, we are legally required to do so, or a legitimate interest exists.

Our complete list of sub-processors is available at syvera.com/subprocessors. No data is transferred to third parties for advertising purposes.

9. Your Rights

As a data subject, you have the following rights against the controller:

  • Right of access (Art. 15 GDPR): You may request information about the data stored about you.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): Under certain conditions, you may request the deletion of your data.
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
  • Right to lodge a complaint with a supervisory authority: State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW), lfd.bwl.de

10. Data Security

We implement technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

All data transmissions are exclusively encrypted using TLS 1.3. All passwords are stored as bcrypt hashes.

11. Currency of this Policy

This privacy policy is dated April 2026. We reserve the right to update it as necessary. The current version is always available at syvera.com/privacy.

We will notify registered users of material changes by email.

Privacy requests

For requests to exercise your data subject rights or general privacy enquiries, please contact: Just Growing GmbH (Syvera) · Silcherstraße 46 · 71364 Winnenden

datenschutz@syvera.deGet in touch