Privacy Policy

1. Who we are

This website is operated by enymo GmbH, Isenbrockstr. 55, 44867 Bochum, Germany (hereinafter "we", "us", or "our"). Cubit is a product of enymo GmbH.

We take the protection of your personal data seriously. This Privacy Policy explains what data we collect when you visit cubit.app, why we collect it, and what rights you have under the General Data Protection Regulation (GDPR / DSGVO).

2. Data controller

The data controller responsible for processing your personal data on this website is:

enymo GmbH
Isenbrockstr. 55
44867 Bochum
Germany

3. What data we collect and why

3.1 Server log files

When you visit our website, your browser automatically transmits certain technical data to our hosting provider. This includes your IP address, browser type and version, operating system, referring URL, date and time of the request, and pages visited. This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest) to ensure the technical operation and security of the website. Log files are retained for a maximum of 14 days and then deleted.

3.2 Waitlist registration

When you sign up for the Cubit waitlist, we collect your email address, your team size (selected from a dropdown), and the project management tool your agency uses (selected from a dropdown). This data is processed on the basis of Art. 6(1)(a) GDPR (your consent), given at the time of registration. We use this information to notify you when Cubit becomes available, to send you product updates and early-access communications, and to better understand the market and prioritise product development. You may withdraw your consent at any time by clicking the unsubscribe link in any email we send you or by contacting us at info@enymo.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

3.3 Contact via email

If you contact us directly by email, we process your email address and the content of your message on the basis of Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries) or Art. 6(1)(b) GDPR where your enquiry relates to a pre-contractual matter. We retain this data only as long as necessary to handle your enquiry and for any follow-up communications.

3.4 Analytics

We use Plausible Analytics to understand how visitors interact with our website. Plausible is a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and does not set any tracking identifiers. All usage data is aggregated and fully anonymised. No IP addresses are stored. Plausible does not transmit data to third countries and is fully compliant with GDPR, PECR, and CCPA without requiring a cookie banner or consent mechanism. The processing is based on Art. 6(1)(f) GDPR (legitimate interest in understanding and improving website usage). For more information, see plausible.io/privacy.

3.5 Cookies

This website uses only technically necessary cookies required for the website to function correctly. We do not use any tracking, analytics, or marketing cookies. No cookie consent banner is required. You can manage cookies at any time via your browser settings.

4. Email communications and newsletter

If you have registered for the Cubit waitlist or have otherwise opted in to receive communications from us, we will send you product updates, early-access information, and relevant announcements. These communications are sent via our email service provider, which processes your email address as a data processor under a data processing agreement pursuant to Art. 28 GDPR. You may unsubscribe from any of these communications at any time using the unsubscribe link included in every email.

5. Sharing your data

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes. We may share your data with the following categories of service providers acting as data processors on our behalf, all of whom are bound by data processing agreements in accordance with Art. 28 GDPR:

• Hosting and infrastructure providers for operating the website and storing data securely

• Email delivery and marketing automation providers for sending waitlist and product communications

• Analytics providers for understanding website usage

• Payment processors (upon product launch) for handling subscription payments

Where service providers are located outside the European Economic Area, we ensure an adequate level of data protection through Standard Contractual Clauses (SCCs) approved by the European Commission or another recognised transfer mechanism under Chapter V GDPR.

6. Your rights under GDPR

As a data subject under the GDPR, you have the following rights:

Right of access (Art. 15 GDPR):

You may request confirmation of whether we process personal data about you and, if so, obtain a copy of that data.

Right to rectification (Art. 16 GDPR):

You may request that inaccurate or incomplete personal data be corrected.

Right to erasure (Art. 17 GDPR):

You may request that we delete your personal data, provided no legal obligation requires us to retain it.

Right to restriction of processing (Art. 18 GDPR):

You may request that we restrict the processing of your data under certain circumstances.

Right to data portability (Art. 20 GDPR):

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Right to object (Art. 21 GDPR):

You may object at any time to processing based on legitimate interest (Art. 6(1)(f) GDPR). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent (Art. 7(3) GDPR):

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: info@enymo.com

We will respond within one month of receiving your request, in accordance with Art. 12 GDPR.

7. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2–4
40213 Düsseldorf
Germany

Email: poststelle@ldi.nrw.de
Website: ldi.nrw.de

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law. Waitlist data is retained until you unsubscribe or request deletion. Server log files are deleted after 14 days. Email correspondence is retained for the duration necessary to handle the matter and for any reasonable follow-up period.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, in accordance with Art. 32 GDPR. Transmission of data between your browser and our server is encrypted using TLS/SSL.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services or applicable law. The date at the top of this page indicates when the policy was last revised. Where changes are material, we will inform registered users by email or via a prominent notice on the website.

11. Contact

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data:

enymo GmbH
Isenbrockstr. 55
44867 Bochum
Germany

Email: info@enymo.com
Phone: +49 2327 417816 1