Privacy Policy
Our Commitment to Your Privacy
Last Updated: 29 July 2025
Avdain is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy details what personal data we collect, why we use it, and how we protect it.
We do not sell your personal data.
We collect only the minimum data necessary to provide our services.
We give you control over your data and honor your rights under the GDPR.
Section 1
Data Controller
The entity responsible for processing your personal data (the "Data Controller") is:
Mikail Bagmaci (operating as Avdain)
Address: Drorygasse 8, 1030 Wien, Austria
Email for privacy inquiries: avdainlabs@gmail.com
Section 2
How and Why We Process Your Data
We process your personal data for specific purposes and only when we have a legal basis to do so under Article 6 of the GDPR. Below is a breakdown of the data we process:
| Data Category | What We Collect | Purpose of Processing | Legal Basis (GDPR) |
|---|---|---|---|
| Account Data | Email address, username, securely hashed password. | To create and manage your user account, provide access to our Services, and communicate essential service updates. | Performance of a Contract |
| Payment & Transaction Data | Name, billing address, transaction details (date, amount). | To process payments for our paid products, issue invoices, and comply with our legal financial and tax obligations in Austria. | Performance of a Contract and Legal Obligation |
| Communications Data | Your name, email address, and the content of your messages. | To respond to your support requests, inquiries, and feedback. | Legitimate Interest (to provide excellent customer service) |
| Technical & Usage Data | IP address, device type, operating system, application and website usage patterns. | To ensure the security of our Services, prevent fraud, debug issues, and analyze usage to improve our products. | Legitimate Interest (to maintain and enhance our Services) |
Note on Payment Information: For our paid services, we use Stripe as our third-party payment processor. We do not receive or store your full credit card details.
Section 3
Cookies and Similar Technologies
Our website may use essential cookies to function correctly. We will ask for your explicit consent before using any non-essential cookies, such as those used by our analytics service, in compliance with the ePrivacy Directive.
Section 4
Data Sharing and Processors
We do not sell or rent your personal data. We may share your data with trusted third-party service providers ("Data Processors") who perform services on our behalf. We have Data Processing Agreements (DPAs) in place with these providers where required.
Our categories of processors include:
- Payment Processors: To securely handle payments for our products (e.g., Stripe).
- Cloud Infrastructure & Hosting Providers: To host our website, applications, and data (Vercel).
- Analytics Services: To help us understand service usage (Vercel Analytics).
Section 5
International Data Transfers
Some of our processors (like Stripe and Vercel) are based in the United States, outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure it is protected by implementing appropriate safeguards, primarily by using the European Commission's Standard Contractual Clauses (SCCs).
Section 6
Data Retention
We practice data minimization and do not keep your personal data for longer than is necessary for the purposes for which it was collected.
- Account Data: Retained for as long as your account remains active.
- Financial Records: Retained for 7 years, as required by Austrian commercial and tax law (Unternehmensgesetzbuch).
- Technical Logs: Retained for a short period for security and debugging purposes.
Section 7
Your Data Protection Rights
Under the GDPR, you have the following rights over your personal data:
- Right to Access: You can ask for a copy of the data we hold about you.
- Right to Rectification: You can ask us to correct any inaccurate information.
- Right to Erasure (the "Right to be Forgotten"): You can ask us to delete your data, provided there is no overriding legal reason (like tax law) for us to keep it.
- Right to Restriction of Processing: You can ask us to temporarily stop processing your data under certain circumstances.
- Right to Data Portability: You can ask for a copy of your data in a machine-readable format to transfer to another service.
- Right to Object: You can object to us processing your data based on our legitimate interests.
- Right to Withdraw Consent: Where we process data based on your consent, you can withdraw that consent at any time.
To exercise any of these rights, please contact us at avdainlabs@gmail.com.
You also have the right to lodge a complaint with your local data protection authority. The authority for Austria is:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Austria
Website: https://www.dsb.gv.at
Section 8
Data Security
We implement robust technical and organizational measures, such as encryption and access controls, to protect your personal data from unauthorized access, alteration, or destruction.
Section 9
Children's Privacy
Our Services are not directed at individuals under the age of 13. We do not knowingly collect personal data from children.
Section 10
Changes to This Policy
We may update this policy to reflect changes in our practices or for legal reasons. The "Last Updated" date at the top will always indicate the latest version.