mystartup24
English Deutsch

Privacy Policy

Operator: Provimedia GmbH

Last updated: February 12, 2026

This is a convenience translation. The legally binding version of this Privacy Policy is the German original.

The protection of your personal data is important to us. In this Privacy Policy, we inform you about which data we collect, how we process it, and what rights you have.

1. Data Controller

Who is responsible for your data?

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Provimedia GmbH

Weidenweg 12, 74321 Bietigheim-Bissingen, Germany

Email: hello@mystartup24.com

For data protection inquiries, please contact us at the email address above.

2. Data We Collect

What personal data we collect.

We collect the following personal data:

  • Registration Data: Username, email address, password (stored as bcrypt hash)
  • Profile Data: Name, bio, social media links, profile picture (avatar)
  • Usage Data: Upvotes, comments, submitted products, search queries
  • Technical Data: IP address, browser type and version, operating system, access time, referrer URL

3. Purpose and Legal Basis

Why and on what legal basis we process your data.

Your data is processed on the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR)

Provision of the platform, user account management, authentication, product submission and upvoting.

Consent (Art. 6(1)(a) GDPR)

Sending email notifications and digest emails (revocable at any time).

Legitimate Interest (Art. 6(1)(f) GDPR)

Ensuring technical functionality, abuse prevention, anonymous usage statistics.

4. Cookies and Local Storage

What cookies and local storage technologies we use.

We only use technically necessary cookies and local storage entries:

Name Description
ms24_session Session cookie for authentication. Deleted after session ends. HttpOnly, SameSite=Strict.
theme Local Storage – stores your dark/light mode preference. No expiration.
lang Session variable – stores your language preference (de/en).

We do not use tracking cookies, advertising cookies, or third-party cookies.

5. Hosting and Server Log Files

What data is automatically collected when you visit our website.

When you access our website, the hosting provider automatically records the following information in server log files:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the requested page
  • Browser and operating system used
  • Referrer URL (previously visited page)

This data is processed to ensure operations and detect misuse (Art. 6(1)(f) GDPR). Log files are automatically deleted after 7 days.

6. Email Notifications

How we notify you by email and how you can unsubscribe.

If you subscribe to email notifications, we process your email address for the following purposes:

  • Notifications about new comments on your products
  • Weekly digest emails with the best products
  • Status changes of your submitted products

You can disable email notifications at any time in your settings or use the unsubscribe link in every email. Legal basis is your consent (Art. 6(1)(a) GDPR).

7. Contact Form

How your data is processed when you contact us.

When you use our contact form, the following data is processed:

  • Name
  • Email address
  • Subject and message content
  • Inquiry category

The data is used exclusively to process your inquiry and is deleted after completion, unless statutory retention obligations apply. Legal basis is Art. 6(1)(b) GDPR.

8. Payment Processing

How payment data is processed for premium bookings.

For paid services (Premium Launch, Spotlight) we use the payment service provider:

Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA

When making a payment, you are redirected to Stripe's secure payment page. Your credit card or bank details are processed exclusively by Stripe and are never stored on our servers.

We only receive a transaction ID, payment status, and amount from Stripe. Legal basis is Art. 6(1)(b) GDPR (contract performance).

Stripe Privacy Policy →

9. Recipients and Third Parties

To whom your data is disclosed.

Your personal data is only shared with third parties in the following cases:

  • Stripe Inc. – for payment processing of paid bookings
  • Hosting provider – for technical provision of the platform (data processing agreement per Art. 28 GDPR)

No further disclosure to third parties takes place unless we are legally obligated to do so (e.g., by court order).

Data transfer to third countries (outside the EU/EEA) only occurs to Stripe Inc. (USA) on the basis of EU Standard Contractual Clauses.

10. Data Retention

How long we retain your data.

We store your personal data only as long as necessary for the respective purpose:

  • Account data (profile, email, password hash) – until deletion of your account
  • Usage data (upvotes, comments) – until deletion of your account or upon your request
  • Server log files – 7 days
  • Contact inquiries – until completion of processing, maximum 6 months
  • Payment data – according to statutory retention periods (6 or 10 years)

After the retention period expires, data is automatically deleted or anonymized.

11. Your Rights

What data protection rights you have under the GDPR.

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) – You can request information about your data stored by us.
  • Right to rectification (Art. 16 GDPR) – You can request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) – You can request the deletion of your data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR) – You can request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR) – You can receive your data in a machine-readable format.
  • Right to object (Art. 21 GDPR) – You can object to the processing of your data insofar as it is based on legitimate interest.

To exercise your rights, please contact us at the email address above.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the competent data protection supervisory authority:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg

Lautenschlagerstraße 20, 70173 Stuttgart, Germany

https://www.baden-wuerttemberg.datenschutz.de

12. Data Security

How we protect your data technically.

We employ extensive technical and organizational measures to protect your data:

  • SSL/TLS encryption for all data transfers
  • Password hashing with bcrypt (no plaintext storage)
  • HttpOnly and SameSite cookies to prevent XSS and CSRF
  • Prepared statements to prevent SQL injection
  • CSRF token validation for all form submissions
  • Rate limiting to prevent brute-force attacks

13. Changes and Contact

How we update this Privacy Policy.

We reserve the right to update this Privacy Policy as needed to comply with changed legal requirements or changes to our platform.

The current version is always available on this page. We will notify registered users by email of material changes.

For data protection inquiries, please contact:

hello@mystartup24.com

Questions about data protection?

Contact us →
mystartup24

The platform for tech startups and indie makers to launch and discover innovative products.

Platform

Legal

Connect

EN DE

Newsletter

Get the best launches delivered weekly.

© 2026 mystartup24. All rights reserved.

Made with ♥ in EU