Privacy Notice

Last updated: 05/05/2026

1. Controller

The data controller responsible for processing your personal data under the GDPR is:
Maximilian Kraus
Heinrich-Könn-Straße 26
40625 Düsseldorf, Germany
Email: mkraus.corp@gmail.com

2. Personal Data We Collect

• Account data: name, email, hashed password (or OAuth identifier).
• Profile & usage data: properties, calculations, forecasts and settings you create.
• Support data: messages you send us.
• Technical data: IP address, device/browser, log data, error reports.
• Cookies: essential session cookies; see Section 9.

Payment data (card details, billing address) is collected and processed directly by our payment provider Paddle and is not stored on our servers.

3. Purposes & Legal Basis

• Account creation and authentication — performance of contract (Art. 6(1)(b) GDPR).
• Providing the service (calculations, forecasts, storage) — performance of contract.
• Customer support — performance of contract / legitimate interests.
• Security, fraud prevention, abuse detection — legitimate interests (Art. 6(1)(f)).
• Service improvement and aggregated analytics — legitimate interests.
• Legal obligations (accounting, tax) — Art. 6(1)(c).

4. Data Sharing

We share personal data only with:

• Hosting & infrastructure providers (database, AI/inference, email) acting as processors under DPAs.
• Paddle.com Market Limited, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance and invoicing.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

5. International Transfers

Some of our processors may be located outside the EEA/UK. In those cases we rely on adequacy decisions or Standard Contractual Clauses to safeguard your data.

6. Retention

Account and content data is retained for as long as your account is active and deleted (or anonymised) within a reasonable period after account closure, unless longer retention is required by law (e.g. tax records). Logs are kept for a limited period for security and debugging.

7. Your Rights

Under the GDPR you have the right to:

• access your personal data;
• rectify inaccurate data;
• erasure ("right to be forgotten");
• restriction of processing;
• data portability;
• object to processing based on legitimate interests;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with a supervisory authority (in Germany: your state DPA).

To exercise these rights, contact mkraus.corp@gmail.com. We respond within one month.

8. Security

We use appropriate technical and organisational measures including encryption in transit (TLS), encrypted storage at the database level, role-based access controls and audit logging.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising cookies. You can clear cookies in your browser at any time; doing so will sign you out.

10. Changes

We may update this notice. Material changes will be communicated via the service or by email.