Security and data handling
Website-Pflichtencheck needs enough technical context to find and fix problems, but not unrestricted access by default.
What may be needed
- Public website URL and visible problem description.
- Repository or staging access only when code fixes are part of the scope.
- CMS or hosting access only for agreed implementation work.
- A dedicated invite account instead of shared personal credentials wherever possible.
What is never needed for a first check
- Banking credentials or payment account passwords.
- Unrestricted production server access for a scan-only package.
- Private customer databases unless a specific repair requires a controlled export.
- Legal conclusions; the service provides technical checks, not legal advice.
How data is handled
- Stripe handles payment details; the app stores order and fulfillment status.
- Submitted URLs, notes, technical scan signals, and reports are stored for delivery and support.
- Sentry is configured without default PII and full report text is not logged when email delivery is disabled.
- Retention, export, and deletion handling are documented in the operations runbook and privacy policy.