Logo

Privacy Policy

Last updated: 08.01.2026

Your privacy is important to Kreuzberg (“Kreuzberg,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, store, and protect your personal information, and describes your rights under the General Data Protection Regulation (GDPR) and applicable German law.

Kreuzberg is the data controller for the personal data described in this policy.

What information we collect

We collect only the personal information necessary to provide and improve our services. Depending on how you interact with us, we may collect:

Account information: email address (for early access sign-up and direct contact).

Usage and analytics data: IP address, device and browser type, operating system, pages visited, actions taken in the product, and session timestamps. These data are collected only if you give consent for analytics cookies.

Cookies and similar technologies: cookie identifiers and tracking signals used to provide site functionality and, with your consent, analytics and performance measurement.

Communications: content you send to us when you contact support or otherwise correspond with us (e.g., email content).

We do not collect special categories of personal data (e.g., gender, health, religion) through our standard early-access flows.

How we use your information and legal basis for processing

We use your personal data for the following purposes and legal bases:

To provide services and operate the site: processing necessary for contract performance (Article 6(1)(b) GDPR). Example: sending you onboarding or transactional emails related to early access.

With your consent, for analytics and product improvement: processing based on your consent (Article 6(1)(a) GDPR). Analytics cookies are only activated if you opt in via the cookie banner or preferences.

With your consent, for marketing communications: we may send promotional emails if you have opted in. You can withdraw consent at any time (see “Your rights” below).

For legitimate business interests: where appropriate, we may process limited data to ensure security, detect and prevent fraud, debug and improve service performance (Article 6(1)(f) GDPR). We balance these interests against your privacy rights.

Cookies and cookie consent

When you first visit our site, you will see a cookie banner with options to Accept All or Customize. Our banner distinguishes between:

Essential cookies: required for core site functionality (enabled by default).

Analytics cookies: used to measure and improve site and product usage.

Analytics and other non-essential cookies are set after you accept them, either by “Accept All” or by enabling them in the Customize preferences. You can change or withdraw your consent at any time via your browser settings.

Third-party services and processors

We do not sell, rent, or trade your personal information. We may utilize trusted third-party services for analytics, performance monitoring, and email communications. These third parties are obligated to protect your data and are prohibited from using it for any other purposes. These include (but are not limited to):

Google Ads: for marketing performance analytics

Google Analytics: for product and website analytics (activated only after you consent to analytics cookies).

HubSpot: for sending marketing and newsletter emails (if you opt in).

For more information on how Google collects and processes data, please visit Google's Privacy & Terms. For HubSpot's privacy practices, see HubSpot Privacy Policy

Open-Source Repository

Our open-source Kreuzberg code is published under the MIT License. Visiting or using our public code repositories does not require an account and is generally governed by the repository platform’s terms (e.g., GitHub) and the applicable open-source license. This Privacy Policy applies to our website and early access services, and to any personal data you provide to us here (such as when signing up with your email or contacting us).

Data retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, or to resolve disputes. Typical retention periods:

  • Account sign-up email and basic account records: until you request deletion or we discontinue the early-access program.
  • Analytics data: aggregated for product improvement; raw analytics data retained for up to 24 months unless you request otherwise.
  • Communications and support correspondence: retained for up to 24 months for record-keeping and quality purposes.

If you wish to know the exact retention period for a specific set of data, please contact us.

Your rights under the GDPR

You have the following rights:

  • Access: request a copy of personal data we hold about you.
  • Correction: ask us to correct inaccurate personal data.
  • Deletion: request erasure of your personal data (“right to be forgotten”).
  • Restriction: request restriction of processing in certain circumstances.
  • Portability: receive your personal data in a commonly used, machine-readable format.
  • Object: object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: withdraw any consent you have given at any time.

To exercise your rights, contact us at privacy@kreuzberg.dev.

Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. While we strive to protect your data, no system is completely secure. If you believe your account has been compromised, please contact us immediately.

Data breaches

If a data breach occurs that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will notify affected users as soon as possible in the case of a high risk breach.

Internally, we maintain a breach response plan to ensure timely assessment and action.

Youth Protection

Kreuzberg is not intended for use by children under 16, nor do we knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us, and we will take steps to delete it.

International data transfers

Where personal data is transferred outside the European Economic Area (EEA), there are appropriate safeguards (such as Standard Contractual Clauses) to ensure protection for your personal data in accordance with EU law.

Changes to This Privacy Policy

Kreuzberg reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted prominently on this page, and we encourage you to review our Privacy Policy regularly for updates.

Contact Information

If you have any questions about these Terms of Use, contact us at contact@kreuzberg.dev

For questions or concerns about our Privacy Policy or your personal data, please contact us at privacy@kreuzberg.dev