Privacy Notice

Last updated: 19/06/2026

1. Controller

The data controller responsible for processing your personal data under the GDPR is:
Maximilian Kraus
Heinrich-Könn-Straße 26
40625 Düsseldorf, Germany
Email: mkraus.corp@gmail.com

2. Personal Data We Collect

• Account data: name, email, hashed password (or OAuth identifier).
• Profile & usage data: properties, calculations, forecasts and settings you create.
• Support data: messages you send us.
• Technical data: IP address, device/browser, log data, error reports.
• Cookies: essential session cookies; see Section 9.

Payment data (card details, billing address) is collected and processed directly by our payment provider Paddle and is not stored on our servers.

3. Purposes & Legal Basis

• Account creation and authentication — performance of contract (Art. 6(1)(b) GDPR).
• Providing the service (calculations, forecasts, storage) — performance of contract.
• Customer support — performance of contract / legitimate interests.
• Security, fraud prevention, abuse detection — legitimate interests (Art. 6(1)(f)).
• Service improvement and aggregated analytics — legitimate interests.
• Legal obligations (accounting, tax) — Art. 6(1)(c).

4. Data Sharing

We share personal data only with:

• Hosting & infrastructure providers (database, AI/inference, email) acting as processors under DPAs.
• Paddle.com Market Limited, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance and invoicing.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

5. International Transfers

Some of our processors may be located outside the EEA/UK. In those cases we rely on adequacy decisions or Standard Contractual Clauses to safeguard your data.

6. Retention

Account and content data is retained for as long as your account is active and deleted (or anonymised) within a reasonable period after account closure, unless longer retention is required by law (e.g. tax records). Logs are kept for a limited period for security and debugging.

7. Your Rights

Under the GDPR you have the right to:

• access your personal data;
• rectify inaccurate data;
• erasure ("right to be forgotten");
• restriction of processing;
• data portability;
• object to processing based on legitimate interests;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with a supervisory authority (in Germany: your state DPA).

To exercise these rights, contact mkraus.corp@gmail.com. We respond within one month.

8. Security

We use appropriate technical and organisational measures including encryption in transit (TLS), encrypted storage at the database level, role-based access controls and audit logging.

9. Cookies & Tracking

We use essential cookies required for authentication and session management. With your explicit consent (via the cookie banner) we additionally load the Meta Pixel (Facebook/Instagram, pixel ID 979990801447087) to measure marketing performance and attribute conversions. The pixel is only loaded after you click "Accept" — if you decline or have not yet decided, no marketing cookies are set. You can revoke consent any time by clearing site data in your browser; the banner will then reappear.

We additionally use the Meta Conversions API (server-side). After you consent, key events (page views, sign-up, checkout, purchase) are also sent server-to-server to Meta with hashed email, your IP address and user-agent. Each event carries a shared identifier so Meta deduplicates the browser pixel and the server event into a single record. Server-side purchase confirmations from our payment provider Paddle are sent to ensure accurate billing attribution; this is processed on the basis of our legitimate interest in fraud-resistant conversion measurement (Art. 6(1)(f) GDPR).

Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG. Data processed via the Meta Pixel and Meta Conversions API may be transferred to Meta Platforms Ireland Ltd. and Meta Platforms Inc. (USA) on the basis of Standard Contractual Clauses.

10. Changes

We may update this notice. Material changes will be communicated via the service or by email.