1. Controller
The controller responsible for data processing on this website is:
Alex Pichler
Lisa-Fittko-Straße 7
10557 Berlin, Germany
Email: hey@justmoved.app
We have not appointed a data protection officer, as we are not legally required to do so.
2. General information and legal bases
We process personal data only where it is necessary and where we have a valid legal basis under Art. 6 (1) GDPR. Depending on the situation, this is:
- your consent (Art. 6 (1) (a) GDPR),
- the performance of a contract or pre-contractual steps taken at your request (Art. 6 (1) (b) GDPR),
- our legitimate interests in providing a secure, stable and functional website (Art. 6 (1) (f) GDPR).
We process your data lawfully, fairly and transparently, and only for the purposes described in this policy.
3. Your rights
You have the right to:
- access your personal data (Art. 15 GDPR),
- rectification of inaccurate data (Art. 16 GDPR),
- erasure (Art. 17 GDPR),
- restriction of processing (Art. 18 GDPR),
- data portability (Art. 20 GDPR),
- object to processing based on legitimate interests (Art. 21 GDPR),
- withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR).
To exercise any of these rights, just email us at hey@justmoved.app.
4. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit). You may also contact the supervisory authority of your habitual residence or workplace.
5. Hosting and content delivery (Cloudflare)
Our website is hosted on Cloudflare Pages and delivered through the global content delivery network of Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). When you open the site, Cloudflare processes connection data, including your IP address, in order to deliver the content to your device and to keep the service secure, stable and protected against attacks.
Legal basis is Art. 6 (1) (f) GDPR (our legitimate interest in a secure and efficient website). Cloudflare acts as our processor under a data processing agreement. Personal data may be transferred to the USA, safeguarded by the EU Standard Contractual Clauses (see section 11).
6. Server log files
When you visit the website, technical information that your browser transmits is automatically recorded in server log files: browser type and version, operating system, referrer URL, the page requested, date and time of the request, and the (where possible shortened) IP address. This is necessary to deliver the website reliably and securely and to detect and resolve faults or misuse.
Legal basis is Art. 6 (1) (f) GDPR. Log data is stored only for as long as needed for these purposes and is then deleted.
7. Web analytics (Cloudflare Web Analytics)
We use Cloudflare Web Analytics to understand, in aggregate, how our website is used (for example page views and referrers). This tool is privacy-friendly: it does not use cookies, does not build a fingerprint of your device, and does not track you across websites or over time. The results are aggregated and do not allow us to identify you personally.
Legal basis is Art. 6 (1) (f) GDPR (our legitimate interest in understanding and improving our website).
8. Cookies
We do not use cookies for tracking, advertising or analytics, and we do not use comparable tracking technologies. Strictly necessary technical tokens may be used by our hosting and content delivery provider solely to keep the site secure and available. These do not track you and do not require consent.
9. Forms and the data you send us
You can use several forms on our website. We process the details you enter to handle your request:
- Membership sign-up: first name, email address, phone number, district, how long you have been in Berlin, and your interests. Purpose: to register you as a member and inform you about events.
- Event sign-up: name, email address, phone number. Purpose: to register you for the event and send you the details.
- Hosting request: name, company (optional), email address and your message. Purpose: to respond to your enquiry.
- Event idea: your idea and, optionally, your email address. Purpose: to collect ideas and, if you leave an email, to reply.
Legal basis is your consent (Art. 6 (1) (a) GDPR) and, where applicable, pre-contractual steps or contract performance (Art. 6 (1) (b) GDPR). You can withdraw your consent at any time. Providing the data is voluntary, but without the required fields we cannot process your request.
This form data is stored in our database with Supabase and confirmation or notification emails are sent via Resend (see section 10). We keep submissions only as long as necessary for the stated purpose or for statutory retention periods, and then delete them.
10. Processors
We work with carefully selected service providers who process data on our behalf under data processing agreements pursuant to Art. 28 GDPR:
- Database and backend: Supabase, Inc. (USA). Your form submissions are stored in a database hosted in the EU (Frankfurt, Germany). As Supabase, Inc. is a US company, access under US law cannot be fully excluded; this is safeguarded by a data processing agreement including the EU Standard Contractual Clauses.
- Email delivery: Resend (USA) sends our confirmation and notification emails. A data processing agreement including the EU Standard Contractual Clauses is in place, and Resend is certified under the EU-US Data Privacy Framework.
- Email contact and routing: when you email us (for example at hey@justmoved.app), your message is received through Cloudflare Email Routing (Cloudflare, Inc., USA) and forwarded to our inbox.
11. Transfers to third countries
Some of our processors are based in the USA (Cloudflare, Supabase and Resend). Where personal data is transferred to the USA, we ensure an adequate level of protection through the EU Standard Contractual Clauses pursuant to Art. 46 GDPR and, where applicable, certification under the EU-US Data Privacy Framework. Our database content is stored within the EU (Frankfurt). You can request copies of the relevant safeguards from us at any time.
12. Data security
We use TLS encryption (recognisable by “https” and the lock icon in your browser) to protect data transmitted through our website.
13. Storage period
We store personal data only for as long as it is necessary for the purposes described above or as required by statutory retention periods. Data processed on the basis of consent is stored until you withdraw that consent. After that, the data is deleted.
14. Updates and contact
We may update this policy as our website or the legal requirements change. This version is current as of June 2026. This privacy policy has been prepared to the best of our knowledge and belief. If you have any questions about data protection or your data, contact us any time at hey@justmoved.app.
See also our Legal Notice.