Privacy Policy
Last updated: February 2026
PRIVACY POLICY
blue auditor GmbH
Diesterweggasse 1/1A
1140 Vienna, Austria
FN 439759f
Email: info@blueauditor.com
1. Introduction
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian data protection law.
This Privacy Policy explains how we collect, use, and protect personal data when you use our website and SaaS platform (“Platform”).
2. Categories of Personal Data
We may process:
Name
Email address
Phone number
Address details
Account login credentials
IP address
Device and browser information
Platform usage data
Assessment responses entered into the Platform
Communication records
3. Legal Bases for Processing
We process personal data on the following bases:
Art. 6(1)(b) GDPR – Contractual Necessity
To provide access to the Platform and its functions.
Art. 6(1)(c) GDPR – Legal Obligation
To comply with statutory requirements.
Art. 6(1)(f) GDPR – Legitimate Interests
To operate, secure, and improve our services, provided your rights do not override these interests.
Art. 6(1)(a) GDPR – Consent
For the use of non-essential cookies and analytics tools, including Google Analytics and Mixpanel.
You may withdraw consent at any time.
4. Hosting
Our primary hosting infrastructure is located in Germany.
5. Analytics Services
Analytics tools are only activated after you provide consent via our consent banner.
5.1 Google Analytics
We use Google Analytics, a web analytics service provided by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Google Analytics uses cookies and similar technologies to collect:
IP address (shortened/anonymized where applicable)
Device information
Browser information
Usage behavior
Session data
We use Google Analytics with IP anonymization enabled.
Legal basis:
Art. 6(1)(a) GDPR (consent)
Data may be transferred to the United States. We rely on:
EU Standard Contractual Clauses (SCCs)
Additional safeguards implemented by Google
Retention period: 14 months (or your chosen duration)
5.2 Mixpanel
We use Mixpanel Inc.
405 Howard Street
San Francisco, CA 94105
USA
Mixpanel enables us to analyze product usage and feature interaction.
Data processed may include:
IP address
Device identifiers
Browser type
Event data
Session identifiers
User IDs (if logged-in tracking is enabled)
Legal basis:
Art. 6(1)(a) GDPR (consent)
Mixpanel data may be transferred to the United States.
We have concluded Standard Contractual Clauses (SCCs) with Mixpanel pursuant to Art. 46 GDPR.
Retention period: [define e.g. 24 months]
6. Cookies
We use:
Essential cookies
Necessary for authentication and platform operation.
Legal basis: Art. 6(1)(b) GDPR.
Analytics cookies
Google Analytics and Mixpanel.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Analytics cookies are only activated after consent.
You can manage or withdraw consent at any time via the cookie settings link in the footer.
7. International Transfers
Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards under Art. 44–49 GDPR, including:
Standard Contractual Clauses
Adequacy decisions (where applicable)
8. Data Retention
We retain personal data only as long as necessary:
Account data: duration of contract + statutory retention
Analytics data: 14–24 months
Log files: [define, e.g., 30 days]
9. Recipients
We may share data with:
Hosting providers
IT service providers
Analytics providers
Legal advisors
Authorities where legally required
All processors are bound by Art. 28 GDPR agreements.
10. Your Rights
You have the right to:
Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object (Art. 21 GDPR)
Withdraw consent at any time
You may lodge a complaint with the Austrian Data Protection Authority.
11. Security
We implement appropriate technical and organizational measures pursuant to Art. 32 GDPR.
12. Updates
We may update this Privacy Policy. The latest version is available on our website.