Privacy

Privacy Policy

Last updated: 29 June 2026GDPR (EU) 2016/679

01 Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Binary Please UG (haftungsbeschränkt)
c/o Factory Works GmbH
Rheinsberger Straße 76/77
10115 Berlin
Germany

Email: support@binaryplease.com. You can find the full provider details in the Legal Notice. We are not legally required to appoint a data protection officer; for questions regarding data protection, please contact the email address above.

02 General principles / overview

We process as little personal data as possible. For this website:

  • No tracking, no analytics tools (no Google Analytics, Matomo, Plausible, Hotjar, Sentry or similar).
  • No advertising or tracking cookies — the website sets no cookies of its own.
  • No newsletter via this marketing website; transactional emails (e.g. login codes) are sent only in the paid account area (see section 14).
  • No external content: fonts are served locally (no Google Fonts); no third-party scripts, maps or pixels are loaded (see section 6).
  • The add-in processes your emails and attachments exclusively within your own Microsoft environment (see section 4).

03 Accessing the website (server logs)

The website is a purely static offering and is delivered via the Caddy web server. This is configured without access logging — we do not permanently store any server log files containing IP addresses and do not create access profiles.

Data that is technically unavoidable when a connection is established (in particular the IP address) is processed by our hosting provider (see section 8) only transiently in order to deliver the content and to ensure stability and security; it is not permanently stored for our purposes.

  • Purpose: delivery of the website, IT security, abuse prevention.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, stable operation).
  • Storage period: no permanent storage by us; any transient connection data at the hosting provider is governed by its specifications (processing on our behalf, section 8).

04 The Outlook add-in & your email data

„Reply with attachment!“ is installed into your Microsoft Exchange mailbox and runs within Outlook. In order to re-attach the original files to your reply, they are processed via Microsoft Graph using your own Microsoft sign-in within Microsoft 365 — i.e. exclusively within your own Microsoft environment.

  • No email content, recipient lists or attachments are transmitted to our infrastructure.
  • We store no copies of your messages or files.
  • The add-in is web-based; an active internet connection is required, but the message content remains within the Microsoft environment.

Legal basis: Art. 6(1)(b) GDPR (performance of the usage contract at your request).

05 Cookies and local storage

This website sets no cookies of its own and uses no localStorage. No analytics, statistics or marketing cookies are set; therefore no cookie banner appears either. The static web server used (Caddy) and the hosting provider likewise set no cookies. Should exclusively technically necessary cookies be used in future, no consent would be required for this (§ 25(2) no. 2 TDDDG). Details in the Cookie Policy.

06 Fonts (locally hosted)

The fonts used (Bricolage Grotesque, Hanken Grotesk, JetBrains Mono) are delivered exclusively from our own server. No Google Fonts and no other external font services are integrated; when the page is accessed there is therefore no connection to Google or any other third party, and no IP address is transmitted to third parties. This eliminates the problem discussed in connection with the direct integration of Google Fonts (cf. Regional Court (LG) Munich I, 2022). The fonts are licensed under the SIL Open Font License, which expressly permits local embedding and delivery.

07 Installation via Microsoft AppSource

The add-in is installed via Microsoft AppSource. The privacy terms of Microsoft Corporation or Microsoft Ireland Operations Ltd. apply to this. We receive no personal data from you in the course of the installation.

08 Recipients / processing on our behalf / hosting

The website and the static add-in files are operated by the following hosting service provider, which processes personal data exclusively on our behalf and bound by our instructions:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
  • Server location: Germany (EU), Falkenstein/Vogtland data centre — no transfer to a third country takes place.
  • Processing on our behalf: a data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.
  • No content delivery network (CDN): the content is delivered directly from the aforementioned server; a third-party CDN (e.g. Azure CDN) is not used.

Microsoft: the add-in runs within your own Microsoft 365 / Outlook environment; the re-attaching of the files takes place via Microsoft Graph using your own sign-in (see section 4). In this respect, Microsoft is not our processor — the processing takes place within your Microsoft tenant, for which separate agreements between you or your organisation and Microsoft apply. No disclosure of your data to third parties beyond this takes place.

09 Your rights as a data subject

Under the GDPR you have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Withdrawal of a consent given, with effect for the future

To exercise them, an informal message to the email address named in section 1 is sufficient.

Right to lodge a complaint (Art. 77 GDPR): you can lodge a complaint with a data protection supervisory authority. The authority responsible for the controller is:

Berlin Commissioner for Data Protection and Freedom of Information
(Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Alt-Moabit 59–61
10555 Berlin
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Web: datenschutz-berlin.de

10 Storage period & deletion

We store personal data only for as long as is necessary for the stated purposes or as long as statutory retention obligations exist. Server logs are processed in accordance with section 3. As this marketing website maintains no accounts and no cookies of its own, no further personal master data arises here; for the paid account area, see sections 14 and 15.

11 No automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.

12 Minors

The service is not directed at children. Persons under the age of 16 should not transmit any personal data without the consent of their legal guardians.

13 SSL/TLS encryption & changes

For security reasons, this site uses SSL/TLS encryption, recognisable by the „https://“ in your browser’s address bar. We adapt this privacy policy when the data processing or the legal situation changes. The version published here at any given time applies.

14 Account & paid plans

For the paid plans (Pro, Lifetime) and to manage mailboxes, we operate a user account in the account area (app.replywithattachments.com). This goes beyond the purely static marketing website described above.

  • Data processed: email address, sign-in data (one-time code or password in hashed form), connected mailboxes/accounts (Exchange mailbox identifiers), plan and status information, sign-in timestamps.
  • Purpose & legal basis: provision and management of the account, authentication and performance of the usage contract — Art. 6(1)(b) GDPR; security and abuse prevention — Art. 6(1)(f) GDPR.
  • Transactional emails: for sign-in we send a one-time code and, where applicable, contract confirmations by email.
  • Cookies/tokens: the signed-in account area uses technically necessary cookies or comparable storage (e.g. session/authentication tokens); no consent is required for these (§ 25(2) no. 2 TDDDG). No tracking or marketing cookies are set.
  • Storage period: for the duration of the account; after deletion the data is erased unless statutory retention obligations apply (see section 15).

15 Payment via Stripe

Paid plans are processed via the payment service provider Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland).

  • Data processed: name, email address, billing and transaction data, payment-method data. Full payment-method details are collected and processed by Stripe; we do not receive them in clear text.
  • Purpose & legal basis: performance of the payment and the contract — Art. 6(1)(b) GDPR; compliance with tax and commercial-law obligations — Art. 6(1)(c) GDPR; fraud prevention — Art. 6(1)(f) GDPR.
  • Storage period: invoices/accounting records are retained in line with statutory retention periods (generally up to ten years, § 147 AO, § 257 HGB).