Privacy Policy (Business)

Codemellow UG (haftungsbeschränkt) · Last updated: April 2026

This Privacy Policy explains how Stamps, operated by Codemellow UG, processes personal data of business users in accordance with the EU General Data Protection Regulation (GDPR).

1. Who We Are

Data Controller: Codemellow UG (haftungsbeschränkt)

Susannenstraße 21a, 20357 Hamburg, Germany

Email: hey@getstamps.io

2. What Data We Collect

2.1  Business Account Data

When businesses use Stamps, we process:

  • Name and email address of the account holder

  • Login credentials (via Google or Apple authentication)

  • Billing and subscription information

  • Dashboard usage data

2.2  Technical & Device Data

We may process:

  • IP address

  • Browser and device type

  • Operating system

  • Date and time of interactions

3. How We Use Data

We process data to:

  • Provide and operate the Stamps service

  • Manage subscriptions and accounts

  • Provide analytics and insights to the business account

  • Improve functionality and security

  • Communicate about service updates or support requests

4. Legal Basis (GDPR)

Processing is based on:

  • Contract performance — Art. 6(1)(b) GDPR: processing is necessary for the performance of the Stamps subscription contract

  • Legitimate interests — Art. 6(1)(f) GDPR: to improve and secure the service, and for fraud prevention

  • Consent — Art. 6(1)(a) GDPR: where applicable (e.g. marketing communications)

  • Legal obligations — Art. 6(1)(c) GDPR: e.g. tax and invoicing obligations

5. Data Storage & Infrastructure

All personal data processed by Stamps is stored and processed exclusively on Google Cloud Platform (GCP) infrastructure. Google Cloud provides GDPR-compliant infrastructure, contractual safeguards, and appropriate technical security measures. Stamps does not sell personal data to any third party.

6. Sub-processors and Data Sharing

Stamps uses the following sub-processors to provide the Service. Personal data may be processed by these parties as part of normal service delivery:

Google Cloud Platform (GCP) — Google LLC / Google Ireland Ltd

  • Purpose: Cloud hosting, data storage, compute infrastructure

  • Data processed: All personal data stored within the Stamps platform

  • Location: EU (Frankfurt / Belgium); Google LLC parent entity in USA

  • Transfer mechanism: Standard Contractual Clauses (SCCs), Art. 46(2)(c) GDPR; EU-US Data Privacy Framework

  • Reference: cloud.google.com/terms/data-processing-addendum

Google Sign-In — Google LLC / Google Ireland Ltd

  • Purpose: Business account and end-user authentication

  • Data processed: Authentication identifier, email address used for login

  • Location: Google infrastructure (EU/US)

  • Transfer mechanism: Standard Contractual Clauses; EU-US Data Privacy Framework

Sign in with Apple — Apple Inc. / Apple Distribution International Ltd

  • Purpose: End-user authentication

  • Data processed: Authentication identifier; optionally a relay email address

  • Location: Apple infrastructure (US/EU)

  • Transfer mechanism: Standard Contractual Clauses; EU-US Data Privacy Framework

Stamps will notify business customers of any new or changed sub-processors via the registered account email address, providing the opportunity to object before changes take effect.

No data is shared with third parties outside the above for commercial or advertising purposes.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Stamps ensures appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR

  • EU-US Data Privacy Framework (for Google LLC and Apple Inc.)

Stamps processes and stores data primarily on EU-based GCP infrastructure (Frankfurt / Belgium).

8. Data Retention

Data is retained only as long as necessary to provide the Service, fulfill legal obligations, or prevent fraud and abuse. Accounts and associated data can be deleted upon request to hey@getstamps.io, unless legally required otherwise (e.g. statutory retention periods for invoicing records under German law: 10 years).

9. Your Rights

As a business user, you have the right to:

  • Access your data (Art. 15 GDPR)

  • Correct inaccurate data (Art. 16 GDPR)

  • Request deletion (Art. 17 GDPR)

  • Restrict or object to processing (Art. 18, 21 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent at any time (Art. 7(3) GDPR)

 Requests can be sent to: hey@getstamps.io

10. Security

We apply appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. Our infrastructure is managed via Google Cloud Platform.

11. Data Processing Agreement

The Data Processing Agreement (DPA) governing the processing of your end-customers’ personal data through Stamps is contained in Part 2 of the Terms of Use (Business). Both documents form a legally binding whole.

12. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via the registered account email address or through the Stamps dashboard.

13. Contact

For all privacy-related requests: hey@getstamps.io

Codemellow UG (haftungsbeschränkt), Susannenstraße 21a, 20357 Hamburg, Germany 


For complaints, you may also contact the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI): datenschutz.hamburg.de