Home
Available
Image Optimizer Translate Backup Vault Cookie Guard Live Chat
Coming 2026
SEO Boost Speed Cache Security Shield
Support
Language
🇬🇧 EN 🇩🇪 DE 🇫🇷 FR 🇪🇸 ES 🇮🇹 IT 🇵🇹 PT 🇳🇱 NL 🇸🇪 SV 🇩🇰 DA 🇫🇮 FI 🇳🇴 NO 🇵🇱 PL 🇷🇺 RU 🇺🇦 UK 🇹🇷 TR 🇷🇴 RO 🇨🇿 CS 🇭🇺 HU 🇬🇷 EL 🇧🇬 BG 🇭🇷 HR 🇷🇸 SR 🇸🇰 SK 🇸🇦 AR 🇮🇷 FA 🇮🇱 HE 🇵🇰 UR 🇨🇳 ZH 🇯🇵 JA 🇰🇷 KO 🇻🇳 VI 🇹🇭 TH 🇮🇩 ID 🇲🇾 MS 🇵🇭 FIL 🇲🇲 MY 🇰🇭 KM 🇮🇳 HI 🇧🇩 BN 🇮🇳 PA 🇮🇳 TA 🇮🇳 TE 🇮🇳 MR 🇰🇪 SW 🇪🇹 AM 🇿🇦 AF
LoginGet Started Free

Privacy Policy

Last updated: February 2026

1. Introduction and Data Controller

Baduno GmbH ('we', 'us', or 'our') operates jetweb.app and all associated subdomains (dashboard.jetweb.app, *.api.jetweb.app, *.cdn.jetweb.app, *.cookie.jetweb.app, *.livechat.jetweb.app, agents.jetweb.app, tickets.jetweb.app). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

Data Controller:

  • Baduno GmbH
  • Mainzer Landstr. 166, D-60327 Frankfurt am Main, Germany
  • Commercial Register: Amtsgericht Frankfurt am Main, HRB 111727
  • EUID: DEM1201.HRB111727
  • Email: [email protected]

2. Data We Collect

Account Data

When you create an account, we collect:

  • Email address (required)
  • Password (stored as bcrypt hash with salt factor 12)
  • Full name (optional)
  • Company name (optional)
  • VAT ID (optional, for business invoicing)
  • Billing address (optional)

Profile Data

As you use our services, we store:

  • Profile avatar image
  • CDN subdomain (e.g., yourname.cdn.jetweb.app)
  • Stripe customer ID (for payment processing)
  • Subscription plan and billing cycle
  • Wallet balance and transaction history

Authentication Data

To secure your account, we process:

  • JSON Web Tokens (JWT, valid for 7 days)
  • Session records (valid for 30 days, including device info and IP)
  • Two-factor authentication data: TOTP secrets, WebAuthn credentials, Email OTP records, SMS OTP records, or encrypted backup codes
  • OAuth tokens from Google, GitHub, or Apple (if you use social login)

Usage Data

Depending on which products you use, we collect:

  • Image Optimizer: image upload statistics, conversion counts, CDN bandwidth
  • Translate: translation character counts, language pairs used
  • Backup Vault: backup metadata (file names, sizes, timestamps — not backup content)
  • Cookie Guard: consent records, banner impression counts, cookie scan results
  • Live Chat: chat messages, conversation metadata, agent assignments

Automatically Collected Data

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referrer URL
  • Device type (desktop, mobile, tablet)

Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card numbers, CVV codes, or bank account details. We only store:

  • Stripe customer and subscription IDs
  • Payment method type (card brand, last 4 digits, or SEPA bank name)
  • Invoice and transaction history
  • Billing address (if provided)

3. Cookies and Tracking Technologies

We use cookies and similar technologies categorized as follows:

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

  • auth_token — Domain: dashboard.jetweb.app — Duration: 7 days — Purpose: Authentication session
  • jw_consent — Domain: .jetweb.app — Duration: 365 days — Purpose: Cookie consent preferences
  • lang — Domain: .jetweb.app — Duration: 365 days — Purpose: Language preference

Analytics Cookies (Consent Required)

These cookies help us understand how visitors interact with our website. They are only set after you give consent:

  • _ga — Domain: .jetweb.app — Duration: 2 years — Purpose: Google Analytics 4 visitor distinction
  • _ga_* — Domain: .jetweb.app — Duration: 2 years — Purpose: Google Analytics 4 session state

Marketing Cookies (Consent Required)

These cookies track advertising effectiveness. They are only set after you give consent:

  • jw_gclid — Domain: .jetweb.app — Duration: 90 days — Purpose: Google Ads click attribution
  • jw_fbclid — Domain: .jetweb.app — Duration: 90 days — Purpose: Meta (Facebook) Ads click attribution
  • jw_ttclid — Domain: .jetweb.app — Duration: 90 days — Purpose: TikTok Ads click attribution
  • jw_msclkid — Domain: .jetweb.app — Duration: 90 days — Purpose: Microsoft Advertising click attribution

4. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds:

Performance of Contract (Art. 6(1)(b) GDPR)

Processing necessary to provide our services: account management, service delivery, payment processing, and customer support.

Legitimate Interest (Art. 6(1)(f) GDPR)

Processing for our legitimate business interests: service improvement, fraud prevention, security measures, and anonymous usage analytics. You have the right to object to this processing.

Consent (Art. 6(1)(a) GDPR)

Processing based on your explicit consent: analytics cookies, marketing cookies, conversion tracking, newsletter communications, and optional profiling. You can withdraw consent at any time.

Legal Obligation (Art. 6(1)(c) GDPR)

Processing required by law: tax record retention (10 years per AO §147), anti-money laundering, and legal compliance reporting.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Providing, operating, and maintaining our services
  • Processing payments and managing subscriptions via Stripe
  • Authenticating your identity and securing your account (including 2FA)
  • Delivering product-specific features (image optimization, translations, backups, cookie consent, live chat)
  • Sending transactional emails (account verification, password resets, payment receipts, subscription notifications)
  • Responding to support requests and tickets
  • Improving our services based on anonymized usage patterns
  • Preventing fraud, abuse, and unauthorized access
  • Complying with legal and regulatory obligations
  • Sending marketing communications (only with your explicit consent)
  • Measuring advertising effectiveness through conversion tracking (only with your consent via Google Ads, Meta Pixel, TikTok Pixel, Microsoft UET)

6. Product-Specific Data Processing

Image Optimizer

Images you upload are processed by the Sharp library on our servers, stored in Cloudflare R2 (EU region), and served via your personalized CDN subdomain (yourname.cdn.jetweb.app). CDN URLs are HMAC-signed to prevent unauthorized access. Original and converted images are stored until you delete them or your account is terminated.

Translate

Text you submit for translation is sent to the Baduno AI translation API for processing. Only the text content and target language are transmitted — no personal data, account information, or metadata is shared with the AI service. Translated text is returned to your WordPress site; we do not permanently store your translation content.

Backup Vault

WordPress backup files are encrypted with AES-256 and stored in Cloudflare R2 (EU region, Frankfurt). Backup metadata (file names, sizes, timestamps) is stored in our database. Backup retention depends on your subscription plan (7 to 365 days). You can manually delete backups at any time from your dashboard.

Cookie Guard

Cookie consent records (consent/rejection per category, timestamps, anonymized visitor IDs) are stored in Cloudflare Workers KV (edge storage). Consent data is processed in compliance with TCF 2.2 framework standards. Cookie scan results for your websites are stored in our database.

Live Chat

Chat messages between visitors and agents are transmitted via WebSocket connections (Socket.IO) and stored in our database. Messages include sender type, timestamps, and conversation metadata. Visitor information (name, email if provided) is stored for the duration of the conversation. Agent availability and assignment data is processed in real-time.

7. Third-Party Services

We share data with the following third-party service providers, each for specific purposes:

Payment Processing

Stripe, Inc. (USA) — Processes all payments, subscriptions, and refunds. Stripe is PCI DSS Level 1 certified. Data shared: email, name, billing address, payment method.

Stripe Privacy Policy

Email Delivery

Twilio SendGrid (USA) — Delivers transactional emails (verification, password reset, receipts, notifications). Data shared: email address, name, email content.

Twilio/SendGrid Privacy Policy

Infrastructure

Cloudflare, Inc. (USA) — Provides CDN, DDoS protection, R2 object storage (EU region), Workers (edge computing), and KV storage. Hetzner Online GmbH (Germany) — Hosts our primary database and application servers in Frankfurt, Germany.

Cloudflare Privacy Policy

AI Translation

Baduno AI (Germany) — Processes translation requests. Only text content and target language are shared; no personal data is transmitted.

Analytics and Advertising (Consent Required)

The following services are only activated after you give explicit consent via our cookie banner:

  • Google Analytics 4 (Google LLC, USA) — Website analytics and visitor statistics
  • Google Ads Conversion Tracking (Google LLC, USA) — Advertising effectiveness measurement
  • Meta Pixel (Meta Platforms, Inc., USA) — Facebook/Instagram ad conversion tracking
  • TikTok Pixel (TikTok Inc., USA) — TikTok ad conversion tracking
  • Microsoft UET (Microsoft Corporation, USA) — Bing/Microsoft ad conversion tracking

OAuth Authentication Providers

If you choose to sign in with a social account, we receive your email address and name from the following providers:

  • Google (Google LLC, USA)
  • GitHub (Microsoft Corporation, USA)
  • Apple (Apple Inc., USA)

Security

Google reCAPTCHA v2 (Google LLC, USA) — Protects forms against automated abuse. May process IP address and browser data.

Google Privacy Policy

8. Data Storage and Security

We implement industry-standard technical and organizational measures to protect your data:

  • Primary servers located in Hetzner data centers, Frankfurt, Germany (EU)
  • Object storage in Cloudflare R2 (EU region)
  • AES-256 encryption for stored backups
  • TLS 1.3 encryption for all data in transit
  • Passwords hashed with bcrypt (salt factor 12)
  • HMAC-signed CDN URLs to prevent unauthorized access
  • Parameterized SQL queries to prevent injection attacks
  • Rate limiting on all API endpoints
  • DDoS protection via Cloudflare
  • Regular security reviews and dependency updates

9. International Data Transfers

Your data is primarily processed within the European Union (Germany). Some of our third-party service providers are based in the United States. For these transfers, we rely on the following safeguards:

  • EU-U.S. Data Privacy Framework (DPF) — Stripe, Google, Meta, Microsoft, and Cloudflare are certified under the DPF
  • Standard Contractual Clauses (SCCs) — Approved by the European Commission as an additional safeguard
  • Supplementary measures — Encryption, pseudonymization, and access controls

Affected providers: Stripe, SendGrid/Twilio, Cloudflare, Google, Meta, TikTok, and Microsoft.

10. Data Retention

We retain your data for the following periods:

  • Account data — Until you delete your account
  • API and access logs — 90 days
  • Session records — 30 days after last activity
  • Conversion tracking data — 12 months
  • Backup files — Depends on your plan (7 to 365 days)
  • Payment and invoice records — 10 years (required by German tax law, AO §147)
  • Support tickets — 3 years after resolution
  • Cookie consent records — Until consent is withdrawn or 24 months
  • Chat messages — Until conversation is deleted or account is terminated
  • Newsletter consent — Until you unsubscribe

After account deletion:

  • Personal data is anonymized or deleted within 30 days
  • Backup data is purged within 90 days
  • Legal records (payments, invoices) are retained as required by law

11. Your Rights Under GDPR

As a data subject in the European Economic Area, you have the following rights:

  • Right of Access (Art. 15 GDPR) — Request a copy of your personal data. You can export your data directly from your dashboard.
  • Right to Rectification (Art. 16 GDPR) — Correct inaccurate or incomplete data via your account settings.
  • Right to Erasure (Art. 17 GDPR) — Request deletion of your personal data ('right to be forgotten'). You can delete your account from the dashboard.
  • Right to Restriction (Art. 18 GDPR) — Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20 GDPR) — Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21 GDPR) — Object to data processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent (Art. 7(3) GDPR) — Withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

To exercise your rights, contact us at [email protected] or use the self-service options in your dashboard.

Supervisory Authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany

12. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

  • Right to Know — You can request what personal information we collect, use, and share.
  • Right to Delete — You can request deletion of your personal information.
  • Right to Opt-Out — You can opt out of the sale of personal information.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

We do not sell your personal information to third parties. We do not share personal information for cross-context behavioral advertising without your consent.

13. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Subscription plan limits (e.g., image quotas, translation characters) are applied transparently based on your selected plan tier and are fully visible in your dashboard.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes at least 30 days in advance via email or a prominent notice on our website. Your continued use of our services after the effective date constitutes your acceptance of the updated policy.

16. Contact Us

For any privacy-related questions, concerns, or requests, please contact us:

Contact Us

For privacy inquiries, data subject requests, or complaints:

Baduno GmbH
Mainzer Landstr. 166
D-60327 Frankfurt am Main
Germany

Email: [email protected]