Back to Home

Privacy Policy

1. Controller

Lacop Studio OG
Lazar Peric & Claus Pavel
Herderstraße 40, 4600 Wels, Austria
Email: office@lacop.app

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Data We Collect

When using our platform, the following personal data is processed:

  • Email address (upon registration and login)
  • Password (stored exclusively as a cryptographic hash using bcrypt or argon2 with an individual salt — the plaintext password is never stored on our servers)
  • Profile information (name, biography, about text, contact email, social media links, agencies, custom links — as provided by the user)
  • Uploaded media (photos, videos, profile picture)
  • Onboarding data (information from the registration form including selected plan, transmitted to us by email)
  • Technical data (IP address, browser type, access timestamps — in server logs)
  • Usage logs (administrative actions and media uploads are recorded in internal audit logs)

3. Purpose of Processing

We process your data exclusively for the following purposes:

  • Provision and management of your user account and portfolio
  • Display of your content on your individual portfolio website
  • Authentication and security (login, session management)
  • Communication regarding your account (e.g. password reset)
  • Processing of your onboarding request and contacting you
  • Traceability of administrative actions (audit logging)
  • Improvement and ensuring the functionality of our platform

No use for AI training or profiling: LACOP uses your content (in particular photos, profile data and texts) exclusively to deliver the contractually agreed services. Your content is not used to train AI models, to build profiles for advertising purposes, or to resell to third parties.

4. Legal Basis

The processing of your data is based on the following legal grounds under the GDPR:

  • Art. 6(1)(b) GDPR — Processing for the performance of a contract (provision of the portfolio platform)
  • Art. 6(1)(f) GDPR — Legitimate interests (platform security, abuse prevention)
  • Art. 6(1)(c) GDPR — Compliance with legal obligations (e.g. retention requirements)
  • Art. 6(1)(a) GDPR — Consent (where you have given it, e.g. for optional features)

5. Storage Duration

Your personal data is only stored for as long as necessary for the purposes stated above:

  • Account data: Until deletion of your account
  • Uploaded media: Until deletion by the user or upon account deletion
  • Server logs: Maximum 30 days
  • Audit logs: Retained for traceability of administrative actions and regularly cleaned up
  • Onboarding data: Not stored beyond processing of your request (transmitted by email)

After deletion of your account, all associated data will be permanently removed within 30 days, unless statutory retention obligations apply.

6. Hosting and Third-Party Providers

Vercel (Hosting)

Our platform is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes technical access data (IP address, timestamps) to provide the website.

Vercel Analytics (Web Analytics)

We use Vercel Analytics for analysis of website usage (page views, visitor counts, countries of origin, device types). Vercel Analytics operates without cookies, collects no directly identifying personal data, and does not create individual user profiles. No cross-site tracking is performed. Processing is based on our legitimate interest in analyzing website usage (Art. 6(1)(f) GDPR). More information: Vercel Privacy Policy

Supabase (Database and Authentication)

We use Supabase Inc. for database, authentication and file storage. Data is stored on AWS servers in the EU (Frankfurt, eu-central-1). More information: Supabase Privacy Policy

Resend (Email Delivery)

We use Resend Inc. for sending transactional emails (e.g. password reset, account confirmation). Your email address is transmitted to Resend for this purpose. More information: Resend Privacy Policy

All-Inkl (Email Hosting)

For the optional email hosting add-on (provision of email mailboxes on customer domains), we use the server infrastructure of ALL-INKL.COM – Neue Medien Münnich, proprietor René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. When you book the email hosting add-on, email addresses, incoming and outgoing emails as well as mailbox contents are processed and stored on All-Inkl servers in Germany. Data processing takes place exclusively within the European Union. A data processing agreement pursuant to Art. 28 GDPR is in place with All-Inkl. More information: All-Inkl Privacy Policy

Sentry (Error Monitoring)

We use Sentry (Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) for detecting and resolving technical errors. Sentry automatically collects error messages, stack traces, browser information and IP addresses (anonymized) to improve the platform. No personal content (photos, profile data) is transmitted to Sentry. More information: Sentry Privacy Policy

Stripe (Payment Processing)

We use Stripe Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA) for processing payments for paid plans. Payment data (credit card number, SEPA data) is processed directly by Stripe. LACOP does not have access to complete payment data. More information: Stripe Privacy Policy

7. Data Transfer to Third Countries

Some of our service providers (Vercel, Vercel Analytics, Resend, Sentry, Stripe) are based in the USA. Data transfers are carried out on the basis of the EU-U.S. Data Privacy Framework or the Standard Contractual Clauses of the European Commission (Art. 46(2)(c) GDPR).

8. Cookies and Local Storage

We use only technically necessary session cookies required for the functionality of the platform (authentication, session management). These cookies do not contain any tracking or advertising information.

  • Session cookie: Set after login and automatically deleted upon logout or session expiry
  • localStorage: Your language preference and theme setting (light/dark) are stored locally in your browser (localStorage) so the platform is displayed in the selected language and appearance. This data is not transmitted to our servers.

No analytics, marketing or third-party cookies are used. A cookie banner is therefore not required.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request information about your data stored by us.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your data. You can delete your account at any time in the settings.
  • Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to the processing of your data at any time.

10. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). In Austria, this is the:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
www.dsb.gv.at

11. Contact for Data Protection Inquiries

For questions about data protection or to exercise your rights, you can reach us at:

Email: office@lacop.app

We endeavor to respond to your inquiry within 30 days.

As of: March 2026