Privacy Policy

Controller for the processing of personal data on this website and platform:

UYUL UG
Pfälzer Str. 12
65929 Frankfurt am Main
Germany
Registration number: HRB 105334

For privacy-related requests, a contact email should be inserted before publication.

This Privacy Policy explains how UYUL UG processes personal data in connection with the UYUL ATLAS website and platform. It applies to visitors, registered users, clients, invited collaborators, and viewers who access the platform or interact with its services.

It covers account data, uploaded files, images, project information, comments, technical logs, support access, and platform-related storage and hosting.

Depending on how the website and platform are used, UYUL UG may process the following categories of personal data:

• identification and account data, such as name, email address, company name, user role, and login-related information;
• project and platform data, such as project names, atlas names, comments, permissions, user-generated settings, and shared content;
• uploaded content, such as images, maps, files, comments, annotations, and related metadata;
• technical usage and security data, such as IP address, browser type, device information, timestamps, server logs, and error logs;
• support-related data, where access is necessary to investigate, troubleshoot, secure, maintain, or restore the service.

UYUL UG processes personal data and uploaded content only as necessary to operate and support the platform, including to:

• provide the website and platform to users;
• create, manage, and secure user accounts;
• authenticate users and manage access rights;
• host, organize, display, and share projects, atlas data, images, files, comments, and exports;
• provide technical support, maintenance, troubleshooting, and recovery;
• maintain platform security, logging, backups, abuse prevention, and system integrity;
• comply with legal obligations and enforce contractual rights.

UYUL UG states that uploaded images, project data, and personal data are not used for personal use, unrelated commercial exploitation, or marketing by UYUL UG. UYUL UG also states that it does not sell personal information.

Where the GDPR applies, processing may be based on one or more of the following legal bases:

• Art. 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the user before entering into a contract;
• Art. 6(1)(f) GDPR — processing necessary for legitimate interests, such as platform security, fraud prevention, access management, service maintenance, troubleshooting, backups, and support;
• Art. 6(1)(c) GDPR — processing necessary to comply with legal obligations;
• Art. 6(1)(a) GDPR — consent, where consent is specifically requested for optional processing.

Government GDPR guidance notes that the legal basis for temporary storage of logs and technical data must be clearly identified and limited to what is necessary for operation and security.

To use the platform as a registered user, the user must provide a valid email address. The email address is used for registration, login, authentication, security, user administration, and service-related communication.

Users are responsible for keeping their login information accurate and for protecting their login credentials.

The platform allows users to upload images, maps, files, comments, and other project-related content. Such content is stored and processed as necessary to provide the platform's core functions.

UYUL UG stores uploaded files and project content using its service infrastructure, including Microsoft-provided storage services as configured for the platform. Depending on the setup, this may include Microsoft server-side services used to store uploaded images and related files.

Users should upload only data and content that they are authorized to store, process, share, and manage through the platform.

UYUL UG may have backend access to project details, uploaded images, files, comments, and related account data. This access is limited to what is reasonably necessary for:

• technical support;
• troubleshooting platform errors;
• restoring or recovering files or service functionality;
• maintaining platform security and integrity;
• administering permissions and system operations;
• complying with legal obligations.

UYUL UG states that such backend access is not used for marketing, not used for unrelated personal use, and not used for unrelated commercial use. Backend visibility exists only to the extent necessary to operate and support the service.

The website and application may be hosted or operated using infrastructure and services provided by Lovable Labs Incorporated. Lovable provides security and compliance information through its Trust Center, including information relating to SOC 2 Type II, ISO/IEC 27001:2022, and GDPR-related information and controls. Users may review Lovable's Trust Center here: https://trust.lovable.dev.

Users should also review Lovable's privacy, security, and related documentation for platform-level hosting and infrastructure information. Lovable states that its security and compliance information applies to Lovable's platform environment and controls.

UYUL UG remains responsible for its own platform configuration, access permissions, operational practices, and application-level privacy compliance.

UYUL UG may use Microsoft-provided infrastructure or storage services for uploaded content and related data processing. Cloud storage compliance depends not only on the cloud provider but also on configuration, contractual safeguards, access restrictions, and internal governance.

Before final publication, UYUL UG should specify the exact Microsoft service used, such as SharePoint, OneDrive for Business, Azure Storage, or another Microsoft-hosted environment, if that detail is known and relevant.

UYUL UG states that it does not use browser cache or browsing history for marketing or unrelated purposes and does not collect personal information from cache or browsing history for its own marketing purposes.

Any cache, local storage, cookies, session data, or browsing history used strictly for browser operation, website rendering, login sessions, or technical website functions may be created or handled by the browser or the website's technical infrastructure.

If the platform uses non-essential cookies or similar technologies beyond strictly necessary technical operation, an additional cookie notice or consent mechanism should be implemented where legally required.

UYUL UG states that it does not sell personal data and does not use uploaded data or user personal data for unrelated marketing purposes.

Personal data may be shared with service providers and processors only where necessary to operate the platform, host data, provide infrastructure, support platform functions, comply with legal obligations, or protect the security and integrity of the service.

Such providers may include hosting providers, cloud storage providers, infrastructure vendors, and support-related subcontractors, provided appropriate data protection and confidentiality obligations are in place.

If personal data is transferred to or accessed from outside the European Economic Area, UYUL UG should ensure that appropriate legal safeguards are in place, such as Standard Contractual Clauses or another lawful transfer mechanism where required.

UYUL UG retains personal data and uploaded content only for as long as necessary to provide the platform, maintain security, comply with legal obligations, resolve disputes, and preserve backup and recovery integrity.

Specific retention periods for inactive accounts, deleted files, backups, and logs should be defined internally and inserted into a final version if needed.

UYUL UG should implement appropriate technical and organizational measures to protect personal data and uploaded content. GDPR cloud guidance emphasizes that compliance depends on both provider safeguards and the customer's own controls, such as access restriction, deletion handling, contractual safeguards, and documented processes.

Where the GDPR applies, users may have the following rights, subject to applicable legal limitations:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to data portability;
• right to object to certain processing;
• right to withdraw consent where processing is based on consent;
• right to lodge a complaint with a competent supervisory authority.

The platform is not intended for use by children unless expressly stated otherwise.

UYUL UG may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The latest version should be made available on the website.