Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains how Mehmet Ugur Kebir collects, uses, and protects your personal data when you use devocab.com. We comply with the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG).

1. Data Controller

Mehmet Ugur Kebir
Peter-Dörfler-Str. 24
88161 Lindenberg im Allgäu, Germany
support@devocab.com

We are a small operation and not legally required to appoint a Data Protection Officer (DPO). Direct all privacy enquiries to the email above.

2. What We Collect

At signup

During use

At purchase

Payment is processed entirely by Paddle. We do not see, store, or have any access to your payment card data. From Paddle's webhooks we receive only:

We do NOT collect

3. Legal Basis (GDPR Art. 6)

4. Third-Party Processors

To deliver the Service we use the following sub-processors, each handling your data under their own privacy terms and EU-compliant data protection agreements:

Our infrastructure processors provide GDPR Article 28 Data Processing Agreements (DPAs) as part of their service terms, governing their processing of personal data on our behalf: Cloudflare's DPA is incorporated by reference into its Self-Serve Subscription Agreement, and Supabase's DPA is accepted through its self-service legal flow. Paddle acts as our Merchant of Record; for the payment transaction it is largely an independent controller, and its DPA applies to any data processed on our behalf. Google and Meta are independent controllers for the OAuth sign-in step.

5. International Transfers

Where data is transferred outside the EU/EEA (e.g. via Cloudflare or Paddle global infrastructure), we rely on the EU Standard Contractual Clauses and our processors' adequacy mechanisms.

6. Storage and Retention

7. Your Rights (GDPR Art. 15–22)

You have the right to:

To exercise any of these rights, email support@devocab.com. We respond within 30 days as required by law.

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

9. Cookies and Local Storage

We use localStorage (a browser API, not cookies) for:

We do not use marketing or analytics cookies. Supabase Auth may set a session cookie for its own auth flow on its domain (not ours). No third-party cookies are set by our site.

10. Security

We apply technical and organisational measures appropriate to the risk:

No security measure is perfect; despite our efforts we cannot guarantee that data transmission or storage will be free from unauthorised access.

11. Data Breach Notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will:

The notification will describe the nature of the breach, the categories and approximate number of users and records concerned, the likely consequences, and the measures taken or proposed to address it.

12. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you become aware that a child has registered, please contact us and the account will be deleted.

13. Changes

Material changes to this Privacy Policy will be communicated by email or in-app banner. Continued use after the effective date constitutes acceptance.