Privacy Policy

The controller within the meaning of the GDPR is the operator named in the Imprint.

We only process personal data to the extent necessary to provide our services. Processing takes place on the basis of Art. 6(1) GDPR.

Cloudflare, Inc. — Our content and image files are delivered via Cloudflare R2 and the Cloudflare CDN. Cloudflare processes technically necessary connection data (IP address, browser type, access time). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient delivery).

Cloudflare is certified under the EU-US Data Privacy Framework. Privacy notice: https://www.cloudflare.com/privacypolicy/

Twilio SendGrid — We use SendGrid to send emails (newsletter, confirmations). Email address, name, and delivery metadata are processed. Legal basis: Art. 6(1)(a) GDPR (consent) or (b) (performance of a contract).

Twilio is certified under the EU-US Data Privacy Framework. Privacy notice: https://www.twilio.com/legal/privacy

Meta Platforms (Instagram, Facebook, Threads) — We use the Instagram Graph API, Facebook Pages API, and Threads API to publish content and analyze engagement metrics. Access tokens and public post metrics are processed. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in content marketing).

Privacy notice: https://privacycenter.instagram.com/policy

X Corp. (formerly Twitter) — We use the X API v2 to publish posts to our own X account and to read public engagement metrics on those posts. Only data of the authenticated account owner is processed. Legal basis: Art. 6(1)(f) GDPR.

Privacy notice: https://x.com/en/privacy

TikTok (ByteDance) — We use the TikTok Login Kit and Content Posting API to publish content to our own TikTok account. Only data of the authenticated account owner is processed. Legal basis: Art. 6(1)(f) GDPR.

Privacy notice: https://www.tiktok.com/legal/page/eea/privacy-policy/en

Google Gemini — We use Google Gemini APIs for image and text generation. Prompts and generated content are processed. No personal user data is transmitted to Google. Legal basis: Art. 6(1)(f) GDPR.

Anthropic (Claude) — We use Claude APIs for content generation. No personal end-user data is transmitted. Legal basis: Art. 6(1)(f) GDPR.

We use the following cookies:

• cookie_consent — Stores your cookie consent (1 year, technically necessary)
• fv_id — Anonymous visitor ID for funnel analytics (session cookie, technically necessary for conversion tracking)

We do not use third-party tracking cookies or cross-site tracking.

Personal data is only retained for as long as necessary for the respective processing purpose:

• Email addresses: until consent is revoked
• Analytics data: 90 days
• Funnel visit data: 30 days
• Affiliate click data: 90 days

You have the following rights under the GDPR:

• Access (Art. 15) — what data we store about you
• Rectification (Art. 16) — correction of inaccurate data
• Erasure (Art. 17) — deletion of your data
• Restriction (Art. 18) — restriction of processing
• Data portability (Art. 20) — your data in a machine-readable format
• Objection (Art. 21) — to processing based on legitimate interests
• Withdrawal (Art. 7(3)) — consent may be withdrawn at any time

To exercise your rights, contact us via the email address provided in the Legal Notice.

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). Competent authority is the supervisory authority of your residence or that of the controller.

We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our services. The current version is always available on this page.