Privacy Policy

Last updated: May 2026

English convenience translation. The legally binding version is the German Datenschutzerklärung.

We are glad you are visiting our website. Protecting your personal data is important to us. Below we explain in detail how we handle your data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications-Telemedia Data Protection Act (TTDSG).

1. Controller

The controller within the meaning of Art. 4(7) GDPR is:

GetPupic UG (haftungsbeschränkt)
Hertzbergstraße 2, 12055 Berlin, Germany
Represented by the managing director: Mohamed Elhedi Jerbi
Email: hello@getpupic.com

No data protection officer has been appointed because the legal thresholds for a mandatory appointment are not currently met (§ 38 BDSG).

2. General information on processing

We only process personal data of our users to the extent necessary to provide a functional website and our content and services. Processing regularly takes place only with the user's consent (Art. 6(1)(a) GDPR), to perform a contract or pre-contractual measures (Art. 6(1)(b) GDPR), to fulfil legal obligations (Art. 6(1)(c) GDPR), or on the basis of legitimate interests (Art. 6(1)(f) GDPR).

3. Hosting via Replit

This website is hosted by Replit, Inc., 767 Bryant St #203, San Francisco, CA 94107, USA. Each time the website is accessed, Replit automatically processes technical data transmitted by the browser (in particular IP address, date and time, requested URL, referrer URL, browser and operating system) for the purpose of stable, secure and performant delivery of the website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technically secure delivery).

Transfer to third countries: Because Replit is a US company, personal data may be transferred to the USA. The transfer takes place on the basis of the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, together with additional technical and organisational safeguards. Replit is or has indicated commitment to the EU-U.S. Data Privacy Framework where applicable.

Retention: Server log files are generally deleted automatically after 14 days unless a specific security-related retention is required.

Further information: https://replit.com/site/privacy

4. Server log files

Each time the website is accessed, the following data is temporarily stored in a log file: anonymised or full IP address, date and time of the request, content of the request (specific page), access status / HTTP status code, the volume of data transferred, the website from which the request originates, and browser, language and version of the browser software.

Storage takes place to ensure operation, for security analysis and to defend against attacks. The data is not merged with other data sources. The data is deleted after 14 days.

Legal basis: Art. 6(1)(f) GDPR.

5. Waitlist / newsletter (MailerLite)

When you sign up for our waitlist, we process your email address for the purpose of adding you to our mailing list, so we can inform you about the launch of GetPupic, product news and related topics.

For sending and managing emails we use the service MailerLite, operated by MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland. We have entered into a data processing agreement with MailerLite pursuant to Art. 28 GDPR, which obliges MailerLite to process and protect our users' data only on our instructions. MailerLite processes the data within the EU.

Note on technical loading: The MailerLite Universal script (assets.mailerlite.com/js/universal.js) is loaded on all pages of our website so the sign-up form can be displayed on click. When the script loads, your IP address is transmitted to MailerLite. MailerLite does not set tracking or advertising cookies at this stage. Functionally necessary cookies / local-storage entries are only set when you actually open the sign-up form.

Double opt-in: After your sign-up you receive an email containing a confirmation link. Only after you confirm will your email address be actively added to our list. This ensures that the sign-up was actually made by you (protection against fraudulent sign-ups by third parties).

Data processed: email address, sign-up timestamp, IP address at the time of sign-up and confirmation (as proof of consent).

Legal basis: Art. 6(1)(a) GDPR (consent) and § 7(2)(3) UWG (German Act against Unfair Competition).

Retention: Until you withdraw your consent. You can withdraw your consent at any time, with effect for the future, via the unsubscribe link contained in every email or by email to hello@getpupic.com. After withdrawal your email address will be removed from the active list; limited retention may remain necessary to fulfil legal proof obligations.

MailerLite's privacy policy: https://www.mailerlite.com/legal/privacy-policy

6. Contact by email

If you contact us by email, the information you provide (email address, name, content of the message) will be stored to process the request and for possible follow-up questions.

Legal basis: Art. 6(1)(b) GDPR (initiation of a contractual relationship) or Art. 6(1)(f) GDPR (legitimate interest in answering your enquiry).

Retention: We delete the data as soon as it is no longer needed to process your enquiry, at the latest after expiry of statutory retention periods (in particular § 257 HGB, § 147 AO).

7. Fonts (privacy-friendly, self-routed)

This website uses the "Inter" typeface. The font is delivered via the privacy-friendly service fonts.bunny.net (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia), which operates without cookies and without IP logging for tracking purposes, and is fully GDPR-compliant. No data is transmitted to Google.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent, appealing presentation of our service).

Further information: https://fonts.bunny.net/about

8. TailwindCSS (CDN)

To style our website we use the TailwindCSS stylesheet framework, delivered via the official Tailwind CDN service cdn.tailwindcss.com (Tailwind Labs, Inc., 251 Little Falls Drive, Wilmington, DE 19808, USA). Delivery is technically routed through the CDN network of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). When the file is requested, your IP address is transmitted to the CDN provider to enable delivery. No tracking cookies and no advertising identifiers are set.

Transfer to third countries: Personal data (in particular your IP address) may be transferred to the USA. The transfer takes place on the basis of the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Cloudflare is also certified under the EU-U.S. Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast and stable delivery).

Further information: https://www.cloudflare.com/privacypolicy/

9. No other third-party services

This website does not use Google Analytics, no Facebook Pixel, no Google reCAPTCHA, no Cloudflare Turnstile, no hCaptcha and no other tracking, advertising or profiling services. Spam protection for the waitlist form is provided exclusively by MailerLite (see section 5) and by the double opt-in procedure.

10. Cookies and local storage

Our website does not use tracking or analytics cookies. We use only strictly necessary storage mechanisms:

localStorage "gp-cookie-accepted": Stores locally in your browser that you have acknowledged our cookie notice, so it is not shown again. Not transmitted to us or any third party.
MailerLite (only when using the sign-up form): When the waitlist popup opens, MailerLite may set a technically necessary cookie / local storage entry for display and spam-protection control.

Legal basis: § 25(2)(2) TTDSG (strictly necessary) or Art. 6(1)(f) GDPR.

11. No processing of minors' data

Our service is not directed at persons under 16. We do not knowingly collect personal data from children. If we become aware that a child has transmitted data to us without parental consent, we will delete it without undue delay.

12. Your rights as a data subject

You have the following rights against us regarding the personal data concerning you:

Right of access (Art. 15 GDPR)
Right to rectification of inaccurate data (Art. 16 GDPR)
Right to erasure ("right to be forgotten", Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

An informal email to hello@getpupic.com is sufficient to exercise your rights. We respond within the statutory deadlines (Art. 12(3) GDPR).

13. Right to object in individual cases (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(f) GDPR. We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims.

14. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Phone: +49 (0)30 13889-0
Email: mailbox@datenschutz-berlin.de
Web: https://www.datenschutz-berlin.de

15. Data security

During your visit we use TLS (Transport Layer Security) encryption together with the highest encryption level supported by your browser, typically 256-bit. An active encrypted connection is indicated by the lock symbol in your browser's address bar.

16. Validity and changes to this Privacy Policy

This Privacy Policy is current as of May 2026. As our website evolves or as legal or regulatory requirements change, it may become necessary to amend this Privacy Policy. The current version is always available on this page.