Privacy policy

The controller responsible for data processing within the meaning of the GDPR: Domenic Wehkamp Südeschstraße 40 48429 Rheine Deutschland Email: info@memno.com

MEMNO is a software-as-a-service platform for freelancers in the DACH region. Users (“freelancers”) document project scopes, have orders confirmed by clients, and generate records as well as invoice PDFs. In doing so, we process personal data of freelancers and — on behalf of freelancers — data of their clients.

• Account data (freelancer): Name, email address, login credentials (passwords are stored hashed, not in plain text).
• Profile and billing data (freelancer): Company name, address, tax number, VAT ID, IBAN, invoice prefix, small-business status.
• Project and order data: Project name, service descriptions, prices, status, audit log (timestamps, actions).
• Client data (on behalf of the freelancer): Name, email address, confirmation name, rejection reason if applicable.
• Payment data: Processed directly by Stripe; we may receive customer ID, subscription status, and transaction metadata, but not full credit card details.
• Technical data: IP address, browser/device information, timestamps (server and access logs of service providers used).

• Provision of account and platform — Art. 6(1)(b) GDPR (contract performance).
• Processing of payments and subscriptions — Art. 6(1)(b) GDPR.
• Creation of order confirmations and invoices — Art. 6(1)(b) GDPR (service for the freelancer) or Art. 6(1)(f) GDPR (legitimate interest in documented contract processing).
• Email notifications after client acceptance — Art. 6(1)(b) GDPR (execution of the process initiated by the freelancer).
• IT security, error analysis, abuse prevention — Art. 6(1)(f) GDPR.
• Statutory retention — Art. 6(1)(c) GDPR, where applicable.

For personal data that freelancers enter about their end clients in MEMNO or that end clients provide via confirmation links, the freelancer is generally the controller. We process this data as a processor within the meaning of Art. 28 GDPR, insofar as we store and process it solely on the freelancer's instructions to provide the platform.

Freelancers are themselves responsible for appropriately informing their clients and having a legal basis for transferring data.

We use the following service providers (selection):

• Convex, Inc. — Backend, database, file storage (PDFs), authentication. Server location may be outside the EU; EU Commission standard contractual clauses may be used where applicable.
• Vercel Inc. — Hosting and delivery of the web application.
• Stripe, Inc. — Payment processing and subscription management.
• Resend, Inc. — optional delivery of transactional emails (e.g. after order acceptance), if configured.

Where required, we conclude data processing agreements with processors pursuant to Art. 28 GDPR.

• Account and profile data: for the duration of the user relationship.
• Project, order, and PDF data: until deleted by the user or termination of the account, plus technically required backup retention periods of service providers.
• Billing and tax-relevant records: in accordance with statutory retention periods (typically 6–10 years), where applicable.

MEMNO uses technically necessary mechanisms to maintain logins (session/auth token). We currently do not use third-party analytics or marketing cookies. The service may store service worker data locally as a Progressive Web App (PWA).

You have the following rights in particular:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent given (Art. 7(3) GDPR)

Please direct requests to info@memno.com. End clients of freelancers should primarily contact the respective freelancer regarding affected data.

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible is generally that of your place of residence or our registered office.

We implement appropriate technical and organizational measures (including transport encryption via HTTPS, access controls, authentication). Complete security on the internet cannot be guaranteed.

We may update this privacy policy when legal requirements, services, or processing activities change. The current version is always available at /datenschutz.