ROS-Audit ← Back to home

Privacy Policy

Datenschutzerklärung — How we handle your data

1. Who is responsible

ROS-QM GbR
Address available upon request — please contact hello@ros-qm.com
Germany
Email: hello@ros-qm.com

2. What data we collect

When you use ROS-Audit, we collect only the data needed to provide the service:

  • Account data: name, email address, hashed password
  • Audit data: processes, audit plans, findings, evidence — entered by you
  • Technical data: IP address (logged temporarily by the web server for security)
  • Session cookies: a single login cookie, strictly necessary for authentication

We do not use any analytics, tracking, advertising pixels, or third-party scripts.

3. Where your data is stored

All data is hosted on servers operated by Hetzner Online GmbH in Falkenstein, Germany — fully GDPR compliant under EU jurisdiction. Your data never leaves the European Union.

4. How we use your data

Solely to operate the ROS-Audit service: authenticate your login, store and display your audit records, generate reports you request, and contact you about your account.

5. Sharing with third parties

We do not sell, share, or transfer your data to third parties. The only exceptions: if required by German law, or if you explicitly request integration with a service.

6. How long we keep your data

Your data is kept for as long as your account is active. If you close your account, all personal data is deleted within 30 days, except where law requires longer retention (e.g. invoices, tax records — 10 years under § 147 AO).

7. Your rights under GDPR

You have the right to:

  • Request a copy of all your data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Request deletion of your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Receive your data in a portable format (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email hello@ros-qm.com.

8. Cookies

ROS-Audit uses only one strictly necessary cookie — your login session token. This cookie is required for the service to function and is exempt from consent requirements under § 25 (2) TTDSG. We do not use tracking, analytics, or advertising cookies.

9. Security

All connections are encrypted via HTTPS (TLS). Passwords are hashed with bcrypt and never stored in plain text. We follow industry best practices to protect your data.

10. Changes to this policy

If we update this privacy policy, we will notify registered users by email at least 14 days before changes take effect.

Last updated: May 2026