Privacy Policy
Last updated: Septempber 2025
This is a translation for better understanding. As a German company, the legally binding version is the German Privacy Policy.
Introduction
This Privacy Policy describes how Lisana ('we', 'us', or 'our') collects, uses, and discloses your personal information when you use our services.
Information We Collect
We collect information that you provide directly to us, including when you create an account, use our services, or contact us. This may include your name, email address, and usage data.
How We Use Your Information
We use the information we collect to provide, maintain, and improve our services, to communicate with you, and to comply with legal obligations.
Information Sharing
We do not sell your personal information. We may share your information with service providers who assist us in operating our services, or when required by law.
Email Service Provider – Resend
We use the email delivery service Resend to send transactional and service-related emails (e.g., confirmations, onboarding, support replies) and—if you have opted in—marketing communications such as newsletters and product updates. Provider: Resend, Inc., 2261 Market Street #4681, San Francisco, CA 94114, USA. Processed data: recipient email address, name (if provided), message content, headers and metadata (delivery status, IPs of receiving servers, timestamps), and technical identifiers. For marketing emails, we also process subscription status (opt-in/opt-out) and, where applicable, aggregate performance indicators (e.g., deliverability, unsubscribe events). Purpose: reliable email delivery, communication, troubleshooting and abuse prevention; for marketing emails, distribution of newsletters and product updates to subscribers and measurement of deliverability and campaign performance in aggregate. Legal basis: Art. 6(1)(b) GDPR insofar as communication is necessary for the performance of a contract or pre-contractual measures; Art. 6(1)(f) GDPR based on our legitimate interest in effective customer communication and secure email delivery. For marketing emails, we send only with your consent pursuant to Art. 6(1)(a) GDPR (and Section 7 UWG, where applicable). You can withdraw your consent at any time, e.g., via the unsubscribe link in each marketing email or by contacting us. Processor: We have concluded a Data Processing Agreement (Art. 28 GDPR) with Resend. Resend acts as our processor. Third-country transfer: Processing may occur in third countries (in particular, the USA). Appropriate safeguards pursuant to Art. 46 GDPR are in place, including the EU Standard Contractual Clauses. Additional technical and organizational measures are applied where necessary. Retention: We store email-related data only as long as necessary for the purposes stated above or as required by statutory retention obligations; log data may be retained by Resend according to their retention periods and is then deleted. Further information: https://resend.com/legal/privacy and DPA: https://resend.com/legal/dpa.
Content Delivery and Security – Cloudflare
We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany ("Cloudflare") to increase the security and delivery speed of our website. A CDN is a network of globally distributed servers that optimizes content delivery to website users. Processed data: IP address, requested URLs and paths, referrer, user agent, request/response headers, timestamps, performance and delivery metrics, and security-related information (e.g., bot detection signals). Cloudflare may set technically necessary cookies (e.g., for load balancing and bot management) that do not track you across sites. Processor: Cloudflare receives your personal data and acts as our processor under Art. 28 GDPR. The processing is not legally or contractually required; however, the website cannot function properly without it. Legal basis: Art. 6(1)(f) GDPR based on our legitimate interest in operating a secure and efficient website. International transfers: Processing may occur in third countries (in particular, the USA). Cloudflare has implemented compliance measures for international data transfers, including the EU Standard Contractual Clauses under Art. 46 GDPR. Right to object: You have the right to object to processing based on Art. 6(1)(f) GDPR on grounds relating to your particular situation. Whether the objection is successful is determined as part of a balancing of interests. Retention: Cloudflare stores log and security data only for as long as necessary for performance, troubleshooting, and security, and then deletes or anonymizes them according to its retention policies. Further information: Privacy Policy https://www.cloudflare.com/privacypolicy/ , DPA https://www.cloudflare.com/cloudflare-customer-dpa/ , and SCCs https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf .
Hosting – Hetzner (Germany, Falkenstein)
We host our server infrastructure with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (data center location: Falkenstein). Processed data: server log files (IP address, date/time of request, time zone offset, request URL/request ID, referrer, user agent, HTTP status code, amount of data transferred), error and security logs, and technical metadata necessary to provide and secure the service. Purpose: website and backend hosting, stability and security (e.g., troubleshooting, abuse and attack prevention). Legal basis: Art. 6(1)(f) GDPR based on our legitimate interest in secure and reliable service provision; where processing is necessary for the performance of a contract or pre-contractual measures, Art. 6(1)(b) GDPR applies. Processor: We have a Data Processing Agreement pursuant to Art. 28 GDPR with Hetzner; Hetzner acts as our processor. Location/transfers: Processing takes place in data centers in Germany (in particular, Falkenstein). Hosting does not generally involve transfers to third countries. Retention: log data is retained only for as long as necessary for the purposes stated and then deleted or anonymized; specific periods follow Hetzner’s policies and our legal retention obligations. Further information: https://www.hetzner.com/legal/privacy-policy/ and DPA: https://www.hetzner.com/legal/terms-and-conditions/data-processing-agreement
Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Your Rights
You have the right to access, correct, or delete your personal information. You may also have the right to restrict or object to certain processing of your data.
Cookies
We use cookies and similar tracking technologies to improve your experience on our website. You can control cookies through your browser settings.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us at [email protected].