Loading...
Loading...
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Simon Maximilian Heistermann
Mutter-Teresa-Weg 6, 46325 Borken, DE
Email: simon@daretogether.net
We are not legally required to appoint a data protection officer pursuant to § 38 of the German Federal Data Protection Act (BDSG). For any data protection inquiries, please contact us directly at simon@daretogether.net.
We process personal data that you provide to us or that is automatically collected when you use our website and services.
When you apply to join Dare Together, we collect the following information:
When you subscribe to our blog newsletter, we collect your email address and optionally your name. We use a double opt-in process: your data is only stored in our database after you confirm your subscription by clicking the link in the confirmation email.
After your application is accepted, we collect additional preferences during onboarding to tailor your community experience:
As a community member, you can provide additional profile information:
Last updated: February 2026
When you visit our website, the following data is automatically collected by our hosting provider:
We log transactional emails sent to you (e.g., application confirmations, onboarding invitations, membership updates). Logged data includes: recipient email, email template used, delivery status, and timestamps.
We process your personal data for the following purposes and on the following legal bases:
Application Processing
Purpose: Evaluating your application to join the Dare Together community.
Legal basis: Art. 6(1)(b) GDPR — performance of pre-contractual measures taken at your request.
Blog Newsletter
Purpose: Sending blog updates and community news to subscribers.
Legal basis: Art. 6(1)(a) GDPR — your consent via double opt-in. You may withdraw consent at any time by clicking the unsubscribe link in any email.
Onboarding & Member Portal
Purpose: Providing community services, matching members to blocks, enabling member-to-member interaction.
Legal basis: Art. 6(1)(b) GDPR — performance of the membership agreement.
Authentication Cookies
Purpose: Maintaining your login session and securing your account.
Legal basis: Art. 6(1)(b) GDPR — necessary for service provision; § 25(2) TTDSG — strictly necessary technology.
Transactional Emails
Purpose: Sending service-related communications (application status, onboarding invitations, membership updates).
Legal basis: Art. 6(1)(b) GDPR — necessary for service provision; Art. 6(1)(f) GDPR — legitimate interest in effective service communication.
Security & Activity Logging
Purpose: Maintaining platform security, preventing abuse, and providing an audit trail for administrative actions.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the security and integrity of our platform.
Marketing Attribution
Purpose: Understanding how applicants find us (UTM parameters from URL).
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding the effectiveness of our outreach.
We use the following third-party service providers to operate our platform. Each processor has entered into a Data Processing Agreement (DPA) with us in accordance with Art. 28 GDPR.
Vercel Inc.
San Francisco, California, USA
Purpose: Website hosting, content delivery network (CDN), and serverless function execution.
Data processed: Technical access data (IP address, request logs).
Supabase Inc.
San Francisco, California, USA
Purpose: Database hosting, user authentication, and file storage.
Data processed: All user data stored in our database (application data, member profiles, authentication sessions).
Resend
San Francisco, California, USA
Purpose: Transactional and newsletter email delivery.
Data processed: Recipient email address, email content, delivery metadata.
Stripe Inc.
San Francisco, California, USA
Purpose: Payment processing for future membership subscriptions.
Data processed: Name, email, payment information.
Note: Stripe is not yet actively processing payments. This section will be updated when paid memberships are introduced.
Our third-party processors are based in the United States. Data transfers to the US are conducted on the following legal bases:
We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law.
| Data Category | Retention Period |
|---|---|
| Accepted application data | Duration of membership + 3 years (statutory limitation period) |
| Rejected application data | 12 months after rejection |
| Blog subscriber data | Until you unsubscribe |
| Member profile data | Duration of membership + 6 years (HGB § 257 / AO § 147 commercial retention) |
| Email logs | 12 months |
| Activity logs | 12 months |
| Authentication sessions | Until logout or 30-day expiry |
| Payment data (future) | 10 years (AO § 147 tax retention) |
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at simon@daretogether.net. We will respond within one month of receiving your request.
We do not use fully automated decision-making, including profiling, within the meaning of Art. 22 GDPR. All decisions regarding applications are made by a human reviewer.
Applications: Providing the required application data (name, email, and the fields marked as required in the application form) is necessary for us to consider your application. If you do not provide this data, we cannot process your application.
Blog subscription: Only your email address is required.
Member profile: Certain profile information is necessary for community participation (name, email). Additional fields (bio, photo, social links) are voluntary but enhance your community experience.
We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.
For material changes (e.g., new data processing purposes, new processors, changes to retention periods), we will notify registered members via email at least 30 days before the changes take effect and update the “Last updated” date below.
You have the right to object to new processing activities by contacting us at simon@daretogether.net. If you do not wish to accept changes to our data processing, you may request deletion of your account without penalty.
Minor corrections, clarifications, or formatting changes that do not expand the scope of our data processing may take effect immediately.
Should any provision of this privacy policy be held invalid or unenforceable, the remaining provisions shall remain in full force and effect. Any invalid provision shall be replaced by a valid provision that comes closest to the intent of the original.