← Back

Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:

Max Coja
Coja Software & Consulting
Ibbenbürener Straße 91
49509 Recke
Germany

Email: maxcoja@coja-sc.de

2. Principles of Data Processing

We take the protection of your personal data very seriously and treat it confidentially in accordance with statutory data protection regulations and this Privacy Policy. Use of our website is possible without providing personal data.

3. Hosting

This website is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is exclusively Germany.

When you access this website, the hosting provider automatically collects and stores so-called server log files. These include:

  • IP address of the requesting device (anonymised after 7 days)
  • Date and time of access
  • Name and URL of the file retrieved
  • Notification of whether retrieval was successful
  • Data volume transferred
  • Referrer URL (the previously visited page)
  • Browser and operating system

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure website operation). Log files are automatically deleted after 30 days.

A data processing agreement (DPA) in accordance with Art. 28 GDPR is in place with Hetzner.

4. Cookies and Tracking

This website uses no cookies. No tracking technologies, analytics tools (e.g. Google Analytics), or advertising networks are used. No user profiles are created.

5. External Resources

This website loads no external resources from third parties (no Google Fonts, no CDN scripts, no social media integrations). No data is therefore transmitted to third parties as a result of visiting this page.

6. User Accounts and Contract Processing

When you make a purchase or create an account, we collect the following data:

  • Name and email address
  • Company name (optional)
  • Payment data (transmitted exclusively to Stripe, Inc. — not stored by us)
  • Licence information (number of users, selected plan)

Legal basis: Art. 6(1)(b) GDPR (contract performance). Data is retained for the duration of the contractual relationship and in accordance with statutory retention periods (generally 10 years for tax-relevant records).

7. Payment Processing (Stripe)

Payment processing is handled by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Stripe is certified under the EU–US Data Privacy Framework (DPF).

Payment data (credit card numbers, account details) is transferred exclusively to Stripe and processed there. We have no access to full payment data at any point. For more information, please refer to Stripe's Privacy Policy.

8. Processing of Contact Data by the Add-In

The ContactBridge Add-In synchronises your contact data between Outlook and Google Contacts. The following applies:

  • Contact data is transmitted between your PC and our German server using AES-256 encryption.
  • The connection to Google is established via OAuth 2.0 — Google credentials are not stored by us.
  • We store an encrypted delta snapshot of contacts to detect changes (no full contact database).
  • Data is not shared with third parties.
  • Upon termination of the contract, all stored data will be deleted within 30 days.

Legal basis: Art. 6(1)(b) GDPR (contract performance). A data processing agreement (DPA) pursuant to Art. 28 GDPR is available upon request.

9. Google OAuth Integration

To connect your Google account, we use the Google OAuth 2.0 authorisation protocol. When you grant access:

  • We request only the minimum necessary scopes (read/write access to Google Contacts).
  • OAuth tokens are stored encrypted on our servers in Germany and used solely to perform the sync on your behalf.
  • You can revoke access at any time via your Google Account permissions.
  • Revoking access stops all syncing and triggers deletion of your stored token within 24 hours.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, please contact: maxcoja@coja-sc.de

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority depends on your place of residence or the location of the alleged infringement.

11. Data Security

For security reasons and to protect the transmission of confidential content, this website uses TLS encryption (HTTPS). Certificates are issued via Let's Encrypt.

12. Validity of This Privacy Policy

This Privacy Policy is currently valid. Last updated: April 2026.
Due to the continued development of our website or changes in statutory requirements, it may be necessary to update this Privacy Policy from time to time.