Website Privacy Policy

Last updated: 15 July 2026

1. Scope of This Privacy Policy

This privacy policy explains how personal data is processed when you visit arcalyra.com, use the contact form, upload screenshots, or follow external links provided on the website.

This privacy policy applies only to the ArcaLyra website. The ArcaLyra app is covered by a separate App Privacy Policy.

2. Controller

The controller responsible for processing personal data on this website is:

Birk Roolf

ArcaLyra

Ahornstr. 1

75045 Walzbachtal

Germany

Email: hello@arcalyra.app

3. General Data Protection Principles

ArcaLyra follows a data-minimising approach.

The website does not intentionally use advertising trackers, marketing pixels, embedded social media feeds, or independent analytics services.

Squarespace’s activity log has been disabled, and non-essential cookies have been restricted. Personal data is processed only where necessary to provide the website securely, respond to inquiries, prevent misuse, or comply with legal obligations.

4. Website Hosting and Technical Data

This website is created and hosted using Squarespace.

When you access the website, Squarespace may process technical information required to deliver and secure the website. This may include:

• IP address

• Date and time of access

• Requested page or file

• Browser type and version

• Device and operating system information

• Referring website, where provided by the browser

• Technical error, diagnostic, and security information

This processing is necessary to display the website, maintain its security and stability, prevent misuse, and investigate technical problems.

The legal basis is Article 6(1)(f) GDPR. The legitimate interests are the secure, reliable, and technically functional operation of the website.

Technical information is retained only for as long as necessary for website delivery, security, troubleshooting, and the fulfilment of applicable legal obligations. Squarespace may also process certain technical information under its own responsibility and in accordance with its own privacy policy.

5. Cookies and Similar Technologies

Non-essential cookies are restricted on this website. Squarespace’s activity log is disabled.

The website may still use cookies, local storage, or similar technologies that are technically necessary for functions such as:

• Secure website delivery

• Session and security management

• Form functionality

• Spam and abuse prevention

• File uploads

• Correct display and operation of the website

These technologies are not used by ArcaLyra for personalised advertising or independent visitor tracking.

The processing of personal data associated with technically necessary technologies is based on Article 6(1)(f) GDPR. Access to or storage of information on the user’s device is carried out only where technically necessary within the meaning of Section 25(2) TDDDG.

6. Contact Form

The website provides a contact form for questions, support requests, bug reports, feature requests, and other messages relating to ArcaLyra.

The following information is collected through the contact form:

• First name

• Last name

• Email address

• Message content

• Up to two optional image files

The image upload is restricted to supported image formats, including PNG, JPG, TIFF, and HEIC. The upload of screenshots is optional.

The information is used exclusively to receive, review, and respond to the respective inquiry and, where appropriate, to investigate a reported problem or consider a suggestion for ArcaLyra.

Where an inquiry relates to an existing or potential contractual relationship, processing is based on Article 6(1)(b) GDPR.

For general support messages, bug reports, feedback, and other inquiries, processing is based on Article 6(1)(f) GDPR. The legitimate interest is the efficient handling of inquiries and the improvement, security, and continued development of ArcaLyra.

Providing the information is voluntary. However, the required fields are necessary to submit and process an inquiry.

Please avoid including unnecessary personal, confidential, or sensitive information in messages or uploaded screenshots.

7. Storage and Delivery of Contact Form Submissions

Contact form submissions and uploaded images are processed and stored through Squarespace’s form infrastructure.

A notification containing the submitted information, or a link through which an uploaded image can be accessed, is sent to the ArcaLyra support mailbox at hello@arcalyra.app.

This mailbox is provided through Google Workspace.

Squarespace and Google process the relevant data as service providers for the purpose of operating the form, delivering the message, storing the email, and enabling ArcaLyra to respond.

Contact inquiries and uploaded screenshots are stored only for as long as necessary to process the respective request.

They are generally deleted no later than six months after the matter has been completed. Uploaded screenshots may be deleted earlier once they are no longer required.

Relevant technical information may be transferred into an internal, data-minimised task or bug report. Where possible, personal information is not included in such internal records.

Data may be retained for a longer period where statutory retention obligations apply or where retention is necessary for the establishment, exercise, or defence of legal claims.

8. Google reCAPTCHA

The contact form uses Google reCAPTCHA to protect the website and the upload function against automated submissions, spam, and misuse.

Squarespace requires reCAPTCHA to be enabled when the file upload function is used.

When reCAPTCHA is loaded or used, Google may process technical and interaction data. Depending on the circumstances, this may include:

• IP address

• Browser and device information

• Date and time of access

• Referring page

• Mouse, keyboard, touch, or interaction data

• Cookies or similar identifiers

• Information used to determine whether a submission is made by a person or an automated system

The purpose of this processing is to protect the contact form and website infrastructure against automated abuse and malicious file submissions.

The legal basis is Article 6(1)(f) GDPR. The legitimate interest is the security, availability, and protection of the contact form and website.

Access to or storage of information on the user’s device is carried out only where necessary to provide the protected form and file upload function within the meaning of Section 25(2) TDDDG.

Anyone who does not wish to use the contact form may contact ArcaLyra directly by email at hello@arcalyra.app.

9. Google Workspace Email Processing

Messages sent through the contact form or directly to hello@arcalyra.app are received and processed through Google Workspace.

Google may process message content, email addresses, attachments, technical delivery information, and account-related metadata as necessary to provide the email service, protect it against spam and misuse, and maintain its security.

The legal basis corresponds to the purpose of the respective communication:

• Article 6(1)(b) GDPR for contractual or pre-contractual inquiries

• Article 6(1)(f) GDPR for general inquiries, support, feedback, and bug reports

Emails are deleted when they are no longer necessary for the respective purpose, generally no later than six months after the matter has been completed, unless statutory retention obligations or the defence of legal claims require longer storage.

10. External Links

The website contains external links, including links to:

• The ArcaLyra profile on Instagram

• The ArcaLyra listing on Google Play

These services are not embedded as social media feeds, videos, or interactive third-party content. No connection to the respective external service is intentionally established merely by displaying the link.

When you click an external link, you leave arcalyra.com. The destination service may then process personal data, including your IP address, device information, account information, and usage data, in accordance with its own privacy policy.

ArcaLyra has no control over the processing performed by the operator of an external website after the link has been opened.

11. Service Providers and Recipients

Personal data may be disclosed only where necessary to operate the website, process an inquiry, fulfil legal obligations, or protect legal rights.

The principal service providers used for this website are:

• Squarespace for website hosting, form processing, file uploads, and website infrastructure

• Google Workspace for receiving, storing, and responding to email communications

• Google reCAPTCHA for spam and abuse prevention

Personal data is not sold.

Personal data is not disclosed to advertisers and is not used by ArcaLyra for personalised advertising or the creation of advertising profiles.

Data may also be disclosed to courts, authorities, legal advisers, or other authorised recipients where required by law or necessary for the establishment, exercise, or defence of legal claims.

12. International Data Transfers

Squarespace and Google operate internationally. Personal data may therefore be processed in countries outside Germany or the European Economic Area, including the United States.

Where personal data is transferred to a country outside the European Economic Area, the transfer is based on an applicable legal safeguard. Depending on the recipient and circumstances, this may include:

• An adequacy decision by the European Commission

• Participation in the EU–U.S. Data Privacy Framework

• European Commission Standard Contractual Clauses

• Other legally recognised transfer safeguards

Further information about international processing and the safeguards used is available in the respective privacy and data processing documentation of Squarespace and Google.

13. Data Security

Reasonable technical and organisational measures are used to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction.

Access to contact inquiries and uploaded screenshots is limited to the extent necessary to process the respective request.

However, no transmission or storage system can guarantee absolute security. Users should therefore avoid sending information that is not necessary for their inquiry.

14. Automated Decision-Making

ArcaLyra does not use personal data collected through this website for automated decision-making or profiling that produces legal effects or similarly significant effects.

Google reCAPTCHA performs automated technical analysis solely to distinguish legitimate submissions from automated or abusive activity.

15. Your Rights

Subject to the conditions of applicable data protection law, you may have the right to:

• Request access to your personal data

• Request correction of inaccurate or incomplete personal data

• Request deletion of your personal data

• Request restriction of processing

• Receive personal data in a structured, commonly used, and machine-readable format where the right to data portability applies

• Object to processing based on legitimate interests

• Lodge a complaint with a data protection supervisory authority

Where processing is based on Article 6(1)(f) GDPR, you have the right to object to the processing on grounds relating to your particular situation.

To exercise your rights, contact:

hello@arcalyra.app

Additional information may be requested where reasonably necessary to verify your identity and protect personal data against unauthorised disclosure.

16. Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection supervisory authority.

The supervisory authority generally responsible for the controller is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

(Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg)

You may also contact another competent supervisory authority, particularly in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

17. Changes to This Privacy Policy

This privacy policy may be updated where the website, its functions, the service providers used, or the applicable legal requirements change.

The current version is always available on this website. The date of the latest revision is shown at the beginning of the policy.