Privacy Policy

1. Introduction

tlumesberger (“we,” “our,” or “us”) operates ShortcutHero (accessible at shortcuthero.xyz). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Austrian data protection laws. We are committed to protecting your personal data and respecting your privacy rights.

2. Data Controller Information

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Data You Provide

We collect information you provide directly to us, such as:

• Account Information: Email address, username, password (encrypted)
• Profile Information: Name, profile picture (optional)
• Payment Information: Processed securely through third-party payment processors
• Communications: When you contact us for support

3.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, training sessions completed
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, referring URLs
• Cookies: Session cookies and preference cookies (see Section 7)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our Service and fulfill our agreement with you
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations
• Consent: For marketing communications and optional features

5. How We Use Your Information

We use the collected information for:

• Providing and maintaining our Service
• Processing your account registration and authentication
• Tracking your learning progress and achievements
• Sending service-related notifications
• Responding to your inquiries and support requests
• Improving and optimizing our Service
• Preventing fraud and ensuring security
• Complying with legal obligations
• Sending marketing communications (with your consent)

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

• Supabase: Database and authentication services
• Vercel: Hosting and infrastructure
• Payment Processors: For subscription management
• Analytics Providers: To understand Service usage

6.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

6.3 Business Transfers

In case of merger, acquisition, or sale of assets, your information may be transferred with prior notice.

We do not sell your personal data to third parties.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Understand how you use our Service
• Improve user experience

Types of Cookies Used

• Essential Cookies: Required for Service functionality
• Performance Cookies: Help us understand Service usage
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may limit Service functionality.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Regular backups
• Security incident response procedures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

Retention Periods

• Account Data: Until account deletion + 30 days
• Usage Data: 2 years
• Payment Records: 7 years (legal requirement)
• Support Communications: 3 years

10. Your Rights Under GDPR

As an EU resident, you have the following rights:

10.1 Right to Access

You can request a copy of your personal data we hold.

10.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data under certain circumstances.

10.4 Right to Restrict Processing

You can request we limit how we use your personal data.

10.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

10.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, contact us at office [at] tlumesberger.at. We will respond within one month.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

• EU-approved Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Your explicit consent for specific transfers

12. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the “Last updated” date
• Sending you an email notification for significant changes

Continued use of our Service after changes constitutes acceptance of the updated policy.

15. Data Protection Officer

For questions about data protection or to exercise your rights, contact:

16. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority in Austria is:

17. Contact Us

For questions about this Privacy Policy or our privacy practices, please contact us at: