Neleto logoNeleto

Privacy Policy

Information on the processing of personal data in accordance with GDPR

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Triple-A Soft UG (haftungsbeschränkt)
Danzigerstraße 3
88250 Weingarten
Germany

Phone: +49 (0) 751 951 264 03
Email: kontakt@aaa-soft.net

2. Principles of Data Processing

We process personal data only where permitted by law or where you have given your consent. We collect only data that is necessary for the respective purpose (data minimization).

3. Hosting

Our website and the Neleto service are hosted on servers operated by Hetzner Online GmbH (Industriestraße 25, 91710 Gunzenhausen, Germany). Hetzner is a GDPR-compliant European provider. We use server locations in the EU (Nuremberg/Germany) and optionally in the US (Ashburn) and Singapore. Customers choose their server region during registration.

For server locations outside the EU, data transfers are secured using EU Standard Contractual Clauses (SCCs). A data processing agreement (DPA) in accordance with Art. 28 GDPR has been concluded with Hetzner.

4. Access Data and Server Logs

When you visit our website, the following data is automatically stored in server log files:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer (IP address)
  • Time of the server request

This data cannot be attributed to specific individuals and is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing the service securely). Logs are deleted after a maximum of 30 days.

5. Registration and User Account

When you register for Neleto, we collect:

  • Name
  • Email address
  • Billing address (for paid plans)
  • Selected plan and server region

The legal basis is Art. 6(1)(b) GDPR (contract performance). This data is necessary to set up your account, issue licenses, and provide the service.

6. Payment Processing (Stripe)

Payments are processed via Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). Stripe acts as an independent data controller. We transmit your order data (name, email, amount, selected plan) to Stripe to process the payment. Credit card data is stored exclusively by Stripe — we do not receive or store payment card details.

Stripe processes your data in accordance with Stripe's privacy policy: https://stripe.com/en/privacy. The legal basis is Art. 6(1)(b) GDPR.

7. Contact

When you contact us by email, the transmitted data (name, email address, message content) is stored for the purpose of processing your request. We do not share this data without your consent. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

8. Cookies

Our website only uses technically necessary cookies (e.g., session cookies for authentication). These cookies are required for the operation of the service and are set without consent (Art. 6(1)(f) GDPR). We do not use tracking or marketing cookies.

9. Newsletter

If we offer a newsletter, we process your email address based on your explicit consent (Art. 6(1)(a) GDPR). Consent can be withdrawn at any time.

10. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR): What data we have stored about you.
  • Rectification (Art. 16 GDPR): Correction of inaccurate data.
  • Erasure (Art. 17 GDPR): Deletion of your data, unless statutory retention obligations apply.
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR): Objection to processing based on legitimate interests.
  • Withdrawal of consent (Art. 7(3) GDPR)
  • Complaint to the competent supervisory authority (Art. 77 GDPR)

Competent supervisory authority: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany.

To exercise your rights, please contact: kontakt@aaa-soft.net

11. Data Security

We use SSL/TLS encryption for the transmission of sensitive data (indicated by https:// in the address bar). Data you transmit to us cannot be read by third parties.

12. Retention Period

We store personal data only for as long as necessary for the respective purpose or as required by statutory retention periods (e.g., 10 years for invoices under German tax law).

13. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in law or changes to our service. The current version is always available on this page.

Last updated: May 2026