The controller responsible for data processing on this website within the meaning of Art. 4 No. 7 GDPR is:

Mobius Code GmbH

Berg-am-Laim-Str. 64

81673 München, Germany

Email: hi@mobiuscode.com

Phone: +49 89 21527059-0

When you use Vendobyte, the following categories of personal data may be processed:

• Technical connection data (IP address, browser type, operating system, referrer URL, date/time of access)
• Video and audio files you upload for processing
• Payment data processed via PayPal (name, email address, transaction details)
• Email address if you contact us directly
• Usage data and interaction logs for service operation and security
• Session identifiers required to operate the service

• Art. 6(1)(b) GDPR – necessary for the performance of a contract (providing the processing services you requested).
• Art. 6(1)(c) GDPR – necessary to comply with a legal obligation (e.g. tax and accounting retention).
• Art. 6(1)(f) GDPR – our legitimate interest in operating a secure, functional, abuse-free service (server logs, fraud prevention).
• Art. 6(1)(a) GDPR – your consent, where explicitly given. We do not currently rely on consent-based processing (no analytics or marketing); should we introduce optional features in future, they would only run with your prior consent.

Our hosting provider automatically collects and stores information in server log files that your browser transmits to us. This includes:

• IP address (anonymised after 7 days)
• Date and time of the request
• Name and URL of the file accessed
• Website from which access was made (referrer URL)
• Browser type and version, operating system
• HTTP status code and amount of data transferred

Processed on the basis of Art. 6(1)(f) GDPR for technical operation and security. Log files are automatically deleted after 30 days unless required longer due to a security incident.

When you upload a file to Vendobyte, it is temporarily stored on our servers solely to perform the processing you requested (e.g. captions, audio extraction, social composing) and is automatically deleted after the job completes or fails, and no later than 24 hours after upload.

We do not analyse your content beyond what is technically necessary to fulfil your request. If your file contains personal data of third parties, you are responsible for ensuring you have the right to process and upload that content.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

For paid features we use PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg as our payment service provider. When you initiate a payment you are redirected to PayPal, which collects and processes your payment data independently under its own privacy policy: paypal.com/privacy.

We receive only the information necessary to confirm and process your order (transaction ID, payment status, amount). We do not store your full card or bank account details. Retention of transaction records: 10 years in accordance with § 147 AO (German Tax Code).

We use only cookies that are strictly necessary to operate the service (session and payment-flow state). We do not use analytics, advertising, or preference cookies, and we do not display a consent banner because no consent-requiring cookies are set (§ 25 Abs. 2 Nr. 2 TDDDG). Should we introduce optional cookies in future, they would only be set with your explicit consent (Art. 6(1)(a) GDPR / § 25 Abs. 1 TDDDG).

For details, see our Cookie Settings page.

• Uploaded files: deleted within 24 hours of job completion
• Server log files: 30 days
• Payment/transaction records: 10 years (§ 147 AO)
• Email correspondence: 3 years or until the matter is resolved
• Session cookies: deleted on browser close

Our servers are located within the European Union. Where third-party service providers (e.g. PayPal) process data outside the EU/EEA, we ensure appropriate safeguards pursuant to Art. 44–49 GDPR (Standard Contractual Clauses or adequacy decisions).

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)

To exercise any of these rights, contact us at hi@mobiuscode.com. We will respond within one month of receipt.

You have the right to lodge a complaint with a data protection supervisory authority at any time (Art. 77 GDPR). The authority competent for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 27

91522 Ansbach, Germany

Phone: +49 (0)981 53 1300

Website: www.lda.bayern.de

We protect your personal data using industry-standard security measures including TLS/SSL encryption for all data in transit, access controls and authentication for internal systems, and regular security reviews. Despite these measures, no transmission over the Internet is completely secure; we cannot guarantee absolute security.