Cookie PolicyCookie-Richtlinie

Please note: the German version of this Cookie Policy is the legally authoritative text. This English version is a convenience translation; in case of any discrepancy, the German wording prevails.

This Cookie Policy is issued by the operator of the website at stads.cc and the associated advertiser dashboard (together, the “Service”):

Postal addressFabian Bachfischer Software
c/o POSTFLEX PFX-504-917
Emsdettener Straße 10
48268 Greven
Deutschland (Germany)

The person responsible for content under § 18(2) MStV is Fabian Bachfischer. The operator is a small business (Kleinunternehmer) under § 19 UStG; there is no VAT ID and no commercial-register entry. Full provider details are in the Impressum.

General

info@soundworks-ai.com

Data protection

privacy@soundworks-ai.com

Billing

billing@soundworks-ai.com

Abuse / notices

abuse@soundworks-ai.com

For how we handle personal data more generally, see our Privacy Policy. This Cookie Policy explains the specific technologies we store on, or read from, your device.

A “cookie” is a small text file that a website asks your browser to store and send back on later requests. Related technologies - such as localStorage, sessionStorage, and other forms of storing or reading information on your terminal equipment - are treated the same way under German and EU law for the purposes of this policy.

We distinguish two categories, because the legal basis is different for each:

• Strictly necessary (essential). Required to deliver a service you have explicitly requested - for example, to keep you logged in. These do not require consent.
• Non-essential. Anything not strictly necessary - analytics, advertising, personalisation, or cross-site tracking. These require your prior, informed, opt-in consent. We currently set none of these.

The Service runs on a server-side data layer with a Supabase publishable key used for authentication only. The table below is the complete list of what we store on your device. There is exactly one cookie plus one localStorage entry for your banner choice - both are essential.

▸ Note: this application sets no separate refresh cookie (e.g. sb-refresh-token) - token renewal is handled client-side by the Supabase browser client. There is also no dedicated CSRF cookie: cross-site request forgery is mitigated by the session cookie's SameSite=Lax attribute together with the Bearer/Authorization header on write APIs. We therefore list only the cookies we actually set.

stads is the ad company developers don't block. Consistent with that, the service serves a single labelled line of plain text - no images, no tracking pixels, and no code ever leaves the device. On this website and dashboard we therefore do not set:

• advertising or ad-retargeting cookies;
• cross-site or third-party tracking cookies;
• analytics or measurement cookies that identify you (no Google Analytics, no fingerprinting, no tracking pixels);
• social-media embed or “share” cookies; and
• any cookie whose purpose is profiling or behavioural advertising.

If this ever changes, we will update this policy, present a consent banner before any such technology runs, and only set it after you opt in (see the consent section).

Two legal regimes apply to cookies in Germany, and we treat them together:

• Storing/accessing information on your device is governed by § 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG). Under § 25(2), strictly-necessary cookies needed to provide a service you have expressly requested are exempt from the consent requirement. Our auth/session cookie falls squarely in that exemption.
• Processing the personal data contained in that cookie is governed by the GDPR (DSGVO). The lawful basis for our essential cookie is Art. 6(1)(b) GDPR (performance of a contract / steps to enter into one - you asked us to sign you in) and our legitimate interest in the security and integrity of the Service under Art. 6(1)(f) GDPR.
• Any future non-essential cookie would require consent under § 25(1) TDDDG and would be processed on the basis of your consent under Art. 6(1)(a) GDPR, freely revocable at any time.

Because we currently use only strictly-necessary storage, there is no consent to give or withhold for it - it is required for the Service to work, and you can opt out only by not using the signed-in dashboard. We set no non-essential cookie without your prior opt-in.

Through the cookie notice you make a choice (“Essential only” or “Accept”) that we record in the localStorage key stads-consent. Both options leave the essential auth cookie untouched; the choice is purely informational and forward-looking today. If we ever introduce a non-essential technology, the following applies:

• Consent banner. A banner will appear before any non-essential cookie runs. Non-essential cookies stay off until you actively accept; “reject” is as easy as “accept”.
• Change your choice later. You will be able to reopen the preferences and withdraw consent at any time, with no detriment to using the essential parts of the Service. You can also clear the stads-consent localStorage entry in your browser settings at any time.
• Browser controls. You can block or delete cookies in your browser settings. Blocking our essential cookie will log you out and break the dashboard, but it will not stop you reading public marketing pages.

You may also exercise your data-subject rights (access, erasure, objection, and more) as described in our Privacy Policy, and you have the right to lodge a complaint with a supervisory authority.

We may update this Cookie Policy as the Service evolves or as the law changes. The “last updated” date at the top reflects the current version. If we add any cookie that requires consent, we will obtain that consent before the cookie is set and update this document accordingly.

Questions about cookies? privacy@soundworks-ai.com