Skip to content
microdose

How Microdose holds your data

Privacy Policy.

Microdose holds your work — brand briefs, agent conversations, exports — on servers in Helsinki. Your work is yours. We do not train models on it. We do not share it with anyone outside Anthropic, who runs the language models we use. If you delete a brand, the data is gone within 24 hours, and rotated out of backups within 7 days.

The full details are below. They are written in the same voice as the rest of Microdose — direct, specific, no shielding language. If something here is unclear, write to hello@microdose.digital and we'll fix the wording.

Who is the data controller

Orhan Olgar (sole proprietorship), Tellstr. 9, 12045 Berlin, Germany. Contact: hello@microdose.digital. The Imprint has the full statutory contact block.

What we collect, and why

  • Account data. Email address, hashed password, account creation timestamp. Necessary to give you a login. Legal basis: contract performance (GDPR Art. 6(1)(b)).
  • Brand work. The brand briefs, agent conversations, voice feedback, brand profiles, and exports you create inside Microdose. Stored so you can come back to them. Legal basis: contract performance.
  • Billing data. If you subscribe, Stripe handles payment information directly — Microdose never sees full card numbers. We store the Stripe customer ID and subscription status. Legal basis: contract performance + legal obligation (German tax law requires invoice retention).
  • Server logs. IP address, request path, response code, user agent — retained on a rolling basis for security monitoring + abuse prevention; oldest entries are rotated out as new ones arrive. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
  • Email transactional metadata. Delivery receipts for verification + password reset emails. Kept 90 days. Legal basis: contract performance.
We do not use analytics cookies, advertising trackers, or third-party embeds that would set cookies before you give consent. There is no cookie banner because there are no non-essential cookies to consent to.

Where the data lives

  • Application servers + database: Hetzner Online GmbH, Helsinki (Finland) — EU data centre, GDPR-compliant.
  • Off-site backups: Hetzner Online GmbH, Falkenstein (Germany) — encrypted, EU data centre.
  • Language-model API: Anthropic PBC (United States). Your prompts and the agents' responses leave Anthropic's servers immediately after each turn. Anthropic does not train its public models on API traffic. Data transfer to the U.S. is covered by Standard Contractual Clauses (SCCs).
  • Payment processing: Stripe Payments Europe Ltd. (Ireland). Stripe stores card data in PCI-DSS Level 1 environments.
  • Transactional email: Resend (United States). Sender + recipient email + timestamp; never the full body of agent conversations.
The full subprocessor list is at /subprocessors — public so you can audit before signing a Data Processing Agreement.

How long we keep it

  • Account data: until you delete the account.
  • Brand work: until you delete it. Cancelling a subscription ends room access at the end of the billing period; your brand work stays in your account until you choose to delete it.
  • Billing records: 10 years after invoice (German tax law, §147 AO).
  • Server logs: retained on a rolling basis; oldest entries rotated out as new ones arrive.
  • Email transactional metadata: 90 days.
  • Backups: rotated on a 7-day cycle. A deleted brand is gone from all live data within 24 hours and from backups within 7 days.

Your rights (GDPR Art. 15–22)

You have the right to:
  • Access — see what data we hold about you. Reply within 30 days.
  • Rectify — correct any inaccurate data.
  • Erase — delete your account and all associated data. The erasure runs within 24 hours. If you are the sole owner of an organisation, you will need to transfer or delete that organisation first before the account can be deleted.
  • Port — export all of your data as a machine-readable JSON file from the data-export endpoint; no request needed. Individual documents also export as PDF / DOCX / PPTX from within the rooms.
  • Restrict — pause processing of your data while a complaint is open.
  • Object — to processing based on legitimate interest (server logs, security).
  • Withdraw consent — for any processing where consent was the legal basis.
  • Complain — to a data protection authority. The Berlin one is Berliner Beauftragte für Datenschutz und Informationsfreiheit.
To exercise any right, write to hello@microdose.digital. We do not require a specific form — a clear request in any language we read is enough.

What we do not do

  • We do not train AI models on your work.
  • We do not sell or rent your data to advertisers, brokers, or anyone else.
  • We do not embed third-party trackers (no Google Analytics, no Meta Pixel, no Hotjar, no Segment).
  • We do not use dark patterns to make data deletion harder than account creation.
  • We do not retain data "just in case" — every retention period above has a stated reason.

Security

All data in transit is TLS 1.3. Passwords are bcrypt-hashed. Authentication tokens are HttpOnly cookies; access tokens rotate every 15 minutes; refresh tokens rotate on use. Database backups are encrypted at rest. The infrastructure runs in EU data centres. We do not have a SOC 2 audit yet — we are too small to justify the spend; ask in writing if you need one for procurement and we will tell you the actual controls in place rather than show you a certificate.

Changes to this policy

When we change anything material, we email all active accounts at least 30 days before the change takes effect, with a clear summary of what changed and why. Old versions stay readable at /privacy/v1, /privacy/v2 (etc.).

Last updated: 10 May 2026

← Back