Privacy Policy

Last updated: 25 June 2026 · Version 1.0 (draft)

Template notice. This document is a good-faith starting template, not legal advice. Before launch it must be reviewed and completed by qualified data-protection counsel, and a German-language Datenschutzerklärung and Impressum must be provided for users in Germany, Austria and Switzerland (DACH). Bracketed values such as [Stalldo Legal Entity] are placeholders.

1. Who we are (the controller)

This service ("Stalldo", "we", "us") is provided by [Stalldo Team]. For any privacy question or to exercise your rights, contact us at privacy@stalldo.com. Our Data Protection contact is [DPO / responsible person, contact].

2. Scope

This policy covers the Stalldo marketing website (stalldo.com), the Stalldo application (app.stalldo.com) and related services. It explains what personal data we process, why, on what legal basis, and the rights you have under the EU/UK General Data Protection Regulation (GDPR) and applicable national law.

3. What data we collect

Category	Examples	When
Waitlist / lead data	Email, name, role, herd size, current tools, pain points, willingness-to-pay, referral code	When you join the early-access list
Account data	Email, name, authentication identifiers, language and unit preferences	When you create an account
Content you create	Horse profiles, health and nutrition records, finances, documents, photos, notes, calendar events, links between them	While using the app
Collaboration data	Invitations, shared access, permissions, the people you connect to a horse	When you share or are shared with
Technical data	IP address, device/browser type, timestamps, error logs, anti-bot signals (Cloudflare Turnstile)	Automatically, for security and reliability
Usage / analytics	Pages viewed, features used, marketing attribution (UTM/referrer)	If/where enabled, on a lawful basis

Stalldo is built offline-first and uses on-device AI where possible, so much of the content you create can be processed locally on your device. Synced data is stored on our infrastructure as described below. We do not knowingly collect data from children. Stalldo records information about horses; this is not "special category" personal data under the GDPR, but we treat it as sensitive.

4. Why we use it & legal bases

To provide the service (contract, Art. 6(1)(b)): run your account, store and sync your records, enable sharing.
Early access & marketing (consent, Art. 6(1)(a)): contact you about early access; you can withdraw consent at any time.
Security & abuse prevention (legitimate interests, Art. 6(1)(f)): protect the service, prevent fraud and bots.
Legal obligations (Art. 6(1)(c)): tax, accounting and lawful requests.
Product improvement / analytics (consent or legitimate interests, as applicable): understand and improve usage.

5. Service providers (processors)

We share data only with vetted providers acting on our instructions under a data processing agreement, including:

Cloudflare — hosting, edge compute, content delivery, and bot protection (Turnstile).
Supabase — database, authentication and storage of synced data.
[Email / messaging provider] — transactional and early-access emails.
[AI / model provider, where used] — only when a task cannot be handled on-device; data is sent transiently and not used to train third-party models without your consent.

We do not sell your personal data.

6. International transfers

Where data is processed outside the EEA/UK, we rely on appropriate safeguards such as EU Standard Contractual Clauses and provider data-protection frameworks. Details available on request.

7. How long we keep it

We keep account and content data for as long as your account is active, then delete or anonymise it within [retention period] of closure, unless we must retain it for legal reasons. Waitlist data is kept until you ask us to remove it or we conclude the early-access programme.

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your data, to object to certain processing, and to withdraw consent at any time. You also have the right to complain to your supervisory authority (in Germany, your state DPA). To exercise any right, email privacy@stalldo.com.

9. Security

We use encryption in transit, access controls, permissioned sharing and reputable infrastructure providers. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a qualifying breach as required by law.

10. Cookies & local storage

The marketing site uses minimal local storage for your language and theme preferences and for waitlist/referral attribution. We use anti-bot protection (Cloudflare Turnstile) on forms. Any non-essential analytics or marketing cookies are used only with your consent.

11. Changes

We may update this policy; we will post the new version here and, for material changes, notify you. The "last updated" date reflects the current version.

Questions? privacy@stalldo.com · See also our Terms and Data Processing Addendum.