GDPR-compliant by design

This document explains how Superdesigner processes personal data in accordance with Regulation (EU) 2016/679 (GDPR). The service is developed in the Netherlands and hosted exclusively in Germany.

Data controller & contact

Controller: Superdesigner, Netherlands. Questions or requests regarding data protection can be sent to [email protected].

What data is processed?

Uploaded models: ArchiMate XML files are streamed into memory to render exports. They are never written to disk and are discarded immediately after the response is delivered.
Operational logs: Server logs contain timestamps and error messages only. They do not contain model data or personal identifiers.

Legal basis & retention

Processing is based on GDPR Art. 6(1)(b) - performance of the service requested by the user. Uploaded files exist only in volatile memory for the duration of the export, typically a few seconds, after which they are irreversibly discarded. Operational logs are retained for up to 30 days for security and troubleshooting.

Hosting & sub-processors

Infrastructure runs entirely on EU-based servers located in Germany. No third-party processors receive model data, and no transfers occur outside the European Economic Area.

Superdesigner uses Umami (https://umami.is) for lightweight analytics. Only aggregate telemetry is collected. No cookies, IP addresses, or identifying data are stored.

Your rights

Users may exercise their GDPR rights (access, rectification, erasure, restriction, objection, and data portability) by contacting [email protected]. Because uploads are deleted immediately, most requests can be fulfilled by confirming that no data is retained.