⚠️ Limited time: 14 days of Bnder Pro for free! 🚀

Privacy Policy

Last updated: 03 September 2025

General

We hereby inform you, in accordance with the legal requirements of data protection law (in particular pursuant to the new BDSG and the European General Data Protection Regulation “GDPR”), about the type, scope, and purpose of processing personal data through our services. This privacy policy applies to our websites, services (the Discord bots "Task Manager#4550", "Knowledge Manager#8167" or "Calendar Manager#5911"), and social media profiles. For the definition of terms such as "personal data" or "processing," please refer to Art. 4 GDPR.

Name and Contact Details of the Controller

Our Controller (hereinafter "Controller") within the meaning of Art. 4 No. 7 GDPR is:

Bnder UG (haftungsbeschränkt)
Im Flath 12
38542 Leiferde
Germany
Phone: +49 511 45032009
E-Mail: contact@bnder.net
Website: https://www.bnder.net
Register Court: Local Court of Hildesheim
Register Number: HRB 209373
Managing Director Authorized to Represent: Jan Brinkmann

Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal requirements or in case of changes to our services. We will inform you about significant changes on our website. The current version is always available on our website.

Types of Data, Purposes of Processing, and Categories of Data Subjects

Below we inform you about the type, scope, and purpose of the collection, processing, and use of personal data.

Types of Data We Process

  1. IT usage data (IP address, device information, access times, visited websites, etc.)
  2. Your Discord ID (an identification number that is unique across the entire Discord platform but cannot be traced back to you personally by us)
  3. Data you provide through our services (individual task texts, names of "Projects," server settings, and other data you submit through interaction with our services)
  4. Payment data (e.g., credit card numbers, bank details, transaction data)
  5. Search queries and interactions with the search function (when using Algolia)

Purposes of Processing Pursuant to Art. 13 (1) (c) GDPR

  1. To technically and economically optimize our services, provide easy access, optimize and statistically evaluate our services, support commercial use, improve user experience, and create statistics
  2. Your Discord ID is required to link your data to your Discord account. We do not collect any personal data here. All data is only associated with your account ID.
  3. To enable you to optimally use our services and customize them to your needs
  4. To carry out payments and process contracts (e.g., via Stripe)
  5. To improve the search function and user experience through the integration of Algolia

Categories of Data Subjects Pursuant to Art. 13 (1) (e) GDPR

  • Visitors/users of the website
  • Discord users who share a Discord server with one of our services
  • Customers who use payment services via Stripe
  • Users of the search function on our website

The data subjects are collectively referred to as "Users."

Use of Algolia

We use Algolia to provide a fast and relevant search function on our website. The following data is processed:

  • Search queries
  • Interactions with the search function
  • Usage data (e.g., IP address, device type, access times)

Algolia processes this data as a processor on our behalf and stores it on servers within the EU. For more information, see Algolia’s privacy policy at https://www.algolia.com/policies/privacy.

Use of Posthog for Usage Statistics

We use Posthog, an analytics service, to generate anonymized usage statistics. Processing is carried out solely to improve our services technically, increase user-friendliness, and ensure system stability. No use for advertising purposes takes place.

Data Processed:

  • Page views, click paths, and interactions within our services
  • Device information (e.g., browser type, operating system, screen size)
  • Timestamps and technical performance data

Data Security:

  • User IDs are pseudonymized before processing.
  • Identifiable parameters from URLs (e.g., IDs in paths or query parameters) are masked to prevent conclusions about specific individuals.
  • No personal profiles are created.

Processing is based on Art. 6 (1) (f) GDPR, on our legitimate interest in analyzing and optimizing our services.

Storage & Transfer:

Data is processed on Posthog servers within the EU. If processing occurs outside the EU, appropriate safeguards (e.g., standard contractual clauses under Art. 46 GDPR) are applied. More information: https://posthog.com/privacy

Use of Mailgun for Email Delivery

We use Mailgun, provided by Mailgun Technologies, Inc., 112 E Pecan St. #1135, San Antonio, TX 78205, USA, to send emails to our users (e.g., system notifications, transactional emails, confirmations, technical information).

Processed Data:

  • Recipient’s email address
  • Content of the emails sent
  • Metadata of email communication (e.g., sending time, delivery status, email server IP address)
  • Technical data (e.g., user agent of the email client, if applicable open rates via tracking pixels)

Legal Basis: Processing is carried out pursuant to Art. 6 (1) (f) GDPR, based on our legitimate interest in reliable, secure, and scalable email delivery. If communication relates to a contractual relationship, the legal basis is Art. 6 (1) (b) GDPR.

Data Processing & Third-Country Transfer: We have a data processing agreement with Mailgun. Mailgun may transfer data to the USA or other third countries. EU Standard Contractual Clauses are used to ensure adequate data protection under Art. 46 GDPR.

More information: https://www.mailgun.com/privacy-policy/

Data Processing by Our Discord Bots

Our Discord bots process data to provide you with the full functionality of our services. All transmitted data is stored on secure servers in the EU. Processing is automated and exclusively serves the provision of bot functions. You can request deletion of your data at any time by removing the bot from your server and sending us a request to our contact address.

We also use external service providers such as Cloudflare (for secure access), Google Cloud (for hosting and data processing), and Algolia (for search functionality).

Payment Processing via Stripe

We use Stripe as a payment service provider to process payments for our paid services. The payment information you provide (e.g., credit card numbers, bank details) is transmitted directly to Stripe and processed by them. We do not store any payment data ourselves.

Processing by Stripe is carried out in accordance with applicable data protection regulations and solely for payment processing purposes. Stripe may transfer your data to the USA. To ensure adequate protection, Stripe uses EU Standard Contractual Clauses and other approved measures.

More information: https://stripe.com/de/privacy.

  • Where we obtain your consent, Art. 6 (1) (a) GDPR is the legal basis.
  • If processing is necessary for the performance of a contract or pre-contractual measures, Art. 6 (1) (b) GDPR is the legal basis.
  • If processing is required to comply with a legal obligation (e.g., retention obligations), Art. 6 (1) (c) GDPR applies.
  • If processing is necessary to protect vital interests, Art. 6 (1) (d) GDPR applies.
  • If processing is necessary for legitimate interests, and your interests or rights do not override them, Art. 6 (1) (f) GDPR applies.

Disclosure of Personal Data to Third Parties and Processors

We only disclose personal data to third parties if necessary for contractual obligations, if we are legally obliged, or if a legitimate interest exists.

We use the following processors:

  • Google Cloud Platform: For hosting, storage, and processing of data within the EU.
  • Cloudflare: To secure our website and services (e.g., against DDoS attacks).
  • Stripe: For payment processing, with possible transfer outside the EU (e.g., to the USA).
  • Mailgun Technologies, Inc.: For sending emails, with possible third-country transfers (e.g., USA) secured by Standard Contractual Clauses.

Data Transfer to Third Countries

In principle, personal data is processed within the EU. However, due to the use of Google Cloud, Cloudflare, and Stripe, data may be transferred to third countries (outside the EU). In such cases, we ensure compliance with Art. 44 ff. GDPR, particularly through Standard Contractual Clauses and other safeguards.

Deletion of Data and Storage Period

Unless otherwise stated, your personal data will be deleted or blocked as soon as the purpose of storage ceases, unless further retention is required for evidence or due to legal obligations (e.g., commercial retention: 6 years, tax retention: 10 years).

Specifically: Your data will be deleted when you no longer use our services. For Discord bots, this means the bot is no longer on your server. If no interaction occurs for 30 days after removal, deletion is automatically triggered. Immediate deletion is possible upon request. All submitted data (tasks, project data, server settings) will then be irreversibly deleted.

Rights of Data Subjects

You have the following rights:

  • Right of Access (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR)
  • Right to Erasure (Art. 17 GDPR) or alternatively restriction of processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Lodge a Complaint (Art. 77 GDPR) with a supervisory authority

Right to Object

Users may object to the processing of their personal data at any time, particularly for direct marketing purposes.

Contact for Data Protection Inquiries

Email: contact@bnder.net Address: Im Flath 12, 38542 Leiferde, Germany