Privacy Policy

Draft. The German version is legally authoritative.

We process only data needed for operation, contract fulfilment and security. At launch there is no analytics, no marketing pixel and no embedded Instagram widget.

Controller

Katharina Schneider, Hauptstraße 129c, 61440 Oberursel, email kontakt@[…].

Hosting and logs

When the website is accessed, the host processes technical server data such as IP address, timestamp and requested resource. The legal basis is Art. 6 (1) f GDPR.

Language gate

The root page may read the browser language to redirect to /de/ or /en/. This information is not stored permanently.

Payments and Stripe

Payments use Stripe-hosted Checkout and portal pages. Payment card data never touches our server. Stripe processes payment and invoice data for contract fulfilment.

Magic link, session and entitlements

For login we process the email address, short-lived hashed login tokens, a technically required HMAC session cookie and a local entitlement cache with Stripe customer ID, email and purchase status. The session cookie is technically required; therefore no cookie banner is used.

Downloads and storage

Downloads are served through a protected PHP endpoint. Session, entitlement and download key are checked. Real storage paths are not exposed to the browser.

Contact, emails and invoices

When you contact us, we process your message and sender address. Transaction and magic-link emails use the final mail host […]. Invoice data is processed by Stripe and retained according to statutory retention periods.

Data subject rights

You have rights to access, rectification, erasure, restriction, data portability and objection, plus the right to complain to a supervisory authority.