BrightBean Get early access

Privacy Policy

Last updated: March 15, 2026

1. Controller

The controller responsible for data processing on this website is:

InnovationCraft UG (haftungsbeschränkt)
Im Vogelsang 22
56743 Thür, Germany
Email: support@brightbean.xyz

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

2. Overview of Data Processing

2.1 What Data We Collect

We may collect the following types of personal data:

  • Account data: Email address and name when you sign up for an API key or waitlist.
  • Usage data: API call logs, request timestamps, endpoints accessed, and response codes associated with your API key.
  • Technical data: IP address, browser type, operating system, and referring URL when you visit our website.
  • Communication data: Content of emails or messages you send to our support address.

2.2 How We Use Your Data

We process your personal data for the following purposes:

  • Providing, maintaining, and improving the BrightBean API service.
  • Managing your account and API key, including monitoring usage against your plan limits.
  • Communicating with you about your account, service updates, and support requests.
  • Ensuring the security and integrity of our service, including fraud prevention and abuse detection.
  • Complying with legal obligations.

2.3 Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide our API service to you.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for service security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, e.g., for marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with applicable laws.

3. Hosting and Server Log Files

Our website and API are hosted by third-party providers. When you access our website or API, the hosting provider automatically collects and stores information in server log files that your browser or client transmits. This includes:

  • IP address of the requesting device
  • Date and time of the request
  • URL of the requested resource
  • HTTP status code
  • Browser type and version (for website visits)
  • Referring URL

This data is processed on the basis of our legitimate interest in ensuring the stable and secure operation of our service (Art. 6(1)(f) GDPR). Server log files are retained for a maximum of 30 days and then deleted.

4. Analytics

We use analytics tools to understand how visitors interact with our website. These tools may use cookies or similar technologies to collect information about your use of the website, including pages visited, time spent, and interactions. This data is processed in aggregated or pseudonymized form and is used solely to improve our website and service.

The legal basis for this processing is our legitimate interest in optimizing our online presence (Art. 6(1)(f) GDPR).

5. API Data Processing

When you use the BrightBean API, we process the requests you make (including query parameters and endpoints called) to deliver the service. We log API usage data (request timestamps, endpoints, response codes, and associated API key identifiers) for the purposes of rate limiting, billing, and service monitoring.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

  • Hosting providers: For infrastructure and server operations.
  • Payment processors: To handle subscription payments securely. Payment processors receive only the data necessary to complete transactions and are bound by their own privacy policies.
  • Analytics providers: To help us understand website usage in aggregated form.

We do not sell your personal data to third parties. We only share data with third parties as described above or when required by law.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses or the service provider's participation in recognized data protection frameworks.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your account and deleted within 90 days of account closure, unless longer retention is required by law.
  • API usage logs: Retained for up to 12 months for service monitoring and billing purposes.
  • Server log files: Retained for up to 30 days.
  • Communication data: Retained for as long as necessary to resolve your inquiry and for up to 3 years thereafter for legal purposes.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request information about whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to the processing of your personal data based on legitimate interests at any time.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at support@brightbean.xyz.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

10. Cookies

Our website may use cookies — small text files stored on your device by your browser. Some cookies are essential for the website to function properly (e.g., session cookies), while others help us analyze website usage (e.g., analytics cookies).

You can configure your browser to refuse cookies or to alert you when cookies are being sent. Please note that some features of the website may not function properly if cookies are disabled.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/SSL), access controls, and regular security reviews.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

13. Contact

If you have questions about this privacy policy or our data processing practices, please contact us:

InnovationCraft UG (haftungsbeschränkt)
Im Vogelsang 22
56743 Thür, Germany
Email: support@brightbean.xyz