Privacy Policy

BITS – Benedikt IT Services e.U.
Höchstädtplatz 4/201, 1200 Vienna, Austria
hello@bits.at

We keep this to a minimum:

• All users: Your email address, provided when you sign in via your identity provider. We use it to identify your account and send transactional emails (scan alerts, invoices).
• Paid subscribers only: Billing name, company name, address, country, and VAT ID – required for invoicing and tax compliance.
• Usage data: The URLs and domains you submit for scanning, your project settings, and scan results. This data is yours; it exists solely to provide the service.
• Access logs: IP addresses and request metadata, retained for up to 14 days for security and abuse prevention.

• Art. 6(1)(b) – Contract performance: account data, scan data, and billing details needed to deliver the service and issue invoices.
• Art. 6(1)(c) – Legal obligation: invoice and tax records retained for 7 years as required by Austrian law (§ 132 BAO).
• Art. 6(1)(f) – Legitimate interests: access logs for security and abuse prevention.

• Scan results are deleted automatically after 7 days (Free plan), 30 days (Starter), or 90 days (Agency).
• Account data is deleted when you delete your account. Invoices and billing records are retained for 7 years as required by law.
• Access logs are deleted after 14 days.

• Mollie B.V. – payment processing. Mollie handles all card and payment data; we never see or store your payment credentials. Mollie Privacy Policy
• The Happy Hosting Company – server infrastructure, hosted in the EU. All data remains within the European Union.

We run a self-hosted instance of Umami for website analytics. It is cookieless, collects no personal data, and does not identify individual visitors. No data is shared with third parties.

We use three authentication cookies set by Auth.js. These are strictly necessary for the service to function and require no consent. No tracking or advertising cookies are used.

Under GDPR you have the right to access, correct, delete, restrict, or export your data, and to object to processing. To exercise these rights, contact us at hello@bits.at. You can delete your account and all associated data directly in your account settings.

You also have the right to lodge a complaint with the Austrian Data Protection Authority: dsb.gv.at.