Privacy Policy

Controller for this website: Fabian Exner, Einzelunternehmen, Theresienplatz 1, 90403 Nürnberg, Germany, trading as Combra. Contact: request@getcombra.com.

No data protection officer has been appointed unless a later Legal Notice states otherwise.

When you visit this website, technical access data may be processed, including IP address, request time, requested URL, browser information, referrer, and status codes. This is used to deliver the website, secure the service, debug errors, and prevent abuse.

Legal basis is Art. 6(1)(f) GDPR: the legitimate interest in operating a secure, reliable website and measuring basic service reliability.

When you request a partner or diagnostic conversation, Combra may process work email, company name, product category, SKU volume, compliance workflow description, request source, user agent, origin, and technical request metadata.

This data is used to review and respond to requests, qualify fit, prepare a focused compliance workflow discussion, and follow up on a possible commercial relationship. Legal basis is Art. 6(1)(b) GDPR where the request is pre-contractual, and Art. 6(1)(f) GDPR for operating a focused B2B intake process.

Combra is designed around product evidence, requirement mapping, evidence gap checks, reviewable compliance documentation, human approval, and audit trails. During an agreed engagement, processed materials may include BOMs, test reports, packaging artwork, manuals, product images, product data, company templates, reviewer feedback, and related compliance records.

Any production engagement should be governed by a separate agreement or data processing agreement that defines roles, subprocessors, storage region, retention, access rights, and security commitments.

The current website does not require tracking cookies for the public landing pages. The partner conversation form may use local storage as a temporary fallback if an API is unavailable, so the entered request can be recovered in the same browser.

If analytics, advertising pixels, session replay, or consent tooling are added later, this privacy page must be updated before those tools go live.

Technical providers may process data to host the website, operate the API, store partner requests, send email, monitor reliability, and protect against abuse. The public website is currently hosted through Cloudflare Pages.

Where providers process personal data on behalf of Combra, appropriate contractual safeguards should be put in place.

Partner conversation requests are kept only as long as needed to evaluate the request, communicate with the requesting company, operate the sales and onboarding process, and meet legal or security obligations.

If no customer relationship starts, requests should be reviewed for deletion after 24 months unless a longer retention period is required for legal claims, security records, or documented business context.

Depending on the circumstances, you may have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. You may also lodge a complaint with a competent supervisory authority.

To exercise rights, contact request@getcombra.com.