Equana

Privacy Policy

Privacy Policy

1. Controller

The controller responsible for data processing on this website pursuant to the General Data Protection Regulation (GDPR) is:

quebi GmbH
Geitau 22
83735 Bayrischzell
Germany
Email: privacy@equana.dev
Commercial Register: Amtsgericht München, HRB 306511
VAT ID: DE458354616

2. Data We Collect

When you use Equana, we collect and process the following personal data:

Account Data

  • User ID (provided by Auth0)
  • Email address
  • Name
  • Profile picture (if provided via Google)

Usage Data (only Cloud, local data stays local)

  • Workspaces you create and their metadata
  • Workspace membership and collaboration data
  • Files and scripts you upload or create

Technical Data

  • Session tokens for authentication
  • IP address (processed by our infrastructure providers)

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide our service to you, including account management, workspace functionality, and collaboration features.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing for security purposes, fraud prevention, and service improvement.
  • Legal obligations (Art. 6(1)(c) GDPR): Processing required to comply with applicable laws.

4. Authentication and Third-Party Processors

We use the following third-party services to operate Equana:

Auth0 (Okta, Inc.)

We use Auth0 for authentication services. When you log in, Auth0 processes your authentication data. Auth0 is operated by Okta, Inc., 100 First Street, San Francisco, CA 94105, USA. Data transfers to the USA are covered by Standard Contractual Clauses (SCCs).
Auth0/Okta Privacy Policy

Google (Social Login)

If you choose to sign in with Google, Google LLC processes your authentication. Google shares your email, name, and profile picture with us. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data transfers are covered by SCCs.
Google Privacy Policy

Cloudflare, Inc.

Our application infrastructure is hosted on Cloudflare Workers. Data storage uses Cloudflare D1 (database), Cloudflare KV (session storage), and Cloudflare R2 (file storage). Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Data transfers are covered by SCCs and Cloudflare's Data Processing Addendum.
Cloudflare Privacy Policy

5. International Data Transfers

Some of our third-party processors are located in the United States. We ensure that appropriate safeguards are in place for these transfers in accordance with Article 46 GDPR, specifically through Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the relevant safeguards by contacting us at privacy@equana.dev.

6. Cookies and Session Storage

We use only essential cookies required for the operation of our service:

CookiePurposeDuration
__sessionAuthentication session management. Stores your login state securely.30 days

We do not use tracking cookies, analytics cookies, or advertising cookies. No consent banner is required as we only use technically necessary cookies (Art. 6(1)(f) GDPR).

7. Data Retention

We retain your data as follows:

  • Session data: Automatically deleted after 30 days of inactivity.
  • Account data: Retained until you request deletion of your account.
  • Workspace data: Retained until you delete the workspace or your account.

We may retain certain data longer if required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request information about whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR): You may request restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@equana.dev.

9. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may contact the supervisory authority in your country of residence, your place of work, or our registered office. Our competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
www.lda.bayern.de

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit (TLS/HTTPS), secure session management with HTTP-only cookies, and access controls for our infrastructure.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or by other appropriate means. We encourage you to review this page periodically.

12. Contact

For questions about this Privacy Policy or our data processing practices, please contact us at privacy@equana.dev.

Last updated: January 29, 2026