Legal

Privacy Policy

This Privacy Policy explains how August List UG (haftungsbeschränkt) i.G. ("August List", "we", "us") collects, uses, and protects your personal information when you use augustlist.com and related services (the "Platform"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for the processing of your personal data is:

August List UG (haftungsbeschränkt) i.G.
Kolonnenstr. 8
10827 Berlin, Germany
Email: contact@augustlist.com

2. Categories of personal data we process

Depending on how you use the Platform, we process:

  • Account and application data — name, email address, city, application answers, membership tier.
  • Profile and content data — profile details, saved lists, reflections, submitted stays, follows, and collaborations.
  • Communication data — messages and emails you send to us and our responses.
  • Payment data — billing details and subscription status. Card data is handled by our payment processor and not stored by us.
  • Usage and device data — IP address, browser type, device information, referring URL, timestamps, pages viewed, and search queries.
  • Cookies and similar technologies — see Section 8.

3. Purposes and legal bases

We process personal data for the following purposes:

  • Providing the Platform and membership — performance of a contract (Art. 6(1)(b) GDPR).
  • Reviewing membership applications and curation — performance of a contract and our legitimate interest in maintaining a curated community (Art. 6(1)(b) and (f) GDPR).
  • Processing payments and subscriptions — performance of a contract and legal obligations (Art. 6(1)(b) and (c) GDPR).
  • Communicating with you and providing support — performance of a contract and legitimate interest (Art. 6(1)(b) and (f) GDPR).
  • Security, fraud prevention, and abuse detection — legitimate interest (Art. 6(1)(f) GDPR).
  • Analytics and product improvement — consent where required, otherwise legitimate interest (Art. 6(1)(a) or (f) GDPR).
  • Marketing communications — consent (Art. 6(1)(a) GDPR); you may withdraw consent at any time.
  • Legal compliance — compliance with legal obligations (Art. 6(1)(c) GDPR).

4. Recipients and processors

We share personal data only with service providers who process it on our behalf under a data processing agreement (Art. 28 GDPR). These include:

  • Cloud hosting and database providers.
  • Email delivery providers for transactional emails.
  • Payment providers for subscription billing.
  • Analytics providers, where consent has been given.

We may also disclose personal data where required by law, court order, or to protect our rights, users, or third parties.

5. International transfers

Some of our providers may process data outside the European Economic Area (EEA). Where this is the case, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) adopted by the European Commission, together with additional safeguards where appropriate.

6. Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Account data — for the duration of your membership.
  • Application data — up to 12 months after a decision, unless you become a member.
  • Invoicing and tax records — up to 10 years, as required under German commercial and tax law.
  • Server logs — typically up to 30 days, unless needed longer for security investigations.

After the retention period, data is deleted or anonymised.

7. Your rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR).
  • Rectify inaccurate data (Art. 16 GDPR).
  • Request erasure ("right to be forgotten", Art. 17 GDPR).
  • Restrict processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Object to processing based on legitimate interests (Art. 21 GDPR).
  • Withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7(3) GDPR).

To exercise these rights, email contact@augustlist.com. You also have the right to lodge a complaint with a supervisory authority. For August List, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

8. Cookies and analytics

We use strictly necessary cookies to operate the Platform (for example, to keep you signed in). Where we use analytics or non-essential cookies, we ask for your consent first and you may withdraw it at any time via your browser settings or, where available, our cookie banner.

9. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit, access controls, and regular review of our practices.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or by email. The "last updated" date below always reflects the current version.

11. Contact

For any questions about this Privacy Policy or how we handle your data, contact us at contact@augustlist.com.

Last updated: July 2026.