Skip to main content
Legal

Privacy policy

Information about the protection of your personal data under the GDPR.

1

Controller

Code7Byte e.U.

Abdul Rahman Al Arjawi

Berliner Ring 71/18, 8047 Graz, Austria

Email: office@code7byte.com
Phone: +43 688 64097443

2

Collection and storage of personal data

The following data is collected automatically when you visit our website:

  • IP address (anonymised)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL (the page visited previously)

This data is used exclusively for statistical purposes and to improve the website. It is not associated with individual people.

Retention period: This data is retained for no more than 7 days. The log files are then deleted or fully anonymised. It is not combined with other data sources.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest lies in the technical provision of the website, error analysis and the detection of misuse and attacks.

3

Cookies and local browser storage

We use no cookieswhen you simply visit our website. In particular, we do not use tracking, analytics or advertising cookies.

Functional cookie following a user action: If you actively use the language selector on our website, one strictly necessary cookie is set:

  • Name:resecho_locale
  • Purpose: Stores your selected language
  • Lifetime: 365 days
  • Content: Language code (e.g. de-at, en-at, de-de, en-de)

Legal basis: Section 25(2)(2) TTDSG (Germany) or Section 165 TKG (Austria) — strictly necessary for a service explicitly requested by the user (storing the language selection). Consent is not required for this purpose.

Functional cookie when signing in to the dashboard: If you are signed in to the ResEcho dashboard (app.resecho.com), a strictly necessary cookie is set on the parent domain. This website reads it so that it can show you the appropriate link (‘My account’ instead of log in/register):

  • Name:resecho_auth
  • Purpose: remembers whether you are signed in to the dashboard so that the appropriate link can be displayed
  • Domain:.resecho.com
  • Lifetime: 30 days
  • Content: a boolean indicator (no personal reference, no token and no user data)

Local browser storage: The marketing pages on this website do not otherwise use localStorage or sessionStorage.

On the restaurant menu pages at /res/{restaurant}/... entries are stored in the browser's local storage (localStorage) to control how often the restaurant's marketing messages are displayed (popup-window-{id} , each with a time window ranging from one hour to one month depending on the selected display frequency). These entries contain no personal data and never leave your browser.

You can delete cookies and local storage entries in your browser or prevent them from being set at any time. The website remains fully functional — in this case, your language selection will be reset on every visit.

4

Analytics tools

We currently do not use external analytics tools such as Google Analytics. Should this change, we will update this privacy policy accordingly and — where required — obtain your consent.

5

Contacting us

If you contact us by email, the information you provide will be stored in order to process your enquiry. It will not be passed on to third parties. The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

6

Your rights

You have the right at any time to:

  • Access your personal data stored by us (Article 15 GDPR)
  • Rectification of inaccurate data (Article 16 GDPR)
  • Erasure of your data (Article 17 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Object to processing (Article 21 GDPR)
  • Article 22 GDPR — the right not to be subject to a decision based solely on automated processing. We do not make automated individual decisions.
  • Article 7(3) GDPR — if you have given consent, you may withdraw it at any time with effect for the future.

To exercise your rights, please contact: office@code7byte.com

7

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority.

In Austria:

The competent supervisory authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna.

In Germany:

Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, BfDI)
Graurheindorfer Straße 153
53117 Bonn
https://www.bfdi.bund.de

The data protection authorities of the individual federal states also have jurisdiction. An overview is available on the BfDI website.

8

SSL encryption

This website uses SSL encryption for security reasons. You can recognise an encrypted connection by the padlock icon in your browser's address bar.

9

Hosting

Our website is hosted by Hostinger . The server is located in Frankfurt am Main, Germany (within the European Union).

We have a data processing agreement (DPA) with the hosting provider pursuant to Article 28 GDPR. Hostinger makes this available in the customer portal. The hosting provider has no access to the content of user data and processes it solely to provide the server infrastructure.

When you visit our website, the hosting provider collects server log files as described in Section 2 of this privacy policy.

10

Changes

We reserve the right to amend this privacy policy to reflect changes in the law or changes to our service. The version currently in force applies.

11

Fonts

We use fonts that originally come from Google Fonts but are hosted locally on our server . The font files are downloaded once during the build process and embedded in our application.

No connections to Google servers are established when you visit our website. No data is transmitted to Google — in particular, not to fonts.googleapis.com or fonts.gstatic.com.

12

Payment processing through Stripe

We use the payment service provider Stripe Payments Europe, Limited (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process paid subscriptions to our software services.

When you take out a subscription, the data required to process the payment (name, billing address and payment details) is collected directly by Stripe. Code7Byte e.U. does not receive or store complete credit card details — Stripe provides us only with a transaction ID and the payment status.

Legal basis: Article 6(1)(b) GDPR (performance of a contract).

Transfer to third countries: As part of its corporate structure, Stripe may transfer data to the United States. This takes place on the basis of the EU–US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) and supplementary EU Standard Contractual Clauses.

Stripe privacy policy: https://stripe.com/at/privacy

13

Recipients and processors

Personal data is disclosed only to the following categories of recipients:

  • Hostinger — hosting and server operation (data processing agreement pursuant to Article 28 GDPR, server location Frankfurt am Main, Germany).
  • Stripe Payments Europe, Limited — payment processing (performance of a contract pursuant to Article 6(1)(b) GDPR; see Section 12).
  • Tax advisers and authorities — insofar as statutory retention and reporting obligations require this (Article 6(1)(c) GDPR).

We do not sell or otherwise disclose your data for advertising or profiling purposes.

Last updated: June 2026