Privacy Policy (GDPR)

This privacy notice explains how Sendity processes personal data when you use the Sendity authentication flow. We process data lawfully, fairly and transparently, and only for the purposes described here.

1. Controller Who is responsible for the processing of your personal data?

The controller within the meaning of Art. 4(7) GDPR is:

Dachs Consulting GmbH
Mierendorffweg 8, 64572 Büttelborn, Germany
USt.ID: DE341259468
Geschäftsführer: Christian Schätzlein
Email: c.schaetzlein@dachs.consulting
Phone: +49 6152 8553158

2. What Sendity does Short description of the service to understand the data flow

Sendity provides a simple authentication flow for websites and apps. Your browser requests authentication from the Sendity server and receives a session ID and a one-time code. You send this code by email or message to an address/number operated by Sendity. When your message is received, the session is looked up using the code and you are authenticated.

3. Categories of personal data

  • Sender identifiers from your message (e.g. email address, phone number)
  • Sender name (if present in the message)
  • Technical metadata provided by your message service (e.g. timestamps, routing information, where applicable)
  • Session-related data (session ID, one-time code)

4. Purposes and legal bases

We process the data for the purpose of authenticating you to the website or app that requested authentication via Sendity.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract) with the requesting website/app, or Art. 6(1)(f) GDPR (legitimate interests) in providing a secure and simple authentication mechanism. Where required, Art. 6(1)(a) GDPR (consent) may apply as provided by the requesting website/app.

5. Recipients of the data

The personal data extracted from your message (sender address, sender name and other information provided with the message) is forwarded to the website or app that requested authentication. Besides necessary processors (e.g. hosting, email/SMS gateways) engaged under Art. 28 GDPR, we do not disclose personal data to third parties unless required by law.

6. Storage period (deletion)

Sendity does not store personal data beyond what is necessary to complete the authentication. After the authentication step is completed, personal data from the received message is deleted from Sendity servers. Log or security data may be retained for a short period as strictly necessary to ensure the integrity, availability and security of the service (Art. 6(1)(f) GDPR) and to comply with legal obligations (Art. 6(1)(c) GDPR).

7. Provision of data and consequences of non‑provision

Providing the code via a message from your address/number is necessary to authenticate you via Sendity. Without this data, authentication via Sendity cannot be completed.

8. Your rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

You can exercise your rights by contacting us using the details above. You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement (Art. 77 GDPR).

9. Contact

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

For any questions about this privacy notice or how we process personal data, please contact:

Dachs Consulting GmbH
Email: c.schaetzlein@dachs.consulting
Phone: +49 6152 8553158

Last updated: 11/20/2025