Privacy Policy

Last updated: March 2026 — Datenschutzerklärung auf Deutsch

1. Controller

The data controller responsible for processing your personal data is:

Hendrik Dreesmann
c/o COCENTER, Koppoldstr. 1, 86551 Aichach, Germany
Email: [email protected]

2. Data We Collect

Data you provide directly:

  • Email address (required for account creation and transactional emails)
  • Name (optional, for personalisation)
  • Financial planning inputs (court counts, budgets, timelines — stored in your scenarios)
  • Feedback messages submitted via the site feedback form

Data collected automatically:

  • Aggregated, anonymised page-view data via Umami (no IP address stored, no cross-site tracking)
  • Anonymised interaction data (clicks, scroll depth, session recordings) via Microsoft Clarity — only with your consent
  • Session cookie to keep you signed in

Data collected at checkout (by Stripe, our payment processor):

  • Payment card details, billing address, and VAT number (processed exclusively by Stripe; we never see raw card data)

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR) — account management, delivering the Service, processing payments
  • Legitimate interests (Art. 6(1)(f) GDPR) — fraud prevention, service security, aggregate analytics to improve the platform
  • Legal obligation (Art. 6(1)(c) GDPR) — retaining transaction records for tax purposes
  • Consent (Art. 6(1)(a) GDPR) — functional/A-B test cookies (where opted in); marketing communications (where opted in)

4. Service Providers (Sub-processors)

  • Umami (self-hosted on our own infrastructure) — cookieless, privacy-first analytics. No personal data transferred to third parties.
  • Stripe (Stripe Payments Europe Limited, Dublin, Ireland; Stripe, Inc., USA) — payment processing, subscription management, and Stripe Tax for EU VAT. Stripe receives card details, billing address, and VAT number directly at checkout; we never see raw card data. See Stripe's Privacy Policy.
  • Resend (resend.com, USA) — transactional email delivery (magic links, receipts). Data is transferred under Standard Contractual Clauses. See Resend's Privacy Policy.
  • Microsoft Clarity (clarity.microsoft.com, USA) — heatmaps and session recordings for UX improvement. Only active with your consent (functional cookies). Data is transferred under Standard Contractual Clauses. See Microsoft Privacy Statement.

5. Data Retention

  • Account data: retained while your account is active; deleted within 30 days of account deletion
  • Financial scenarios: deleted with your account on request
  • Transaction records: retained for 10 years to meet German commercial and tax law obligations (§ 257 HGB, § 147 AO)
  • Feedback: retained for up to 2 years for product improvement purposes

6. Cookies

You can manage your preferences at any time via the "Manage Cookies" link in the footer.

Essential (always active)

  • session — Keeps you signed in. Secure, HttpOnly, SameSite=Lax. Expires after 30 days of inactivity.
  • cookie_consent — Stores your cookie preferences. Expires after 1 year.
  • lang — Stores your preferred language (en/de). Expires after 1 year.

Functional (require consent)

  • ab_* — Assigns you to an A/B test variant to help us improve the site. Expires after 30 days. Only set if you accept functional cookies.
  • _clck — Microsoft Clarity user identifier. Expires after 12 months. Only set if you accept functional cookies.
  • _clsk — Microsoft Clarity session identifier. Expires at end of session. Only set if you accept functional cookies.

Payment (checkout only)

  • Stripe cookies — Set by Stripe, our payment provider, on the Stripe-hosted checkout page. Strictly necessary for fraud prevention and processing payments. See Stripe's Privacy Policy.

We use Umami (self-hosted) for analytics. Umami is cookieless and does not track individual users across sessions or store IP addresses.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access — request a copy of your personal data (Art. 15)
  • Rectification — correct inaccurate or incomplete data (Art. 16)
  • Erasure — request deletion of your data, subject to legal retention obligations (Art. 17)
  • Restriction — restrict processing in certain circumstances (Art. 18)
  • Portability — receive your data in a machine-readable format (Art. 20)
  • Objection — object to processing based on legitimate interests (Art. 21)
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your national supervisory authority. In Germany, the competent authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

8. International Transfers

Stripe is contracted via Stripe Payments Europe Limited (Dublin, Ireland); some Stripe processing occurs at Stripe, Inc. in the USA. Resend and Microsoft Clarity also process data in the USA. All US transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Umami runs on our own EU-based infrastructure — no data leaves the EU.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or a prominent notice within the Service. The date at the top of this page reflects the most recent revision.

10. Contact

For privacy inquiries: [email protected]

Please confirm