Privacy Policy
Last updated: 2026-04-14
1. Controller
Leon Becker
Postal address:
Agnes Sellz. Hd. Leon Becker
Ramminger Straße 17
86842 Türkheim
Germany
Email: hello@stelae.eu
2. What we collect
We collect the minimum data required to provide the service:
- Account data: email address, hashed password
- Site data: WordPress content you create, site configuration, subdomain
- Usage data: container uptime, bandwidth consumption (for enforcing limits)
- Server logs: IP address, request timestamps, HTTP method and path (retained 30 days)
- Payment data: processed by Mollie (our payment provider); we store only a transaction reference, not your bank/card details
3. Legal basis
- Contract performance (Art. 6(1)(b) GDPR): account data, site data, usage data — necessary to provide the service you signed up for
- Legitimate interest (Art. 6(1)(f) GDPR): server logs — necessary for security, abuse prevention, and debugging
4. Cookies
We use a single session cookie on your WordPress editor subdomain to keep you signed in while editing. This cookie is strictly necessary for authentication, is scoped to your editor subdomain only, and does not require consent under ePrivacy regulations. It expires after 24 hours or when the server restarts.
The Stelae dashboard uses an authentication cookie to keep you signed in. This cookie is strictly necessary, HttpOnly (not accessible to JavaScript), and expires after 14 days or when you sign out.
We do not use any tracking cookies, analytics cookies, third-party cookies, or browser local storage.
5. Third-party processors
- IONOS SE (Montabaur, DE): VPS gateway (TLS termination, traffic routing) — their privacy policy
- Scaleway (Iliad Group) (Paris, FR): transactional email delivery (account verification, password reset) via Scaleway TEM — their privacy policy
- Mollie B.V. (Amsterdam, NL): payment processing — their privacy policy
All processors handling personal data on our behalf are located in the EU. No personal data is transferred outside the European Economic Area.
Your hosting provider: if you deploy your static site to a third-party host (Cloudflare, statichost.eu, GitHub, etc.), that is a direct relationship between you and that provider. Stelae pushes files using credentials you provide but does not control how your host processes data.
6. Data retention
- Account and site data: retained while your account is active, deleted within 30 days of account deletion
- Server logs: retained for 30 days
- Billing records: retained for 10 years as required by German tax law (§ 147 AO)
7. Your rights
Under the GDPR you have the right to:
- Access your data (Art. 15) — use the data export feature in your account settings
- Rectification (Art. 16) — contact us to correct inaccurate data
- Erasure (Art. 17) — delete your account from the account settings page
- Data portability (Art. 20) — use the data export feature; WordPress content can be exported from the WordPress editor
- Restriction (Art. 18) and objection (Art. 21) — contact us
- Lodge a complaint with a supervisory authority
8. Security
Your WordPress editor is protected by a login page with session-based authentication and runs in an isolated container with resource limits. Passwords are hashed. All connections use TLS encryption. We do not store payment card or bank account details.
9. Contact
For privacy-related questions: support@stelae.eu