Privacy Policy
Last updated: February 7, 2025
1. Controller
Paroot Cashback UG (haftungsbeschränkt)
Haldenstraße 18, 73104 Börtlingen, Germany
Email: info@fastdomain.io
Phone: +49 157 70455112
Commercial Register: Amtsgericht Ulm, HRB 743946
VAT ID: DE352091925
Legal Representatives: Nico Epp (CEO), Jonathan Veil (CEO)
2. Data We Collect and Why
Account Data
When you create an account via Google OAuth or Magic Link, we store your name, email, profile image, and username. Session data includes IP address and user agent for security purposes.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Domain Services
When you search for domains, we query registrar APIs on your behalf. For authenticated users we store saved domains, price alert preferences, portfolio entries, and usage statistics to enforce plan limits.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
AI Features
Our AI domain and business name generators send your input (business description, industry, keywords) to Google Gemini 2.5 Flash for processing. We do not permanently store these inputs. AI features are rate-limited by IP address.
Legal basis: Art. 6(1)(b) GDPR (service provision), Art. 6(1)(f) GDPR (abuse protection for rate limiting).
Payment Data
We use Polar.sh for subscription management. Polar handles all payment card data directly. We only store your Polar customer ID, subscription status, plan type, and billing period dates.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Cookies
We use only technically necessary cookies:
- Session cookies (
fastdomain_*): Authentication session tokens. - Locale cookie (
NEXT_LOCALE): Your language preference.
Legal basis: Art. 6(1)(f) GDPR, §25(2) TDDDG (strictly necessary, no consent required).
3. Third-Party Services
| Service | Purpose | Data Processed |
|---|---|---|
| Vercel | Hosting | Server logs, IP address |
| Polar.sh | Payments | Subscription & customer data |
| Resend | Transactional emails | Email address, email content |
| Loops | Newsletter | Email, name (consent-based) |
| Google Gemini | AI features | User input text |
| Sentry (dashboard only) | Error tracking | Error reports, session replays (10% sample), IP on client side |
| Upstash Redis | Rate limiting & caching | IP address (temporary) |
| Trigger.dev | Background tasks | Existing user data from our database |
| Vercel Analytics | Usage analytics | Anonymized page views (no cookies) |
Newsletter signup via Loops is based on Art. 6(1)(a) GDPR (consent) and can be revoked at any time via the unsubscribe link. All other services operate under Art. 6(1)(b) or Art. 6(1)(f) GDPR.
4. International Data Transfers
Some services are based in the USA. We ensure adequate protection via EU Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework where certified. Sentry processes data in its EU data center (Germany).
5. Data Retention
- Account data: Until account deletion.
- Subscription data: Duration of subscription plus legal retention periods (up to 10 years tax law, 6 years commercial law).
- Saved domains & portfolio: Until removed by user or account deletion.
- Session data: Expires automatically (5-minute cache).
- Rate limiting data: Expires after sliding window (typically 1 minute).
- Newsletter contacts: Until unsubscribe or deletion request.
- Error tracking (Sentry): Typically 90 days.
6. Your Rights
Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)) at any time.
You can delete your account and all associated data directly in the dashboard settings.
To exercise your rights, contact us at info@fastdomain.io.
Supervisory Authority
You have the right to lodge a complaint with:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany