Privacy Policy

We process personal data to provide and secure this website, manage users, and operate related pages and connected applications.

The legal bases include Art. 6(1)(b) GDPR (contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).

When pages are accessed, technically required connection data such as IP address, timestamp, user agent, and requested URL may be processed in server logs.

For registration and login, we process contact data and access data required for use of the platform.

In connected applications such as Equilibra, users may create, enter, or import financial data themselves, for example transactions, account names, balances, categories, notes, or CSV files. The responsibility for the accuracy, lawfulness, and suitability of the data entered or imported by the user lies with the user.

We treat such financial data with particular care and use appropriate technical and organisational security measures to protect it against unauthorised access, loss, misuse, or unintended disclosure. Access is limited to what is necessary for operation, support, security, and maintenance.

For security reasons and to protect users and customer data, connected applications may store login and security events such as successful, failed, or blocked login attempts, timestamps, IP addresses, shortened user-agent information, active sessions, and critical admin actions. These records are used to detect misuse, secure accounts, and make security-relevant administration traceable.

Login and admin audit events in Equilibra are retained for up to 180 days and then automatically deleted unless a longer retention is required in an individual case for legal assertion, exercise, or defence of claims.

To provide the platform, we use technically necessary cookies, in particular session cookies, CSRF protection cookies, and, where actively used, a remember-me cookie. These cookies support login, security, and form protection.

In some areas, technically necessary or user-selected UI settings may be stored locally in the browser, for example theme, sidebar, or interface states. This storage supports the desired display and usability of the application.

At this time, we do not use non-technically necessary cookies or tracking for marketing or analytics purposes.

To protect registration and login from abuse and automated requests, we use Cloudflare Turnstile. The provider is Cloudflare, Inc. Turnstile may process technical data such as IP address, browser and device information, and interaction data to determine whether a request is made by a human or automatically.

The processing is carried out to secure the platform on the basis of Art. 6(1)(f) GDPR. Where Turnstile processes or stores technically necessary information in the browser, this is done to provide a secure digital service explicitly requested by the user.

Further information is available in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.

For transactional emails, such as registration, verification, password reset, and notification emails, we use Lettermint. The provider is Lettermint B.V. Lettermint processes personal data on our behalf where this is necessary for sending, delivering, and technically securing these emails.

This may include name, email address, email content, delivery status, and technical delivery data. Marketing newsletters or promotional emails are sent only where a separate legal basis exists.

The legal bases are Art. 6(1)(b) GDPR where the email is required for an account, contract, or pre-contractual communication, and Art. 6(1)(f) GDPR for technical delivery, security, and abuse prevention.

Further information is available from Lettermint: https://lettermint.co/dpa.

Data is shared only internally and with contractually bound service providers where this is necessary for hosting, operation, and security.

We store data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

You have rights to access, rectification, erasure, restriction of processing, data portability, and objection to certain processing. You also have the right to lodge a complaint with a data protection supervisory authority.

This privacy policy applies to this website, including related pages and connected applications, unless a separate project-specific privacy policy is published there.