Privacy notice to finalize against the shipped app

Draft placeholder: the final privacy notice must match the deployed app, processors, hosting regions, analytics, support tooling, and retention rules.

Controller planning

Planning wording: E-SHAHN is operated by Token139 ApS in Copenhagen. Counsel must confirm controller identity, contact details, lawful bases, and any required notices for legacy users or migrated data.

Data categories

The final notice should cover account data, company data, shipment enquiries, quote responses, booking records, uploaded documents, support messages, security logs, email notifications, payment-related metadata, and analytics or consent records if used.

Processing and hosting

The current operating plan separates the public marketing site from the authenticated app. Production processing regions, processors, sub-processors, DPAs, transfers, and backup retention must be approved before real personal data is migrated.

Cookies and analytics

No non-essential analytics are configured. If analytics, remarketing, session replay, or support widgets are added later, consent and privacy copy must be updated before launch.

Rights and retention

The final notice must explain access, correction, deletion, objection, portability, retention, backup deletion, and complaint channels under applicable EU data-protection rules.