Blog post

Privacy Policy

Jan 21, 2026

Privacy Policy

Mostman – Privacy Policy (GDPR-Compliant)

Effective Date: 2026-01-08
Last Updated: 2026-01-08

This Privacy Policy describes how Microdata.Galaxy E.U, registered in Austria (“Mostman”, “we”, “us”, or “our”), processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Data Controller

For the purposes of GDPR, the Data Controller is:

Company: Microdata.Galaxy E.U
Country: Austria
Email: [email protected]

2. Scope

This Privacy Policy applies to:

  • The Mostman web platform
  • Desktop applications
  • CLI/TUI tools
  • APIs and integrations
  • Any related services operated by Mostman

3. Personal Data We Collect

We collect only data that is necessary to provide the Service.

3.1 Account & Identity Data

  • First name
  • Last name
  • Email address
  • Account credentials (hashed)
  • Optional phone number (if provided)

3.2 Payment Data

  • Subscription status
  • Billing identifiers

⚠️ Important:
Payment details (e.g. credit card numbers) are never stored by Mostman and are processed exclusively by third-party payment providers.

3.3 Usage & Technical Data

  • Login timestamps
  • Service usage events
  • Error logs (excluding user content)
  • IP address (for security and abuse prevention)

4. Lawful Basis for Processing (GDPR Art. 6)

We process personal data based on the following lawful bases:

Purpose Legal Basis
Account creation & service delivery Contract (Art. 6(1)(b))
Billing & subscription management Contract (Art. 6(1)(b))
Security & abuse prevention Legitimate interest (Art. 6(1)(f))
Legal obligations Legal obligation (Art. 6(1)(c))

We do not rely on consent as the primary legal basis unless explicitly stated.

5. Purpose Limitation

Personal data is processed only for:

  • Providing and operating the Service
  • Authentication and authorization
  • Subscription management
  • Customer support
  • Security and system integrity

We do not:

  • sell personal data
  • use data for advertising
  • perform profiling
  • analyze user content

6. Data Storage & Security

  • Data is stored in Mostman-controlled infrastructure
  • Sensitive data is encrypted at rest
  • Access is restricted to authorized personnel only
  • Security measures follow industry best practices

Despite these measures, no system is fully secure.

7. Data Retention Policy

7.1 Active Accounts

Data is retained while the account is active.

7.2 Subscription Cancellation

  • If the user downgrades to a free plan, data is retained
  • If the user does not downgrade, data is retained until the end of the billing cycle

7.3 Account Deletion

  • All personal data is permanently deleted
  • Deletion is irreversible
  • Data is not retained for future reactivation

8. Data Sharing & Processors

We share data only when strictly necessary with:

  • Payment processors
  • Cloud infrastructure providers
  • Authentication services

All processors:

  • Act under contractual obligations
  • Are GDPR-compliant
  • Process data only on our instructions

We do not transfer data outside the EU unless adequate safeguards are in place (e.g. SCCs).

9. User Rights (GDPR Art. 12–23)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (“Right to be forgotten”, Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)

Requests can be made by contacting [email protected].

10. Automated Decision-Making

Mostman does not perform:

  • Automated decision-making
  • Profiling with legal or significant effects

11. Cookies

We use only strictly necessary cookies for:

  • Authentication
  • Session management
Back to Legal and Security