Privacy Policy
Last updated: June 2026
Controller
Responsible for data processing within the meaning of the GDPR:
Aron-Frederic Seiffert und Markus Ehret GbR
(Trading as: Logistry GbR)
Veitstraße 44 A
13507 Berlin, Germany
Email: billing@specmcp.com
General Information
We process personal data exclusively in accordance with applicable law (GDPR). This privacy policy explains what data we process, for what purpose, and what rights you have.
Purposes and Legal Bases
We process data to provide our SaaS service. Purposes of processing:
- Operating the application
- Account management
- Authentication
- Executing user requests
- Payment processing
- Technical security
- Customer support
- Abuse prevention and access control
Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR.
AI and Customer Data
SpecMCP provides structured access to Gematik specification data. We do not use customer data to train our own models.
SpecMCP does not itself directly forward customer prompts to third-party model providers as part of the core service described on this site. However, customers may use outputs from SpecMCP in downstream tools, assistants, or workflows under their own control.
Services Used
Hosting: Fly.io
Fly.io, Inc., 2261 Market Street #4990, San Francisco, CA 94114, USA. Server location: EU (Amsterdam). Purpose: hosting and delivery of the application. Data processed: IP address, browser data, operating system, timestamps, pages accessed. Legal basis: Art. 6(1)(f) GDPR. Third-country transfer: USA, standard contractual clauses. Privacy Policy
Database: Supabase
Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992. Server location: EU (Frankfurt). Purpose: storage of account and application data. Data processed: email address, account data, usage data, technical metadata. Legal basis: Art. 6(1)(b) GDPR. Third-country transfer: Singapore, standard contractual clauses. Privacy Policy
Authentication: Better Auth (internal)
Purpose: login and access control. Data processed: login credentials, session tokens, security data. Legal basis: Art. 6(1)(b) GDPR.
Email delivery: Resend Inc.
2261 Market Street #5039, San Francisco, CA 94114, USA. Purpose: sending transactional emails. Data processed: email address, technical metadata, email content. Legal basis: Art. 6(1)(b) GDPR. Third-country transfer: USA, standard contractual clauses. Privacy Policy
Payment processing: Stripe Inc.
510 Townsend Street, San Francisco, CA 94103, USA. Purpose: processing payments and managing subscriptions. Data processed: payment data, billing address, email address, technical metadata. Legal basis: Art. 6(1)(b) GDPR. Third-country transfer: USA, standard contractual clauses. Privacy Policy
Cookies
Only technically necessary cookies are used. Purposes:
- Session management
- Login state
- Language preferences
- UI state
Legal bases: § 25(2) TTDSG, Art. 6(1)(f) GDPR. No tracking or marketing takes place.
Server Log Files
Log files are automatically recorded when the website is accessed. Data processed: IP address, browser, operating system, date and time, referrer. Purpose: security and error analysis. Legal basis: Art. 6(1)(f) GDPR.
Retention Period
Personal data is stored only for as long as necessary for the respective purpose or as required by legal retention obligations.
In particular:
- account and organization data are stored for the duration of the customer relationship,
- billing and tax-relevant records are retained for the legally required period,
- technical logs and security events are generally retained for a limited operational period,
- and deleted customer data may remain in backups until the relevant backup cycle expires.
Your Rights
You have the right to:
- Access
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Objection
Right to lodge a complaint with a supervisory authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit — www.datenschutz-berlin.de