FoundersDeck is built on the principle that trust must be earned through transparency, not marketing claims. This page documents exactly where your data goes, who processes it, and how we protect it.
All data is stored and processed exclusively in Nuremberg, Germany.
FoundersDeck is operated under German and EU law exclusively. We are:
This means no foreign government can compel us to disclose your data through legal mechanisms that bypass EU protections.
Under GDPR Article 28, we maintain a complete list of all sub-processors involved in delivering FoundersDeck. We will notify customers of any changes at least 30 days in advance.
| Provider | Purpose | Location | Legal Basis |
|---|---|---|---|
| Netcup GmbH | Server hosting, database | Nuremberg, Germany | DPA |
| Resend, Inc. | Transactional email delivery | EU processing | DPA + SCCs |
| Cloudflare, Inc. | DNS management | EU endpoints | DPA + SCCs |
| Polar.sh | Payment processing (MoR) | EU | DPA |
If you process personal data through FoundersDeck, a DPA is required under GDPR Article 28. We provide a pre-signed DPA for immediate use — no sales call, no email, no waiting.
Our DPA covers all data processing activities within FoundersDeck, including monitoring checks, incident detection, alerting, and status page rendering. It includes our complete sub-processor list and data flow documentation.
DPA download will be available at launch.
Here is exactly what happens with your data at each step:
Our server in Nuremberg sends HTTP/Ping requests to your monitored URLs. The response status, response time, and any error information is stored in our PostgreSQL database — also in Nuremberg. No data leaves Germany.
When an incident is detected, alerts are dispatched based on your configured channels. Email alerts go through Resend. Slack/Discord/Webhook alerts go directly to the endpoint you specified. Alert content contains only your monitor name, status, and timestamp.
Public status pages are rendered server-side in Nuremberg and served with zero cookies, zero tracking scripts, and zero third-party requests. Visitor browsers connect only to our German server.
All payment processing is handled by Polar.sh as Merchant of Record. FoundersDeck never stores credit card numbers or payment credentials. Polar.sh handles billing, invoicing, and tax compliance.
Right of access — Request a copy of all personal data we hold about you.
Art. 16Right to rectification — Correct inaccurate personal data at any time through your account settings.
Art. 17Right to erasure — Delete your account and all associated data. Automated, no support ticket required.
Art. 20Right to data portability — Export all your monitoring data, incident history, and configuration in open formats (JSON, CSV).
Art. 21Right to object — Object to processing of your personal data at any time.
If you have questions about our data practices, sub-processor list, or need assistance with your GDPR rights, contact us at info@foundersdeck.dev.