Astrava UG (haftungsbeschränkt) ("Intrvll", "we", "us", or "our"), Kleinensee 12, 23569 Lübeck, Germany, operates the website intrvll.com and associated cloud services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national law.
When you visit our website, our servers automatically record certain information:
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — security, fraud prevention, and service optimisation.
When you create an account or purchase services, we collect your name, e-mail address, billing address, and payment information (processed exclusively by our PCI-DSS compliant payment processor; we do not store card numbers). Legal basis: Performance of contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR).
If you contact support, we process message content, metadata, and any attachments you provide. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — customer service.
We use cookies and similar technologies. See our Cookie Policy for details. Consent-based cookies are activated only after you provide consent (Art. 6(1)(a) GDPR).
We do not sell your personal data. We share data only where necessary:
All processors are bound by Data Processing Agreements (DPAs) compliant with Art. 28 GDPR.
Your personal data is stored exclusively within the European Economic Area (EEA). For any transfer outside the EEA (e.g., via Stripe), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
Under the GDPR, you have the following rights:
To exercise any right, contact [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the supervisory authority — in Germany, the Berliner Beauftragte für Datenschutz und Informationsfreiheit (www.datenschutz-berlin.de).
We implement appropriate technical and organisational measures to protect your data, including TLS 1.3 encryption, AES-256 encryption at rest, strict access controls, penetration testing, and ISO 27001-certified processes.
We may update this policy periodically. Material changes will be communicated via e-mail or a prominent notice on our website at least 14 days before they take effect. Continued use of our services after the effective date constitutes acceptance.