privacy - fintechgraphs

##### Privacy Policy (EN) > 🇩🇪 **Deutsche Version:** [[datenschutz]] **Last updated:** October 1, 2025 ###### 1. Who we are (Controller) **FintechGraphs** (“we”, “us”) **Address:** Waldstraße 11, 65428 Rüsselsheim am Main, Germany **Email:** [email protected] We are the **controller** for personal data processed via this website and our services. If you have privacy questions, contact us at the address/email above. > We currently do **not** appoint a Data Protection Officer (DPO). If this changes, we will update this page. ###### 2. What data we process, for what purpose, and legal bases (Art. 6 GDPR) | Category | Examples | Purpose(s) | Legal basis | | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | | **Usage & log data** | IP address (shortened/anonymized for analytics), user agent, pages viewed, timestamps, referrer; Cloudflare edge logs | Site delivery, security (DDoS/WAF), performance; basic usage analytics | **Legitimate interests** (Art. 6(1)(f)) in secure, reliable service and audience measurement | | **Cookies & similar tech** | Consent cookie, Cloudflare bot-management cookies, GA cookies | Remember preferences; protect site; measure audiences | **Consent** (Art. 6(1)(a)) where required; otherwise **legitimate interests** for strictly necessary cookies | | **Support/contact data** | Name, email, message content | Respond to inquiries | **Legitimate interests** (Art. 6(1)(f)) in handling requests; or **contract** (Art. 6(1)(b)) if pre-contractual | | **Account/billing**(if applicable) | Email, name, company, billing details | Provide paid features, invoicing, notices | **Contract** (Art. 6(1)(b)); **legal obligation** (Art. 6(1)(c)) for tax/commerce retention | | **Content you submit** (if applicable) | Feedback, files, text | Operate and improve the service; support | **Legitimate interests** (Art. 6(1)(f)); **contract** (Art. 6(1)(b)) where tied to features | We do **not** intentionally collect special category data (Art. 9) nor children’s data under 16. ###### 3. Cookies & consent - We use a consent banner for **non-essential** cookies (e.g., analytics). You can withdraw consent anytime via the banner link (“Cookie settings”) in the site footer. - **Strictly necessary** cookies (e.g., Cloudflare security cookies like `__cf_bm`, `cf_clearance`) run without consent to keep the site secure/available. ###### 4. Analytics (Google Analytics) We use **Google Analytics** (“GA”) to understand aggregate site usage. We enable **IP anonymization** and respect your consent choice. **Provider:** Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. **Data:** pseudonymous identifiers, device/browser info, pages/events, approximate location. **Retention:** GA standard retention (typically 14 months) unless configured otherwise. **Opt-out:** You can withdraw consent in our cookie banner. You may also use Google’s browser add-on. **Legal basis:** your **consent** (Art. 6(1)(a)). No GA loads until consent is given. ###### 5. Hosting & Security (Obsidian Publish, Cloudflare) - **Hosting:** The site is hosted via **Obsidian Publish**. Data may be processed on infrastructure managed by Obsidian’s providers. We have a data processing agreement (DPA) in place where required. - **CDN & Security:** We use **Cloudflare** (CDN, DDoS/WAF, TLS) which processes traffic and security logs to protect and accelerate our site. Cloudflare places strictly necessary cookies and may temporarily cache content at edge locations. **Legal basis:** **legitimate interests** (Art. 6(1)(f)) in secure, performant delivery. ###### 6. Recipients & international transfers **Recipients:** hosting and infrastructure providers (Obsidian Publish, Cloudflare), analytics provider (Google), payment/billing providers (if used), and professional advisors (as necessary). **Transfers outside the EEA:** Where providers are outside the EEA/UK, we rely on **adequacy decisions** or **Standard Contractual Clauses (SCCs)** plus supplementary measures as needed. ###### 7. Retention We only keep personal data as long as necessary for the purposes above: - Server/security logs: typically up to **30 days** unless needed for incident investigation. - Analytics data: per GA settings (e.g., **14 months**) or until you withdraw consent. - Support emails: typically **3 years** after the last interaction. ###### 8. Your rights (Art. 15–22 GDPR) You have the right to **access**, **rectify**, **erase**, **restrict**, **object** (including to processing based on legitimate interests), and **data portability**. Where processing is based on consent, you may **withdraw consent** at any time (this does not affect prior lawful processing). To exercise rights, email [email protected]. We may need to verify your identity. You also have the right to lodge a complaint with your supervisory authority. For Hesse (Germany): **Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)**. ###### 9. Do we sell data? No. We do **not** sell or rent your personal data. ###### 10. Changes We may update this notice from time to time. We’ll indicate the “Last updated” date and, if changes are material, provide a prominent notice. --- --- [[terms]] · [[cookie policy]] · [[datenschutz]]