Imprint & Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:

Bitbond GmbH
Torstraße 105–107
10119 Berlin, Germany
Email: [email protected]

For data protection enquiries please use the same email address.

2. General information on data processing

We only process personal data of our users to the extent necessary to provide a functioning website and our content and services. Processing only takes place on a legal basis, in particular Art. 6 (1) lit. a (consent), lit. b (contract performance and pre-contractual measures), lit. c (legal obligation) or lit. f (legitimate interests) GDPR.

3. Server log files

When you visit the website, our hosting and content delivery providers automatically collect and store information in so-called server log files, which your browser transmits to us. These are:

• IP address (truncated where technically possible)
• Date and time of the request
• Requested URL and HTTP status code
• Referrer URL
• Browser type, version and operating system
• Volume of data transferred

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest is the secure and stable operation of our website and the detection and prevention of attacks. Log data is stored separately from any other personal data and deleted or anonymised after no more than 30 days unless required for the investigation of a security incident.

4. Contact form

You can contact us via the form on /contact-us. The data you submit (name, business email, company website, area of interest, message) is processed for the purpose of handling your enquiry. The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures) where your enquiry concerns a possible engagement, otherwise Art. 6 (1) lit. f GDPR (legitimate interest in answering enquiries addressed to us).

For routing and follow-up we forward the content of your enquiry to an internal channel hosted by Slack Technologies LLC (United States) and store the lead record in our customer relationship and email systems described below. Your enquiry data is retained for as long as necessary to process it and then for up to 24 months for follow-up, unless you ask us to delete it earlier.

5. Newsletter and marketing emails

If you subscribe to our newsletter (via the footer signup form or by ticking the corresponding box on the contact form) we process your email address and, where provided, your name in order to send you our newsletter. The legal basis is your consent under Art. 6 (1) lit. a GDPR in conjunction with § 7 (2) Nr. 3 UWG.

We use a double opt-in procedure: after submitting the form you will receive a confirmation email and your subscription only becomes active once you click the confirmation link. We log the time of your signup and the time of your confirmation in order to be able to demonstrate consent.

The newsletter is sent through EmailOctopus Ltd. (United Kingdom), which acts as our processor. EmailOctopus is located in a country with an adequacy decision by the European Commission. You can revoke your consent at any time, for example by clicking the unsubscribe link at the bottom of every newsletter or by emailing us at [email protected]. Revocation does not affect the lawfulness of processing carried out before revocation.

6. Web analytics — Google Analytics 4

On the production version of this website we use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics 4 uses first-party cookies and similar technologies to analyse how visitors use the website. IP addresses are truncated by Google before further processing. The information generated is transmitted to and stored by Google, including on servers operated by Google LLC in the United States.

How your consent is handled — and the 5-second window in which to object. When you first visit the site we present a cookie banner with an explicit “Accept analytics” and “Reject” choice. We use Google Consent Mode v2: at page load, all storage and identifier signals (analytics_storage, ad_storage, ad_user_data, ad_personalization) are initially set to “denied”, so during the first few seconds Google Analytics does not set or read cookies and does not transmit personal data. If you do not make an explicit choice in the banner, analytics_storageis automatically switched to “granted” 5 seconds after the page loads; from that moment Google Analytics 4 may set first-party cookies and process your personal data for the analytics purposes described above. The other Consent Mode signals (ad_storage, ad_user_data, ad_personalization) remain denied at all times — we do not run advertising or remarketing. Clicking “Reject” (in the banner or in cookie settings) at any point before or after this 5-second window cancels the automatic grant and permanently disables analytics on your device until you change your mind. The legal basis for analytics processing is Art. 6 (1) lit. a GDPR / § 25 (1) TTDSG where you actively opt in via the banner, and Art. 6 (1) lit. f GDPR (legitimate interest in understanding aggregate site usage) where the automatic 5-second grant applies and you have not objected. The transfer to the United States is safeguarded by Google LLC’s certification under the EU-US Data Privacy Framework and by EU Standard Contractual Clauses. Data is retained by Google for a maximum of 14 months.

You can withdraw your consent at any time with effect for the future via cookie settings (also linked at the bottom of every page), or by writing to [email protected]. You can additionally install the Google Analytics opt-out browser add-on. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

7. Campaign attribution (UTM parameters)

When you arrive on our site through a link that contains UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) we store those parameters in your browser’s sessionStorage so that we can attribute a later contact-form submission to the correct campaign. The values are deleted automatically when you close the browser tab. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in measuring marketing effectiveness).

8. Cookies

Our website uses two categories of cookies and comparable technologies:

• Strictly necessary — required to deliver a service you have explicitly requested (for example an opaque session token used by our contact and newsletter forms for anti-abuse protection, and the cookie that remembers your cookie-consent choice itself). These are set on the basis of § 25 (2) Nr. 2 TTDSG and do not require consent.
• Analytics— the Google Analytics 4 cookies described in section 6. These are set either when you explicitly accept analytics in the cookie banner, or — if you do not interact with the banner — automatically 5 seconds after the page loads. They are never set if you click “Reject”.

You can review and change your choice at any time via cookie settings. Your decision is stored locally in your browser (localStorage key bitbond_consent_v1) until you change it or clear site data in your browser. We may re-prompt you if we materially change the categories of cookies in use.

9. Embedded third-party content

Our blog and product pages may embed content from external providers (for example videos, code samples, or documentation links). When you interact with such embedded content, the respective provider may process your IP address and connection data. We have no influence over this processing. Where we use embeds we load them in a privacy-friendly way and link out rather than auto-embed wherever feasible.

10. Recipients and processors

We use the following categories of processors and service providers, all of whom are bound by appropriate contractual safeguards (Art. 28 GDPR data processing agreements and, where applicable, EU Standard Contractual Clauses):

• Hosting and content delivery — within the EU/EEA
• Sanity.io (Norway) — content management system
• EmailOctopus Ltd. (United Kingdom) — newsletter delivery
• Slack Technologies LLC (United States) — internal lead routing
• Google Ireland Ltd. / Google LLC — web analytics

We do not sell personal data, and we do not use it for automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. International data transfers

Where personal data is transferred to a country outside the EU/EEA, we ensure an adequate level of protection through an adequacy decision of the European Commission, EU Standard Contractual Clauses (Decision 2021/914), and, where appropriate, supplementary technical and organisational measures.

12. Storage period

We only store personal data for as long as necessary to fulfil the purposes described above or for as long as we are legally required to retain them (in particular under tax and commercial law: typically 6 to 10 years for business correspondence and accounting documents). After the retention period expires the data is deleted or anonymised.

13. Your rights

Under the GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to withdraw consent at any time with effect for the future (Art. 7 (3) GDPR)

To exercise any of these rights please contact us at [email protected].

14. Right to lodge a complaint

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement (Art. 77 GDPR). The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin, Germany
Website: www.datenschutz-berlin.de

15. Changes to this policy

We may update this privacy policy from time to time, for example to reflect changes in our processing activities or in legal requirements. The current version is always available on this page; the date of the last revision is shown at the top.