Loading...
Zurück / Back

Privacy Policy

Last updated: March 2026

1. Data Controller

[FIRMENNAME]
[VOLLSTÄNDIGER NAME]
[STRASSE HAUSNUMMER]
[PLZ ORT]
Email: [E-MAIL-ADRESSE]
Phone: [TELEFONNUMMER]

2. Data We Collect

2.1 Account Data

When you register, we collect your email address and chosen username. Your password is stored exclusively as a cryptographic hash – we never have access to your plaintext password.

2.2 Payment Data

Payment processing is handled by Stripe. We do not store any credit card or bank details on our servers. Stripe processes your payment data in accordance with the Stripe Privacy Policy.

2.3 Analytics

We use our own server-based analytics solution without cookies. No personal data is transmitted to third-party providers. To distinguish sessions, a randomly generated session ID is stored in your browser's localStorage. This ID is not linked to your account and can be removed at any time by clearing your localStorage.

2.4 Email

For transactional emails (e.g., registration confirmation, password reset, purchase confirmations), we use Amazon Web Services Simple Email Service (AWS SES). Processing is carried out under our data processing agreement with AWS.

3. Hosting

Our application is hosted on Amazon Web Services (AWS). Data processing takes place in data centers within the EU. AWS processes data in accordance with the AWS Privacy Policy.

4. Cookies and localStorage

We only use technically necessary session cookies for authentication. No tracking cookies or third-party cookies are used.

In your browser's localStorage, we store a session ID for our analytics and your user preferences (e.g., theme selection). This data does not leave your browser and is not used for tracking purposes.

5. Third-Party Data Sharing

Personal data is only shared with third parties for payment processing via Stripe. Beyond that, we do not share personal data with any third parties.

6. Data Retention

Account data is stored as long as your account is active. After account deletion, your personal data will be removed within 30 days, unless legal retention obligations apply. Invoices and billing records are retained for 10 years in accordance with German tax law (§ 147 AO).

In case of violations of our Terms of Service, we retain pseudonymized violation data (hashed email/username, type and date of the action) for up to 3 years. This serves to identify repeat offenders and to defend against legal claims (Art. 17(3)(e) GDPR). After account deletion, no direct personal reference remains.

7. Your Rights

You have the right to:

  • Access the data we store about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise your rights, please contact: [E-MAIL-ADRESSE]

You also have the right to lodge a complaint with a data protection supervisory authority.

8. Contact

For privacy-related questions, please reach out to:
[E-MAIL-ADRESSE]