Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Gainback GmbH

Falkenstein 16a

97499 Donnersdorf Germany

E-Mail: jakob@one-build.de

+49 176 23159003

2. General information on data processing

When you visit our OneBuild website, personal data are only processed to the extent necessary for technical and security-related purposes. We do not use cookies or comparable tracking technologies.

We process personal data in particular for the following purposes:

  • provision of the website and ensuring its technical functionality,
  • ensuring the stability and security of the website,
  • handling and responding to contact requests.

The legal bases for data processing are in particular:

  • Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract or for pre-contractual measures,
  • Art. 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests (secure, stable and user-friendly provision of the website, defence against attacks).

3. Hosting and Content Delivery Network (CDN) by Vercel

Our website is hosted by Vercel and delivered via Vercel's Content Delivery Network (CDN).

Service provider:

Vercel Inc.

440 N Barranca Ave #4133

Covina, CA 91723 USA

When you access our website, your browser sends requests to Vercel's servers. In this context, technically necessary connection data are processed, in particular:

  • IP address of the requesting device,
  • date and time of the request,
  • URL of the accessed page,
  • amount of data transferred,
  • referrer URL, if transmitted,
  • browser type and version, operating system.

Vercel processes these data on our behalf in order to deliver and display the website and to ensure secure and efficient operation (for example, defence against attacks, detection of errors). We have concluded a data processing agreement with Vercel pursuant to Art. 28 GDPR.

Depending on the server and CDN node locations, personal data may be transferred to third countries, in particular the USA. Where required, such transfers take place on the basis of appropriate safeguards in accordance with Art. 44 et seq. GDPR.

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient and secure provision of our website via a modern hosting and CDN infrastructure.

4. Server log files

When you visit our website, certain information is automatically collected and stored in server log files by our hosting provider Vercel. This includes in particular:

  • IP address of the requesting device,
  • date and time of access,
  • name and URL of the requested resource,
  • referrer URL, if transmitted,
  • browser type and version and operating system,
  • HTTP status code and amount of data transferred.

These log files are used to ensure the technical operation, security and error analysis of the website.

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring stable and secure operation of our website.

Log files are deleted as soon as they are no longer necessary for the purposes mentioned above. Longer storage may occur in individual cases if there are concrete indications of unlawful use or a security incident.

5. Contacting us

If you contact us, for example by e-mail, we process the personal data you provide (such as name, e-mail address, content of the message) in order to handle and respond to your request.

The legal basis for this is:

  • Art. 6(1)(b) GDPR, where your request is related to an existing or potential contractual relationship,
  • Art. 6(1)(f) GDPR in other cases, as handling enquiries is in our legitimate interest.

We delete these data when they are no longer required for processing your request and no statutory retention obligations apply.

6. No cookies, no tracking or marketing tools

On our OneBuild website, we do not use cookies. We also do not use any tracking, analytics or marketing tools that evaluate personal data for profiling, tracking or advertising purposes.

In particular, we currently do not use tools such as Google Analytics, Meta Pixel or comparable services.

7. Data sharing

Your personal data will only be transferred to third parties if:

  • this is necessary for the provision of the website and the performance of a contract (for example, hosting by Vercel),
  • we are legally obliged to do so,
  • you have explicitly consented, or
  • another legally permissible case applies.

We use service providers as processors within the meaning of Art. 28 GDPR (for example, hosting, technical services), who process personal data only in accordance with our instructions and on the basis of a corresponding contract.

8. Storage period

Unless a more specific storage period is stated in this Privacy Policy, we process and store personal data only for as long as necessary for the respective purposes.

After the respective purpose ceases to apply and any statutory retention periods have expired, the data will be deleted.

9. Your rights

Under the GDPR, you have the following rights with regard to your personal data:

Right of access (Art. 15 GDPR)

You can request information about whether and which personal data we process about you.

Right to rectification (Art. 16 GDPR)

You can request the correction of inaccurate data and the completion of incomplete data.

Right to erasure (Art. 17 GDPR)

You can request the deletion of your personal data, unless statutory retention obligations or other legal reasons prevent this.

Right to restriction of processing (Art. 18 GDPR)

You can request the restriction of processing under certain conditions.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and, where technically feasible, to have these data transmitted to another controller.

Right to object (Art. 21 GDPR)

You may object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

Right to withdraw consent (Art. 7(3) GDPR)

You may withdraw your consent at any time with effect for the future.

To exercise your rights, please contact us using the contact details provided in section 4.1.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

10. Obligation to provide data

In general, you are not legally or contractually obliged to provide personal data when using our website. However, certain functions (for example, responding to e-mail enquiries) cannot be used if you do not provide the necessary data.

11. Changes to this Privacy Policy

This Privacy Policy is currently valid. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current version is available at any time on this website.

In case of discrepancies between the German and English versions of this Privacy Policy, the German version shall prevail.

Profile

Book an intro call

Time to get introduced and explore how OneBuild can help.

Do you prefer email communication?

jakob@one-build.de

Frequentlyasked questions

You get tangible progress, not "status updates." In a typical sprint we deliver a working product increment (something usable and testable), a short demo for validation, and a clear snapshot of what shipped, what is next, and what decisions are pending. This is how modern product teams stay aligned while moving fast, because the output is visible and reviewable, not hidden in long documents.

We start with a focused discovery to align on goals, users, constraints, and success metrics, then translate that into a clear plan (scope, milestones, timeline, and delivery approach). From there we move through design, development, QA, and deployment in tight iterations with frequent demos, so you always see progress and decisions stay grounded in reality.

Yes. A professional launch usually includes a defined warranty window where we fix defects that violate the agreed scope, at no additional cost, then optional support plans for monitoring, updates, and ongoing improvements. Many established agencies publicly structure support this way (warranty first, then SLA style support tiers), because it protects you from launch risk while keeping new feature work clearly separated.

We align on one communication lane, one source of truth, and one decision maker on your side. Expect short weekly checkpoints, sprint demos for stakeholder approval, and clear written updates that highlight decisions, risks, and tradeoffs. This cadence is a standard in sprint based delivery because it keeps scope crisp, avoids silent drift, and makes leadership approvals fast and low friction.

Yes. We can operate as a full delivery team (owning outcomes) or embed into your team in a staff augmentation style model, depending on what you need. The key difference is ownership and workflow, delivery teams run end to end with clear accountability, augmentation integrates into your tools and management, so you control priorities directly. We help you choose the model that matches your maturity, speed requirements, and internal bandwidth.

We can sign an NDA, but we also operate with practical controls, least access needed, separate environments, and careful handling of confidential materials, because contracts alone do not eliminate risk. Good confidentiality practice is a mix of clear agreements plus disciplined access and disclosure behavior, especially when data, credentials, or customer information is involved.

Privacy Policy | OneBuild