Privacy Policy
Effective date: 2025-11-20
1. Controller
Otternway UG (haftungsbeschränkt), Otternweg 3, 21629 Neu Wulmstorf, Germany ("we", "us", "our") is the controller for the processing of personal data in this application (SparkConductor). Contact: info@otternway.com, Phone: +49 (0) 157 52827234.
Legal entity details can be found in our imprint.
2. What this app does
SparkConductor is a comprehensive user access management tool that helps you manage user access across multiple Google Firebase projects in bulk. After you sign in and connect your Google Account, the app lists your projects and allows you to grant or remove selected roles for target users across those projects on your instruction.
3. Categories of data we process
- Account and authentication: your email address, session identifiers and cookies required to keep you signed in (via Supabase Auth). If you use Google sign-in, we also receive your Google Account email from Google.
- Google connection: when you connect your Google Account, we store your Google user ID, email, OAuth access token, refresh token, granted scopes and token expiry to call Google Cloud APIs on your behalf. You can revoke access in your Google Account at any time.
- Project and role operations: project identifiers, project numbers, display names (cached for your convenience), roles you choose, the target email you specify, operation type (grant or remove), and job execution results (success or error per project).
- Payments and subscriptions: we use Creem for checkout and subscription management. We receive non-sensitive payment metadata such as customer ID, subscription ID, product/price IDs, status (active, trialing, canceled, etc.), and relevant period dates. We do not receive or store your full payment card details; these are processed by Creem.
- Technical data: server logs (e.g., IP address, user agent, timestamps) for security and troubleshooting.
4. Purposes and legal bases
- Provide the service (authentication, listing projects, running bulk user access operations, subscription access control): Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures).
- Process payments and manage subscriptions via Creem: Art. 6(1)(b) GDPR.
- Security, fraud prevention, and troubleshooting (e.g., logs, webhook verification): Art. 6(1)(f) GDPR (legitimate interests).
- Legal obligations (e.g., tax/receipt retention related to purchases): Art. 6(1)(c) GDPR.
5. Providers and Data Sharing
To deliver the SparkConductor service, we share certain data with subprocessors and independent services. Only the providers explicitly noted as accessing Google user data below ever handle it; the rest process ancillary metadata (e.g., billing or rate limiting only).
- Supabase (EU/US, accesses Google user data): hosts our database and edge functions. Stores your Google user ID/email plus encrypted per-job access tokens needed to execute the bulk operations you trigger.
- Google (accesses Google user data): when you connect your Google Account we securely store the OAuth tokens you grant and use them to call Google Cloud/Firebase APIs (e.g., Cloud Resource Manager) strictly on your instruction. Google remains the independent controller for your Google Account data.
- Hetzner (Germany, accesses Google user data transiently): hosts our Docker-based application on a VPS. Google-derived data passes through its infrastructure while requests are processed and may appear in server logs retained for security.
- Creem (EU, no Google user data): manages checkout and subscriptions. We only receive billing metadata (customer ID, subscription/product IDs, status); payment card details stay with Creem.
- Upstash (EU/US, no Google user data): powers rate limiting to prevent abuse. Receives only the caller’s IP address and an internal identifier (the Supabase user ID embedded in the rate-limit key).
5.1 Sharing Google User Data
Google user data obtained through OAuth (such as email address, Google user ID, access tokens, refresh tokens, project metadata) is used only to provide the services you request (e.g., listing and managing access in your Google Cloud/Firebase projects). We do not:
- sell or rent Google user data
- use it for advertising or marketing
- share it with third parties beyond the stated trusted providers unless required by law or with your consent
You can revoke access to your Google data at any time via your Google Account security settings.
International transfers (e.g., to the US) may occur when using these service providers. Where applicable, we rely on safeguards like Standard Contractual Clauses to protect your data.
5.2 Subprocessors and disclosures
- Google — Role: independent controller — Receives Google user data: yes — Data: account email and project metadata via APIs — Purpose: perform actions you request — Policy: policies.google.com/privacy
- Supabase — Role: processor — Receives Google user data: yes (encrypted per-job access tokens, job metadata you create) — Purpose: database and edge execution — Policy: supabase.com/privacy
- Hetzner — Role: processor — Receives Google user data: yes (transient in-memory during request handling and in security logs) — Purpose: host our app server (Germany) — Policy: hetzner.com/legal/privacy-policy
- Upstash — Role: processor — Receives Google user data: no (IP and internal user ID only) — Purpose: rate limiting — Policy: upstash.com/legal/privacy
- Creem — Role: processor — Receives Google user data: no — Purpose: payments/subscriptions — Policy: creem.io/privacy
5.3 Google API Services & Limited Use
When you connect your Google Account, we access Google user data under the Google API Services User Data Policy. We comply with Google’s Limited Use requirements: we only use Google user data to provide or improve features you request; we do not sell data or use it for ads; and we do not allow human access except where required for security, compliance, or with your consent. See the policy at developers.google.com/terms/api-services-user-data-policy.
5.4 Scopes & Uses
- openid, email: identify and link your Google Account for the connection UI.
- https://www.googleapis.com/auth/cloud-platform: list Google Cloud projects and read/update IAM policies to grant or remove roles you select.
- https://www.googleapis.com/auth/firebase.readonly: list Firebase‑enabled projects for selection.
6. Cookies
We only use cookies that are strictly necessary for security and to keep you signed in. We do not use analytics, advertising, or other non-essential cookies.
First-party essential cookies
- Supabase auth cookies: maintains your SparkConductor session (access token ~1 hour, refresh token rotating). Set as HttpOnly, SameSite=Lax, and Secure in production.
- oauth_state: short-lived (≈10 minutes) CSRF token for Google OAuth initiation. HttpOnly, SameSite=Lax, Secure in production.
- g_access_token: Google API access token (~1 hour). HttpOnly, SameSite=Lax, Secure in production.
- g_refresh_token: keeps the Google connection active between sessions (up to 90 days). HttpOnly, SameSite=Lax, Secure in production.
- g_token_expiry: expiry metadata so we can refresh tokens server-side. HttpOnly, SameSite=Lax, Secure in production, max age 90 days.
- g_email: connected Google email for UI display. HttpOnly, SameSite=Lax, Secure in production, max age 90 days.
Local storage (non-cookie)
- dashboard_cached_projects_v1 and dashboard_jobs_cache_v1: client-side caches to speed up dashboard loading. They store project lists/job history visible only to you and can be cleared anytime via your browser.
When you are redirected to Google for OAuth or to Creem for billing, those providers may use their own cookies under their privacy policies. SparkConductor does not set or use marketing cookies.
7. Storage & retention
- Access token: stored in an HttpOnly cookie; short‑lived (~1 hour).
- Refresh token: stored in an HttpOnly cookie; up to 90 days.
- Per‑job access token: stored encrypted in our database only to execute a requested job; deleted on success and automatically purged after a short TTL (typically 24–48 hours).
- Job results: retained for up to 12 months for audit and troubleshooting unless you request deletion or law requires otherwise.
- Account and session data: kept while your account is active and for a reasonable period thereafter for security, dispute resolution or legal obligations.
- Subscription records: retained as required for billing and tax compliance (commonly up to 10 years).
- Server logs (Hetzner): retained for security/ops for a limited period (typically 30–90 days).
8. Your rights (GDPR)
You have the right to access, rectify, erase, restrict, or object to processing, and to data portability, subject to legal conditions. You may also lodge a complaint with your local supervisory authority.
To exercise your rights, contact us at info@otternway.com. If you use Google connection, you can also revoke our access in your Google Account security settings.
8.1 User controls & revocation
- Disconnect in‑app using the “Disconnect Google” control (clears connection and tokens on our side).
- Revoke our access in your Google Account security settings at any time.
- Request account and job history deletion by emailing info@otternway.com.
9. Data security
We implement technical and organizational measures appropriate to the risk, including access controls, least-privilege principles, and secure server-side processing. OAuth tokens are stored server-side and are only used to perform actions you request.
10. Children's data
The service is not directed to children under 16, and we do not knowingly collect their data.
11. Changes
We may update this Privacy Policy from time to time. Material changes will be indicated here with a new effective date.
Contact
Otternway UG (haftungsbeschränkt)
Otternweg 3, 21629 Neu Wulmstorf, Germany
Email: info@otternway.com
Phone: +49 (0) 157 52827234