legal

Privacy policy

Version 1 — Effective 18 October 2025

1. Controller

clubdrei.com Medienagentur GmbH
Niedere-Munde-Str. 15a, 6410 Telfs, Austria
FN 564105 t, Regional Court Innsbruck
VAT ID: ATU77334706
Email: support@node-modules-cache.com

2. Scope

This policy describes how personal data is handled when using https://www.node-modules-cache.com, including the website, user accounts, subscription workflows, contact form, and the node_modules caching API.

3. Categories of personal data

  • Account data: Name (optional, may be pseudonymous), email address, and password data required to operate your account securely.
  • Session and device data: Session identifiers, IP address, user agent, and related authentication/session metadata required to keep accounts secure and signed in.
  • API token data: Token data needed to create, assign, and manage API access for your account.
  • API request and cache data: Data submitted to the caching API, including package files such as package.json and package-lock.json, technical request parameters, cache status, and generated cache artifacts.
  • Usage data: Technical records about API use, such as endpoint, method, response status, and timestamps.
  • Contact data: Name, email address, and message content submitted through the contact form.
  • Subscription data: Plan selection, subscription status, and customer identifiers required to create, manage, or sync subscriptions via Polar.sh.
  • Payment data: Payment details are handled by Polar.sh and its payment partners. We do not receive or store full payment card details or similar payment credentials on our servers.
  • Cookies: Functional session cookies for authentication and account security only. No analytics or marketing cookies are used.

4. Purposes of processing

  • Provide and operate the website, user accounts, dashboard, and caching API.
  • Authenticate users, maintain sessions, issue API tokens, and protect the service against abuse or unauthorized access.
  • Process cache requests, generate cache artifacts, and make stored request data available in the dashboard.
  • Handle subscriptions, billing-related workflows, and plan management.
  • Respond to support and contact requests.
  • Maintain service stability, troubleshoot incidents, and improve operational reliability.
  • Comply with legal obligations and enforce our contractual terms where necessary.

5. Legal bases

  • Art. 6(1)(b) GDPR: Processing necessary to provide the service, create and manage accounts, process API requests, maintain subscriptions, and respond to pre-contractual or contractual requests.
  • Art. 6(1)(f) GDPR: Processing necessary for our legitimate interests in keeping the service secure, preventing abuse and unauthorized access, maintaining service reliability and technical stability, troubleshooting incidents, and establishing, exercising, or defending legal claims.
  • Art. 6(1)(c) GDPR: Processing necessary to comply with applicable legal obligations where required.

6. Recipients and processors

  • Hetzner Online GmbH, Germany: Infrastructure and hosting provider for the application and stored service data.
  • Cloudflare, Inc., United States: Reverse proxy, CDN, and security provider used to deliver and protect the website and API.
  • Polar Software Inc. (Polar.sh), United States: Merchant of record and subscription management provider for checkout, billing, and subscription status handling.
  • AC PM, LLC (Postmark), United States: Email delivery provider for transactional emails and contact-form handling.

7. Retention

  • Account and profile data: Stored until the account is deleted, unless longer retention is required by law, in particular for billing, tax, or accounting records.
  • Contact form messages: Stored for 12 months after receipt, unless longer retention is necessary to handle an ongoing matter or legal claim.
  • Sessions: Stored until the session ends. If "remember me" is used, the session may persist for up to 14 months; otherwise it ends on browser close.
  • Access tokens and token metadata: Stored until revoked or until the account is deleted.
  • API usage logs: Stored for the lifetime of the account because they are part of the dashboard and service history made available to the user. They are deleted or anonymized without undue delay after account deletion, unless longer retention is required by law or needed for legal claims.
  • Stored npm cache requests and related package files: Stored for the lifetime of the account because persistent cache history is part of the service. They are deleted or anonymized without undue delay after account deletion, unless longer retention is required by law or needed for legal claims.
  • Generated cache archives: Stored for the lifetime of the account as part of the cache service, unless deleted earlier by operational replacement, manual removal, or legal necessity. They are deleted without undue delay after account deletion, unless retention is required by law or needed for legal claims.

8. Your GDPR rights

You can request access, rectification, erasure, restriction, portability, and object to processing (Arts. 15–21 GDPR). Email support@node-modules-cache.com. You may also lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehoerde), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.

9. Cookies and tracking

Only functional cookies that are necessary for login, session handling, and account security are used. No analytics or marketing cookies are used.

10. Requirement to provide data

Certain data is required so we can provide the service. In particular, an email address is required for account access, technical request data is required to process caching API requests, and contact details are required if you want a response to a support request. If required data is not provided, some parts of the service cannot be used.

11. Children

The service targets software developers and is not directed at minors.

12. Security

Transport encryption (HTTPS), restricted server access, and routine updates are applied. No special certifications are claimed.

13. International transfers

Most core hosting takes place within the EEA. Where personal data is transferred to recipients outside the EEA, in particular to providers in the United States such as Cloudflare, Polar, or Postmark, we rely on appropriate safeguards under Chapter V GDPR. Depending on the provider and transfer scenario, this may include an adequacy decision, certification under the EU-U.S. Data Privacy Framework, or the European Commission's Standard Contractual Clauses together with any supplementary measures considered necessary.

14. Source of subscription data

We receive subscription status and related customer identifiers from Polar.sh so we can activate, manage, and synchronize your plan in your www.node-modules-cache.com account.

15. Automated decision-making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

16. Changes

Policy updates will appear here with a new version and effective date.