The data controller for this platform is GuestFlow, operated by Deborah Salcher, South Tyrol / Alto Adige, Italy. Privacy inquiries: deborah.salcher@gmail.com
| Category | Data | Legal basis |
|---|---|---|
| Operator account data | Email address, name, business details, Stripe payment data | Art. 6(1)(b) GDPR (Contract performance) |
| Guest conversation data | Chat messages, guest profile (e.g. family, dog), language, session ID (anonymous UUID) | Art. 6(1)(f) GDPR (Legitimate interest) |
| Technical logs | IP address (rate-limiting only, not permanently stored), server logs without PII | Art. 6(1)(f) GDPR (IT security) |
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU/EEA |
| Vercel | Web hosting and Edge Rendering | USA (SCCs) |
| Anthropic | Claude AI API | USA (SCCs) |
| Stripe | Payment processing | EU |
| Upstash | Redis rate-limiting | EU |
US transfers rely on Standard Contractual Clauses (SCCs) under Art. 46 GDPR. See Anthropic Privacy Policy.
Contact: deborah.salcher@gmail.com
GuestFlow uses sessionStorage in the guest chat (anonymous UUID). No tracking or advertising cookies are set. The dashboard uses Supabase authentication cookies (technically necessary for login).
Last updated: April 2026.