Legal

GDPR Compliance

GDPR posture for the control.haus beta demo.

Current posture

The current product is still local-first for portfolio records. Account and billing state are stored to support Pro access, but saved building persistence is not active yet.

Supabase Auth stores minimal account identity
Paddle Billing handles payment, tax, invoice, and customer portal data
No production analytics configured
No server-side portfolio database writes yet
No document upload or evidence file storage

Data minimisation

Users should enter only non-sensitive planning assumptions. Avoid personal data, security-sensitive system details, or confidential building documents.

Production requirements

Before launch, the product needs a reviewed data-processing map, lawful basis, retention policy, subprocessors list, user rights process, and security controls.