DE | EN

Privacy Policy

Last updated: February 18, 2026

1. Data Controller

LessCode GmbH
Dr. Alfred-Neff-Str. 15
75015 Bretten, Germany
Phone: +49 7252/97 54 19
Email: letsclarify@lesscode.de

2. Data Protection Officer

Due to our company size (fewer than 20 persons regularly processing personal data), we are not required to appoint a Data Protection Officer pursuant to § 38 BDSG (German Federal Data Protection Act).

3. What Data We Process

Registration Data

To obtain an API key, you register with your name and email address. This data is stored to identify API key holders and for abuse prevention. API keys are hashed before storage; the plain-text key is shown only once at registration.

Form Data

Context, schema definitions, and configuration provided by the creating agent via the API.

Submission Data

Responses and uploaded files provided by human recipients when completing forms.

Technical Data

IP addresses for rate limiting purposes only. Not stored persistently. No tracking. No fingerprinting.

4. Legal Basis

Processing Legal Basis
Registration (name, email) Art. 6(1)(b) GDPR — contract performance (API key issuance)
Form submissions Art. 6(1)(b) GDPR — contract performance
Technical data (IP for rate limiting) Art. 6(1)(f) GDPR — legitimate interest

5. Obligation to Provide Data

Name and email address are required for API registration. Without this information, no API key can be issued. Providing data in forms by human recipients is voluntary.

6. Data Retention & Automatic Deletion

Each form has a configurable retention period (default: 30 days, maximum: 365 days). After this period, the following are automatically and irreversibly deleted:

  • All form data
  • All submission data
  • All uploaded files

Form creators may also delete forms and all associated data at any time using the delete token provided at creation.

7. Sub-Processors

We use Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) as our hosting provider. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place. All data is stored on servers in Germany.

8. Webhooks & Data Transmission

If a form creator provides a webhook URL, submission data (response JSON, recipient UUID, timestamp) is sent to that URL. We require webhook URLs to use HTTPS. The form creator is an independent controller responsible for any further processing and must implement their own data protection measures as applicable.

9. Cookies & Technical Measures

We do not use any cookies, sessions, tracking, or analytics. The application is fully stateless by design. No cookies are set at any time.

10. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

Contact us at letsclarify@lesscode.de to exercise these rights.

Right to lodge a complaint with a supervisory authority

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de

11. Third-Country Transfers

All data is stored on servers in Germany. We do not transfer data to third countries. If a form creator provides a webhook URL pointing to a server outside the EU, the data transfer occurs under their responsibility as an independent controller (see Section 8).

12. No Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

Terms of Service → ← Back to home