Wooout

Privacy Policy

Last updated: April 16, 2026

This policy applies to the Wooout website at wooout.com.

1) Controller

Oliver Heidorn
Oliver Heidorn Creative Technology
Flottbeker Drift 18
22607 Hamburg
Germany
hello@wooout.com

2) What data we process and why

Feedback form

When you submit the feedback form, we receive your message, an optional reply-to email address, and limited technical context (browser language, device/OS, timestamp) to help us respond and diagnose issues. Providing a reply-to email is voluntary; without it we cannot respond to you personally.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to provide the feedback service you requested. For the optional reply-to email: Art. 6(1)(a) GDPR — your consent, given by voluntarily entering your email address.

Security and abuse prevention

To protect the service against misuse, we apply rate limiting per IP address. The IP address is held in memory only for the duration of the rate-limit window and is never written to disk.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in keeping the service secure and available.

Server logs

Our web server records basic operational metadata per request: request path, HTTP method, response status, response time, and timestamp. These logs do not contain message content or email addresses.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in operating and maintaining a stable service.

3) Cookies

We do not use analytics, advertising, or tracking cookies. If technically necessary cookies are set, they serve no purpose other than keeping the site functional.

4) Recipients

We do not sell or share your personal data with third parties. Feedback submissions are delivered to us by email via our own SMTP server, which is located in Germany.

5) International transfers

Our server is located in Germany. Feedback data stays within the European Economic Area and is not transferred to third countries.

6) Retention

  • Feedback submissions: kept for 12 months after your request is resolved, then deleted.
  • Server logs: deleted after 30 days.
  • Rate-limit data (IP address): discarded at the end of each rate-limit window (minutes).

7) Your rights

Under the GDPR you have the right to:

  • Access (Art. 15) — obtain a copy of the personal data we hold about you.
  • Rectification (Art. 16) — have inaccurate data corrected.
  • Erasure (Art. 17) — request deletion of your data.
  • Restriction (Art. 18) — ask us to limit how we process your data.
  • Objection (Art. 21) — object to processing based on legitimate interests.
  • Withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email hello@wooout.com — a one-line message is enough.

8) Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The authority competent for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI)
www.datenschutz.hamburg.de

You may also contact the supervisory authority in your country of residence or place of work.