This privacy policy transparently explains which data is processed when using our website, client portals, and digital services.
Last updated: June 2026For questions about contracts, privacy, or legal information, contact us by email or phone.
The controller responsible for processing on this website and in the client portals is Xeno Development. Management is jointly carried out by Marius Lutz Wözel (Founder & CEO) and Joschua Czock (Co-Founder & COO). Marius Lutz Wözel is the primary contact for privacy inquiries. Current contact details are provided in the legal notice and in the direct contact section of this page.
We process personal data only where necessary to operate the website, handle inquiries, take pre-contractual steps, perform contracts, provide support and hosting, or comply with legal duties. Depending on the purpose, processing is based in particular on Art. 6(1)(b), (c), or (f) GDPR and, where consent is given, Art. 6(1)(a) GDPR.
The website and IT infrastructure are hosted by Hetzner Online GmbH in Germany or within the European Union. When pages are accessed, IP address, date and time, requested page or file, referrer, browser type and version, operating system, hostname, and technical status or error data may be processed in server logs. This supports secure operation, error analysis, and abuse detection. A data processing agreement is in place with the hosting provider where required.
When contacting us by email, form, cart, or ticket system, we process the information you provide, such as name, email address, Discord username, project and order data, subject, message, and technical information. Processing is used to handle the inquiry, take pre-contractual steps, perform contracts, and document support.
For registration, login, and the client portal, we process in particular name, email address, encrypted password, verification status, booked products, subscriptions, invoice and contract data, support inquiries, and technical administration data for provided services. The data is used for account management, contract performance, billing, support, and security.
When using Discord login, the user is redirected to Discord. After authorization, we receive, depending on the approved scope, the Discord ID, username, and avatar; an email address only if requested and provided by Discord. The data is used for login, account assignment, service management, and support. Discord’s own privacy rules also apply to processing by Discord.
For orders and ongoing services, we process contact, contract, invoice, payment status, product, and service data. For hosting, this may include server name, booked package, technical configuration, status, support history, and necessary administration data. Content on customer-managed servers is processed only where necessary for operation, support, security, or legal duties.
Payments may be processed by bank transfer or Revolut. Data required for payment, allocation, and accounting is processed, including name, amount, reference, transaction and payment status, and invoice data. We do not store additional payment data unless required for contract performance or statutory retention duties.
For order confirmations, invoices, support, verification, password, account, and security messages, we use email delivery via Google SMTP. This involves processing the recipient address, name, message, delivery time, and technical delivery information. Processing supports contract performance, support, account security, and reliable communication.
The website uses technically necessary session cookies and local storage for functions such as language settings, cart, login session, and storing the cookie choice. When an affiliate link is opened, partner attribution is initially retained only for the current session and a click is recorded using reduced or hashed technical characteristics for abuse prevention and internal attribution. Only after explicit optional consent is affiliate attribution additionally stored in a cookie for up to 30 days. No cross-site tracking takes place, and no advertising or external analytics tools are loaded.
The publicly accessible website uses system fonts and does not load Google Fonts from external Google servers. Therefore, no connection to Google Fonts is established solely to display the public pages. External content or links are included only where visibly required for a function.
Customers may process personal data on booked hosting services. Where Xeno Development processes such data solely on the customer’s instructions, Xeno Development may act as a processor. A data processing agreement under Art. 28 GDPR can be provided or concluded for such hosting services. The customer remains responsible for the lawfulness, purposes, and content of their processing.
Data is stored only for as long as required for its purpose, active contracts, support, security, or statutory retention duties. It is then deleted or anonymized unless legal or legitimate reasons require continued storage. We use appropriate technical and organizational measures and encrypted transmission.
Subject to the GDPR, data subjects have rights of access, rectification, erasure, restriction of processing, data portability, and objection. Consent may be withdrawn with future effect. Data subjects also have the right to lodge a complaint with a competent supervisory authority. A message to the stated contact address is sufficient to exercise these rights.
This privacy policy was last updated in June 2026. It may be updated when functions, providers, legal requirements, or personal data processing change.
