From 5ef8f3413351fcff3c3707a77a7549a2a8b8ac0b Mon Sep 17 00:00:00 2001 From: openclawd Date: Mon, 16 Feb 2026 13:07:24 +0000 Subject: [PATCH] feat: Add EU compliance pages and EU hosting marketing - Add footer links for Impressum, Privacy Policy, Terms of Service - Create legal pages: /impressum, /privacy, /terms (Austrian/EU compliant) - Add EU hosting badge highlighting GDPR compliance and EU data residency - Add Express routes for legal pages with caching headers - All pages use consistent dark theme design matching landing page --- public/impressum.html | 123 +++++++++++++++++++ public/privacy.html | 202 +++++++++++++++++++++++++++++++ public/terms.html | 275 ++++++++++++++++++++++++++++++++++++++++++ src/index.ts | 16 +++ 4 files changed, 616 insertions(+) create mode 100644 public/impressum.html create mode 100644 public/privacy.html create mode 100644 public/terms.html diff --git a/public/impressum.html b/public/impressum.html new file mode 100644 index 0000000..800f206 --- /dev/null +++ b/public/impressum.html @@ -0,0 +1,123 @@ + + + + + +Impressum — DocFast + + + + + + + + + + +
+
+

Impressum

+

Legal notice according to § 5 ECG and § 25 MedienG (Austrian law)

+ +
+ Note: This page contains placeholder information marked with XXXXXX. The website owner must fill in the actual details before going live. +
+ +

Company Information

+

Company: Cloonar Technologies GmbH

+

Address: Address on request, Vienna, Austria

+

Email: legal@docfast.dev

+ +

Legal Registration

+

Commercial Register: FN XXXXXX

+

VAT ID: ATU XXXXXXXX

+

Jurisdiction: Commercial Court Vienna

+ +
+ Important: Placeholders above (marked XXXXXX) must be filled with actual company registration details. +
+ +

Responsible for Content

+

Cloonar Technologies GmbH
+ Legal contact: legal@docfast.dev

+ +

Disclaimer

+

Despite careful content control, we assume no liability for the content of external links. The operators of the linked pages are solely responsible for their content.

+ +

The content of our website has been created with the greatest possible care. However, we cannot guarantee that the content is current, reliable or complete.

+ +

EU Online Dispute Resolution

+

Platform of the European Commission for Online Dispute Resolution (ODR): https://ec.europa.eu/consumers/odr

+
+
+ + + + + \ No newline at end of file diff --git a/public/privacy.html b/public/privacy.html new file mode 100644 index 0000000..4ecb74a --- /dev/null +++ b/public/privacy.html @@ -0,0 +1,202 @@ + + + + + +Privacy Policy — DocFast + + + + + + + + + + +
+
+

Privacy Policy

+

Last updated: February 16, 2026

+ +
+ This privacy policy is GDPR compliant and explains how we collect, use, and protect your personal data. +
+ +

1. Data Controller

+

Cloonar Technologies GmbH
+ Address: Vienna, Austria
+ Email: legal@docfast.dev
+ Data Protection Contact: privacy@docfast.dev

+ +

2. Data We Collect

+ +

2.1 Account Information

+
    +
  • Email address - Required for account creation and API key delivery
    • +
  • API key - Automatically generated unique identifier
    • +
+ +

2.2 API Usage Data

+
    +
  • Request logs - API endpoint accessed, timestamp, response status
    • +
  • Usage metrics - Number of API calls, data volume processed
    • +
  • IP address - For rate limiting and abuse prevention
    • +
+ +

2.3 Payment Information

+
    +
  • Stripe Customer ID - For Pro subscription billing
    • +
  • Payment metadata - Subscription status, billing period
    • +
+ +
+ No PDF content stored: We process your HTML/Markdown input to generate PDFs, but do not store the content or resulting PDFs on our servers. +
+ +

3. Legal Basis for Processing

+
    +
  • Contract fulfillment (Art. 6(1)(b) GDPR) - Account creation, API service provision
    • +
  • Legitimate interest (Art. 6(1)(f) GDPR) - Service monitoring, abuse prevention, performance optimization
    • +
  • Legal obligation (Art. 6(1)(c) GDPR) - Tax records, payment processing compliance
    • +
+ +

4. Data Retention

+
    +
  • Account data: Retained while account is active + 30 days after deletion request
    • +
  • API usage logs: 90 days for operational monitoring
    • +
  • Payment records: 7 years for tax compliance (Austrian law)
    • +
  • PDF processing data: Not stored (processed in memory only)
    • +
+ +

5. Third-Party Processors

+ +

5.1 Stripe (Payment Processing)

+

Purpose: Payment processing for Pro subscriptions
+ Data: Email, payment information
+ Location: EU (GDPR compliant)
+ Privacy Policy: https://stripe.com/privacy

+ +

5.2 Hetzner (Hosting)

+

Purpose: Server hosting and infrastructure
+ Data: All data processed by DocFast
+ Location: Germany (Nuremberg)
+ Privacy Policy: https://www.hetzner.com/legal/privacy-policy

+ +
+ EU Data Residency: All your data is processed and stored exclusively within the European Union. +
+ +

6. Your Rights Under GDPR

+
    +
  • Right of access - Request information about your personal data
    • +
  • Right to rectification - Correct inaccurate data (e.g., email changes)
    • +
  • Right to erasure - Delete your account and associated data
    • +
  • Right to data portability - Receive your data in machine-readable format
    • +
  • Right to object - Object to processing based on legitimate interest
    • +
  • Right to lodge a complaint - Contact your data protection authority
    • +
+ +

To exercise your rights: Email privacy@docfast.dev

+ +

7. Cookies and Tracking

+

DocFast uses minimal technical cookies:

+
    +
  • Session cookies - For login state (if applicable)
    • +
  • No tracking cookies - We do not use analytics, advertising, or third-party tracking
    • +
+ +

8. Data Security

+
    +
  • Encryption: All data transmission via HTTPS/TLS
    • +
  • Access control: Limited employee access with logging
    • +
  • Infrastructure: EU-based servers with enterprise security
    • +
  • API keys: Securely hashed and stored
    • +
+ +

9. International Transfers

+

Your personal data does not leave the European Union. Our infrastructure is hosted exclusively by Hetzner in Germany.

+ +

10. Contact for Data Protection

+

For questions about data processing or to exercise your rights:

+

Email: privacy@docfast.dev
+ Subject: Include "GDPR" in the subject line for priority handling

+ +

11. Changes to This Policy

+

We will notify users of material changes via email. Continued use of the service constitutes acceptance of updated terms.

+
+
+ + + + + \ No newline at end of file diff --git a/public/terms.html b/public/terms.html new file mode 100644 index 0000000..2e18dd7 --- /dev/null +++ b/public/terms.html @@ -0,0 +1,275 @@ + + + + + +Terms of Service — DocFast + + + + + + + + + + +
+
+

Terms of Service

+

Last updated: February 16, 2026

+ +
+ By using DocFast, you agree to these terms. Please read them carefully. +
+ +

1. Service Description

+

DocFast provides an API service for converting HTML, Markdown, and URLs to PDF documents. The service includes:

+
    +
  • HTML to PDF conversion
    • +
  • Markdown to PDF conversion
    • +
  • URL to PDF conversion
    • +
  • Pre-built invoice and receipt templates
    • +
  • Custom CSS styling support
    • +
+ +

2. Service Plans

+ +

2.1 Free Tier

+
    +
  • Monthly limit: 100 PDF conversions
    • +
  • Rate limit: 10 requests per minute
    • +
  • Fair use policy: Personal and small business use
    • +
  • Support: Community documentation
    • +
+ +

2.2 Pro Tier

+
    +
  • Price: €9 per month
    • +
  • Monthly limit: 10,000 PDF conversions
    • +
  • Rate limit: Higher limits based on fair use
    • +
  • Support: Priority email support
    • +
  • Billing: Monthly subscription via Stripe
    • +
+ +
+ Overage: If you exceed your plan limits, API requests will return rate limiting errors. No automatic charges apply. +
+ +

3. Acceptable Use

+ +

3.1 Permitted Uses

+
    +
  • Business documents (invoices, reports, receipts)
    • +
  • Personal document generation
    • +
  • Integration into web applications
    • +
  • Educational and non-commercial projects
    • +
+ +

3.2 Prohibited Uses

+
    +
  • Illegal content: No processing of copyrighted material without permission
    • +
  • Abuse: No attempts to overload or disrupt the service
    • +
  • Harmful content: No generation of malicious, threatening, or harmful documents
    • +
  • Reselling: No white-labeling or reselling of the raw API service
    • +
  • Reverse engineering: No attempts to extract proprietary algorithms
    • +
+ +
+ Violation consequences: Account termination, permanent ban, and legal action if necessary. +
+ +

4. API Key Security

+
    +
  • Responsibility: You are responsible for keeping your API key secure
    • +
  • Unauthorized use: You are liable for all usage under your API key
    • +
  • Recovery: Lost keys can be recovered via email verification
    • +
  • Sharing: Do not share API keys publicly or in client-side code
    • +
+ +

5. Service Availability

+ +

5.1 Uptime

+
    +
  • Target: 99.5% uptime (best effort, no SLA for free tier)
    • +
  • Maintenance: Scheduled maintenance with advance notice
    • +
  • Status page: https://docfast.dev/health
    • +
+ +

5.2 Performance

+
    +
  • Processing time: Typically under 1 second per PDF
    • +
  • Rate limiting: Applied fairly to ensure service stability
    • +
  • File size limits: Input HTML/Markdown up to 2MB
    • +
+ +

6. Data Processing

+
    +
  • No storage: PDF content is processed in memory only
    • +
  • Logs: API usage logs retained for 90 days
    • +
  • Privacy: See our Privacy Policy for details
    • +
  • EU hosting: All data processed in Germany (Hetzner)
    • +
+ +

7. Payment Terms

+ +

7.1 Pro Subscription

+
    +
  • Billing cycle: Monthly, billed in advance
    • +
  • Payment method: Credit card via Stripe
    • +
  • Currency: EUR (Euro)
    • +
  • Auto-renewal: Subscription renews automatically
    • +
+ +

7.2 Cancellation

+
    +
  • Anytime: Cancel your subscription at any time
    • +
  • Access: Service continues until end of billing period
    • +
  • Refunds: No partial refunds for unused portions
    • +
+ +
+ EU Consumer Rights: 14-day right of withdrawal applies to digital services not yet delivered. Once you start using the Pro service, withdrawal right expires. +
+ +

8. Limitation of Liability

+
    +
  • Service provision: Best effort basis, no guarantees
    • +
  • Damages: Our liability is limited to the amount paid for the service
    • +
  • Indirect damages: We are not liable for lost profits, business interruption, or data loss
    • +
  • Force majeure: Not liable for events beyond our reasonable control
    • +
+ +

9. Account Termination

+ +

9.1 By You

+
    +
  • Delete your account by emailing legal@docfast.dev
    • +
  • Cancel Pro subscription through your account or email
    • +
+ +

9.2 By Us

+

We may terminate accounts for:

+
    +
  • Violation of these terms
    • +
  • Non-payment (Pro accounts)
    • +
  • Extended inactivity (12+ months)
    • +
  • Technical abuse or security concerns
    • +
+ +
+ Termination notice: We will provide reasonable notice except for immediate security threats. +
+ +

10. Intellectual Property

+
    +
  • Service ownership: DocFast and its technology remain our property
    • +
  • Your content: You retain rights to content you process through our API
    • +
  • Generated PDFs: You own the PDFs generated from your content
    • +
  • Feedback: Any feedback provided may be used to improve the service
    • +
+ +

11. Governing Law

+
    +
  • Jurisdiction: These terms are governed by Austrian law
    • +
  • Courts: Disputes resolved in Vienna, Austria
    • +
  • Language: German version prevails in case of translation conflicts
    • +
  • EU regulations: GDPR and other EU laws apply
    • +
+ +

12. Changes to Terms

+

We may update these terms by:

+
    +
  • Email notification: For material changes affecting your rights
    • +
  • Website posting: Updated version posted with revision date
    • +
  • Continued use: Using the service after changes constitutes acceptance
    • +
+ +

13. Contact Information

+

Questions about these terms:

+
    +
  • Email: legal@docfast.dev
    • +
  • Company: Cloonar Technologies GmbH, Vienna, Austria
    • +
  • Legal notice: See Impressum for full company details
    • +
+ +
+ Effective Date: These terms are effective immediately upon posting. By using DocFast, you acknowledge reading and agreeing to these terms. +
+
+
+ + + + + \ No newline at end of file diff --git a/src/index.ts b/src/index.ts index 93f4e74..fc05510 100644 --- a/src/index.ts +++ b/src/index.ts @@ -186,6 +186,22 @@ app.get("/docs", (_req, res) => { res.sendFile(path.join(__dirname, "../public/docs.html")); }); +// Legal pages (clean URLs) +app.get("/impressum", (_req, res) => { + res.setHeader('Cache-Control', 'public, max-age=86400'); + res.sendFile(path.join(__dirname, "../public/impressum.html")); +}); + +app.get("/privacy", (_req, res) => { + res.setHeader('Cache-Control', 'public, max-age=86400'); + res.sendFile(path.join(__dirname, "../public/privacy.html")); +}); + +app.get("/terms", (_req, res) => { + res.setHeader('Cache-Control', 'public, max-age=86400'); + res.sendFile(path.join(__dirname, "../public/terms.html")); +}); + // API root app.get("/api", (_req, res) => { res.json({