Privacy Policy

1. Data Protection at a Glance

General information

The following section provides a simple overview of what happens with your personal data when you visit our website or use our services. "Personal data" is any information that can personally identify you. For detailed information, please refer to the full privacy policy below.

Who is responsible for data collection on this site?

The data processing on this website is carried out by the website operator. The operator's contact details are provided under "Information about the responsible party" in this Privacy Policy.

How do we collect your data?

Some data are collected when you provide them to us (for example, data you enter in a contact form or when registering for our service). Other data are collected automatically by our IT systems when you visit the website. This includes primarily technical data (e.g. web browser, operating system, or the time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyze how visitors use the website or to improve our services and marketing. If you use our services (SaaS platform), we use the personal data you provide to operate the service and fulfill our contractual obligations to you.

What rights do you have regarding your data?

You have the right to obtain information at any time about the origin, recipients, and purpose of your stored personal data at no charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke that consent at any time with effect for the future. In certain circumstances, you have the right to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority if you believe your data is being processed in violation of the law.

Analytics and third-party tools

When visiting this website, your browsing behavior may be statistically analyzed. This happens mainly with analytics programs. Detailed information about these analytics programs and other third-party tools can be found in the full privacy policy below.

2. Hosting

Vercel

We host our website with the service provider Vercel. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, Vercel collects various log files (e.g. your IP address, request timing, etc.) as part of providing the hosting service.

Vercel is a platform for building and hosting websites. Vercel may place cookies or use other necessary tracking technologies to ensure the proper display of the site, provide certain website functionalities, and maintain security (these are "necessary cookies" required for the site to function).

For more details, you can refer to Vercel's privacy policy on their website. We use Vercel based on Art. 6(1)(f) GDPR, as we have a legitimate interest in a reliable and secure presentation of our website. If we have requested your consent for certain data processing (for example, via a cookie consent banner), then the processing in those cases occurs exclusively on the basis of your consent (Art. 6(1)(a) GDPR and §25 (1) TTDSG, the German Telecommunication-Telemedia Data Protection Act, insofar as the consent includes storing cookies or accessing information on your device for tracking). You can revoke your consent at any time with future effect.

Data transfer to third countries: Using Vercel may involve transmitting personal data (such as IP addresses in log files) to servers in the United States. Such data transfer to the USA is safeguarded by the European Commission's Standard Contractual Clauses, which provide appropriate data protection guarantees for international transfers.

Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with Vercel. This contract, required by data protection law, ensures that Vercel processes the personal data of our website visitors only on our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data protection

We take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy. Whenever you use this website (or our services), various pieces of personal information may be collected. This privacy policy explains what information we collect, how we use it, and for what purposes. It also explains your rights regarding your data. Please note that transmitting data via the internet (for example, communication by email) can have security vulnerabilities. It is not possible to completely protect data from access by third parties. However, we secure our website and systems through technical and organizational measures appropriate to the level of risk.

Information about the responsible party (Data Controller)

The "data controller" (responsible party) – i.e. the person or entity who determines the purposes and means of processing personal data – for this website and service is:

If you have any questions or concerns about data protection, you can contact us at the address or email above at any time.

Your rights

As a data subject affected by the processing of personal data, you have the following rights under the GDPR and other applicable data protection laws. You may exercise these rights at any time by contacting us at the address above:

Right of access

You have the right to obtain confirmation as to whether or not we are processing personal data about you. If so, you can request information about your personal data stored by us, including details such as the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom data have been or will be disclosed, and, where possible, the envisaged storage period or the criteria used to determine that period. A copy of this information will be provided to you free of charge.

Right to rectification

You have the right to request that inaccurate or incomplete personal data we hold about you be corrected or completed without undue delay.

Right to erasure

You have the right to request the deletion of your personal data ("right to be forgotten") in certain circumstances – for example, if the data are no longer necessary for the purposes for which they were collected, if you have withdrawn your consent and there is no other legal basis for processing, or if your data is being processed unlawfully. Please note that this right can be subject to exceptions (for instance, we may not delete data that we are legally required to retain).

Right to restrict processing

You have the right to request the restriction of processing of your personal data in certain situations. This means we would mark the stored data to limit how we process it. For example, you might request restriction if you contest the accuracy of your data (for a period enabling us to verify it) or if you object to our processing based on legitimate interests (pending an assessment of whose interests prevail).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data that is based on Art. 6(1)(e) GDPR (processing in the public interest) or Art. 6(1)(f) GDPR (processing based on legitimate interests). If you file an objection, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is for the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such marketing, and if you do so we will cease processing your data for direct marketing purposes immediately.

Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used, machine-readable format, and to have those data transmitted to another controller where technically feasible. This applies when the processing is based on your consent or on a contract and is carried out by automated means.

Right to withdraw consent

Many data processing operations by us are only possible with your explicit consent (e.g. subscribing to a newsletter, or optional analytics cookies). Where we are processing your data based on your consent, you have the right to revoke that consent at any time. The withdrawal of consent will not affect the lawfulness of any processing we conducted based on consent before its withdrawal.

Right to lodge a complaint

If you believe that we have violated data protection laws in processing your personal data, you have the right to lodge a complaint with a data protection supervisory authority. You can typically contact the supervisory authority in the EU member state of your habitual residence, place of work, or the location of the alleged infringement. For our company in Germany, the competent supervisory authority is the Data Protection Commissioner of the state of North Rhine-Westphalia. This right to complain is without prejudice to any other administrative or judicial remedies you may have.

Data retention

Unless a more specific retention period is stated in this privacy policy, your personal data will be kept by us only for as long as necessary to fulfill the purposes for which it was collected. Once the purpose no longer applies, we will delete or anonymize your data, unless we are obliged by law to keep it longer (for example, retention obligations under tax or commercial laws). In cases where we process your data based on your consent and you withdraw that consent, we will delete your data, provided there is no other legal basis for continuing the processing. In cases where we process data based on our legitimate interests, we will delete or anonymize the data when those interests no longer apply or your valid objection requires us to stop. If you request deletion of your data or revoke consent, we will ensure your data is erased or anonymized unless we have legal grounds to continue storing it. In the latter case, the data will be deleted after those legal grounds (e.g. statutory retention periods) no longer apply.

Security measures

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments. This includes using SSL/TLS encryption for our website. You can verify that a connection is encrypted by checking that the browser's address bar begins with "https://" and often a padlock icon is displayed. When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties during transfer.

4. Data Collection on This Website

Cookies

Our website uses "cookies." Cookies are small text files that are stored on your device and that your browser saves. They do not harm your device. We use both session cookies, which are automatically deleted at the end of your visit, and persistent cookies, which remain stored on your device until you delete them or they expire on their own. Persistent cookies allow us to remember your preferences or actions across multiple site visits.

Cookies serve a variety of functions. Many cookies are technically necessary for the operation of the site (for example, to implement certain functionalities or to ensure security). These are often referred to as "necessary" or "essential" cookies. Other cookies may be used to understand how you interact with the site (analytics cookies) or for advertising purposes.

When you first visit our website, you may be presented with a cookie consent banner allowing you to accept or reject certain categories of non-essential cookies. You can configure your web browser to notify you about cookie placement, to allow cookies only in individual cases, to accept cookies only for specific purposes or to generally exclude them, and to enable automatic deletion of cookies when the browser is closed. However, if you disable or refuse cookies, some features of this website may not function properly.

Legal basis: Cookies that are essential for carrying out electronic communications or providing certain functions you request (such as adding items to a shopping cart or remembering login status) are stored based on Art. 6(1)(f) GDPR. Our legitimate interest is to ensure the technically error-free and optimized provision of our services. If we use other cookies (for example, for analytics or marketing), these will only be set with your consent, based on Art. 6(1)(a) GDPR (and §25 (1) TTDSG if applicable for accessing device information). You can withdraw your consent at any time by adjusting your cookie settings or using your browser settings to delete cookies.

Server log files

The provider of this website (our hosting provider) automatically collects and stores information in server log files, which your browser transmits automatically to us. These log files typically include:

• Browser type and version
• Operating system used
• Referrer URL (the previously visited page)
• Hostname of the accessing computer (IP address or device name)
• Time and date of the server request
• IP address

This data is collected automatically when you visit our site and is necessary for technical reasons to deliver the website content to you and to ensure stability and security. We do not combine this log data with other data sources, and we do not attempt to identify you through this information alone. The server log data is primarily used to monitor for malicious activity, debug errors, and analyze performance.

Legal basis: The storage of this data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and security of our website, and the collection of server log files is essential to achieve this.

Contact form

If you send inquiries to us via a contact form on the website, the information you provide on the form (including any personal contact details you enter such as your name, email address, phone number) will be transmitted to us and stored so that we can process your inquiry and any follow-up questions. We treat the information you provide via the contact form as confidential. We do not share this information with third parties without your permission, unless it is necessary to fulfill your request (for example, if your inquiry requires involvement of a partner or service provider, we would only do so with your consent or as otherwise permitted by law).

Legal basis: If your contact request is related to fulfilling a contract or taking steps prior to entering into a contract (for example, inquiries about our service or an order you placed), the data you provide will be processed under Art. 6(1)(b) GDPR (processing necessary for the performance of a contract or pre-contractual measures). In all other cases, the processing of contact form data is based on our legitimate interest in effectively handling the requests addressed to us (Art. 6(1)(f) GDPR). If we ask for your consent for certain processing (for instance, to retain your information for future contact or marketing), and you grant consent, then Art. 6(1)(a) GDPR is the legal basis. You may revoke such consent at any time.

Retention of contact data: The data you send us via the contact form will remain with us until (i) you request us to delete it, or (ii) you withdraw your consent (if consent was the basis for processing), or (iii) the purpose for storing the data no longer applies (for example, after we have fully resolved your inquiry and any follow-up matters). Mandatory statutory provisions – especially retention periods under commercial or tax law – remain unaffected by this (meaning we may retain certain communications for the period required by law).

Contact by email or phone

If you contact us by email, telephone, or other means (e.g. live chat, postal mail), we will process the personal data you provide in that communication. This typically includes your email address, phone number, or other contact information, and any information you include in your message (which may include your name, the content of your request, and any other data you provide voluntarily). We will use this data solely for the purpose of answering your inquiry, contacting you, and handling your request. We will not share such information with third parties without your consent, unless it is required to fulfill your request or we are legally permitted/obliged to do so.

Legal basis: The legal basis for processing data from communications initiated by you is generally Art. 6(1)(b) GDPR if the contact is related to a contractual relationship or pre-contractual inquiries (for example, you have questions about our service, or you are seeking support for a service you have paid for). In other cases, the processing is based on our legitimate interest in effectively responding to the communications we receive (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if we explicitly seek and you provide such consent for further follow-up. You can withdraw consent at any time.

We will retain communications (emails, etc.) that you send to us for as long as necessary to fully process your request and any subsequent questions. Once the communication is concluded, we will archive or delete the correspondence, unless continued retention is justified by a legitimate business interest (for example, to have a history of support requests) or required under statutory retention duties.

Account registration and use of our service

If our website offers user account registration or if you sign up to use our Software-as-a-Service (SaaS) platform, we will collect and process personal data required for setting up and maintaining your account. This data typically includes information such as your name, email address, contact details, organization name, and any other details requested during registration. We will also process any personal data that you provide to us or generate through your use of the service – for example, data you upload into the platform, settings and preferences you configure, and usage logs related to your account activities.

We use this data to create and manage your user account, to provide you with access to the SaaS services, to authenticate you as a user, and to deliver the functionality of our services (including customer support, if you reach out for assistance). We may also use your account data to communicate with you about service updates, changes to terms, or important security notices related to your use of the service.

Legal basis: The processing of your account and service usage data is primarily based on Art. 6(1)(b) GDPR, as it is necessary for the performance of the contract between you and us (providing the SaaS service and associated support). If we use some of this data to improve our services or for analytical purposes related to service enhancement, we may rely on our legitimate interest (Art. 6(1)(f) GDPR) in refining our product and ensuring the service meets user needs — however, in such cases, wherever feasible, we will use aggregated or pseudonymized data to protect your privacy. If any processing of account data requires your consent (for example, using your email for sending optional marketing communications), we will seek your consent (Art. 6(1)(a) GDPR) and you have the right to withdraw it at any time.

Retention of account data: We will retain your account information and any personal data processed within the service for as long as your account is active and as needed to provide you with the service. If you delete your account or terminate the use of our service, we will delete or anonymize your personal data associated with the account, except for any data we are required to retain by law or have a legitimate interest to retain (for example, records of transactions for accounting purposes, or logs needed for security and fraud prevention). In cases where retention is based on legitimate interest or legal requirement, the data will be retained only for the duration necessary to fulfill those purposes and will be inaccessible for routine use.

We do not share the personal data from your account or your use of the service with third parties, except as necessary for providing the service (for example, if we use subprocessors or cloud service providers to host data, they will only process data on our behalf under strict agreements) or if required by law. Any third-party service providers involved in processing user data for the service are bound by Data Processing Agreements and are not permitted to use your data for their own purposes.

5. Analysis Tools and Advertising

PostHog (web analytics)

This website uses PostHog for web analytics to understand how users interact with our site and service. The provider is PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA.

PostHog enables us to record and analyze user behavior on our website and application. For example, we can track events such as page visits, button clicks, scrolling behavior, and other interactions. This information helps us improve our website's usability and our product based on how users actually use them.

We utilize PostHog's European cloud infrastructure, meaning that all data collected through PostHog on our website is stored and processed on servers located within the European Union. According to PostHog, no personal data collected via our implementation of PostHog is transmitted to the USA or other third countries outside the EU. PostHog acts as our data processor, processing the data only on our behalf and according to our instructions.

The data collected by PostHog may include information such as your device type, browser type, your IP address (though we may configure PostHog to anonymize or truncate IP addresses if possible to enhance privacy), pages you visited, the time spent on pages, and navigation paths. PostHog may use cookies or similar technologies to distinguish repeat visitors and track user sessions (these would be covered under our cookie consent if applicable).

Legal basis: We use PostHog analytics based on Art. 6(1)(f) GDPR, relying on our legitimate interest in analyzing user behavior in order to optimize both our website and our marketing efforts, as well as to improve our product's features and user experience. If we have asked for your consent (for example, via a cookie banner) to employ analytics cookies or tracking, then the processing by PostHog is carried out only on the basis of your consent (Art. 6(1)(a) GDPR and §25 (1) TTDSG if applicable). In such cases, you can revoke your consent at any time, which will stop the collection of your data by PostHog for analytics.

All data collected through PostHog is processed under a Data Processing Agreement we have signed with PostHog, which ensures that they handle data in compliance with GDPR and only according to our instructions. Additionally, since we use the EU-based hosting for PostHog, data remains within jurisdictions covered by the GDPR.

For more information on PostHog's privacy practices, you can refer to PostHog's own privacy policy (available on PostHog's official website) which provides details on how PostHog handles analytics data.

(Note: We do not use Google Analytics or other advertising/tracking tools that transfer your data to third countries without your knowledge. If in the future we integrate any additional analytics or marketing services, we will update our privacy policy accordingly and seek any necessary consents.)

6. Social Media

Our website integrates certain elements from social media platforms to provide enhanced content and to help promote our presence on those platforms. These social media elements may collect personal data when you interact with them or when they are loaded in your browser. Below we explain the social media integrations we use and what happens with your data in those cases.

Facebook plugins (e.g. Like & Share buttons)

This website may include plug-ins or interactive elements of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can typically recognize Facebook plugins by the Facebook logo or "Like"/"Share" buttons on our site.

When you access a page on our website that contains a Facebook plugin, your browser establishes a direct connection to Facebook's servers. If the plugin is active (for instance, if it's a visible Like button or a Facebook feed widget), Facebook will receive certain information from your browser automatically. This includes at least your IP address, the page you visited on our site, and possibly other technical data (like browser details).

If you are logged into your Facebook account at the same time, Facebook could associate your visit to our site with your Facebook profile. If you interact with the plugin (for example, by clicking the "Like" button or a "Share" button), the corresponding information will be transmitted directly from your browser to Facebook and stored there, and the action may be visible to your Facebook friends or the public (depending on your Facebook privacy settings).

We want to point out that, as the website provider, we do not have full knowledge of the content of the data transmitted to Facebook or how Facebook uses that data. For more information on this, please consult Facebook's Data Policy available on their website (e.g. at Facebook's Privacy Center or via the link Facebook Data Policy).

According to Facebook, the data it collects via plugins may be transferred to servers in the United States or other countries outside the European Union. Facebook is certified under the EU-US Data Privacy Framework (if applicable) or otherwise relies on Standard Contractual Clauses for such transfers, to ensure an adequate level of protection for personal data.

Legal basis: The use of Facebook plugins on our site occurs in part on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in having a broad visibility on social media and making our website more engaging for users. If you as a user have given consent (for example, via our cookie/settings banner enabling social media integrations), then the processing of your data through the Facebook plugin is based on that consent (Art. 6(1)(a) GDPR and §25 TTDSG for any device information access). You can revoke consent at any time by adjusting your settings, which will prevent the Facebook plugin from loading in the future.

Instagram features

We also incorporate features of Instagram on our website. Instagram is a social media service also provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For example, we might embed an Instagram feed or include an Instagram "Follow" button or icon.

When you visit a page that contains an Instagram feature, your browser connects to Instagram's servers (which are essentially the same infrastructure as Facebook's, since both are Meta). If the Instagram component (e.g., an embedded photo feed or button) is active on the page, Instagram receives information such as your IP address and the page you are viewing. If you are logged in to your Instagram account, Instagram can associate your visit to our site with your Instagram profile. Clicking an Instagram button (like the "Instagram camera" icon that links to our Instagram page) may allow Instagram to know that you visited our site and followed a link to our profile.

Similar to Facebook, we (as the site operator) do not know the full extent of data that Instagram may collect in this manner or how it is used by Instagram. For more information, see Instagram's Privacy Policy/Help Center (for instance, the page Instagram Privacy and Data Policy provides details on how data is handled by Meta for the Instagram service).

Instagram (via Meta) may also transfer personal data to servers in the United States or other non-EU countries and uses safeguards like Standard Contractual Clauses to legitimize such transfers.

Legal basis: The integration of Instagram features is based on our legitimate interest (Art. 6(1)(f) GDPR) in presenting our content across social platforms and engaging with users, as well as making our website appealing by showcasing social media content. If we request and you provide consent (Art. 6(1)(a) GDPR) for loading Instagram content (e.g., through a cookie consent tool that blocks Instagram until approved), then that consent serves as the legal basis. Any given consent can be withdrawn at any time for future interactions.

Joint responsibility with Meta (Facebook/Instagram)

Insofar as personal data is collected on our website by the Facebook or Instagram plugins/tools and forwarded to Facebook/Instagram, we share responsibility (as joint controllers) with Meta Platforms Ireland Limited for this data processing, as defined by Art. 26 GDPR. This joint responsibility is limited exclusively to the collection of data and its transmission to Facebook/Instagram. Any processing that takes place by Facebook or Instagram after the data has been transmitted (for example, how Facebook uses data for its own purposes, or how long it is stored by Facebook) is not part of our joint responsibility – it is carried out under Facebook/Instagram's sole responsibility.

We have entered into a joint controller agreement with Meta that outlines each party's respective responsibilities regarding the handling of personal data in the context of Facebook and Instagram tools on our site. According to this agreement (commonly referred to as the "Controller Addendum" available via Facebook's legal resources), we are responsible for providing you with this privacy information about the Facebook/Instagram tools on our site and for implementing the tools on our site in a privacy-secure manner (for example, ensuring that the plugins are integrated in a way that complies with data protection requirements). Facebook (Meta) is responsible for the data security of its Facebook and Instagram platforms and is the entity responsible for handling any data subject rights requests regarding the data it holds.

Exercising your rights: You can assert your data subject rights regarding the data collected and transmitted via the Facebook/Instagram plugins directly against Meta (i.e., to Facebook or Instagram). This means, for instance, you can request information or deletion of data directly from Facebook/Instagram through their established channels. If you contact us regarding data that was collected via the Facebook/Instagram elements on our site, we are obligated under our agreement with Meta to forward your inquiry to Facebook (since Facebook/Instagram has the direct access to that data). Facebook will then handle the request in accordance with their procedures. Of course, you can always contact us first if you have any concerns about our use of social media plugins, and we will assist you to the best of our ability.

7. Plugins and Tools

Google Web Fonts

For uniform representation of fonts, this site uses Google Web Fonts, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the EU, or by Google LLC in the USA (as parent company). When you open a page on our website, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.

To do this, your browser needs to establish a connection to Google's servers. As a result, Google is informed that our website was accessed from your device's IP address. During this process of fetching the font files, certain technical data (including the IP address of your device, the time of the request, and the pages visited that required the font) may be transmitted to Google.

We use Google Web Fonts to ensure a consistent and attractive presentation of our website across different devices and browsers. The fonts we use are hosted by Google to improve loading performance and reliability. If your browser does not support Web Fonts, or if you have disabled the use of Google Web Fonts, then a default font from your computer will be used instead.

Data transfer to the US: The use of Google Web Fonts can result in data (specifically your IP address and font request information) being transmitted to Google servers located outside the EU (for example, in the United States). Google is Privacy Shield certified (under the new EU-US Data Privacy Framework) or otherwise relies on Standard Contractual Clauses for data transfers, which are intended to provide adequate protection for any personal data transferred to third countries.

Legal basis: We utilize Google Web Fonts based on Art. 6(1)(f) GDPR. We have a legitimate interest in the uniform and visually pleasing presentation of our website. The use of external fonts helps us maintain a consistent look and feel without having to host the font files ourselves, which can improve site loading times and user experience. In cases where you have been prompted for consent (for instance, if our site's cookie or settings management treats Google Web Fonts loading as a service requiring consent), then the processing of data by Google Web Fonts is based on your consent (Art. 6(1)(a) GDPR). You may revoke such consent at any time by adjusting your browser settings to block fonts or through our website's privacy settings if available.

For more information about Google Web Fonts, you can read the FAQs provided by Google at https://developers.google.com/fonts/faq which address privacy and usage questions. You can also consult Google's general Privacy Policy at https://policies.google.com/privacy for details on how Google handles personal data.

Final Notes

We reserve the right to update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or for any other reason. The latest version will always be available on our website. We encourage you to review this policy periodically for any updates. If we make significant changes, we may notify you via email or a prominent notice on our site.

If you have any questions or concerns about this Privacy Policy or about data protection at our company, please do not hesitate to contact us at the address or email provided in the "Responsible Party" section above. Your trust is important to us, and we are committed to safeguarding your personal data.

Thank you for using our website and services.