Privacy Policy / Datenschutzerklärung

Last updated: 2026-05-22 — applies to the marketing site at findig.app. The application at app.findig.app has its own, more detailed privacy policy.

1. Controller / Verantwortlicher

Johannes Tebbert
Auwaldstraße 7
79110 Freiburg im Breisgau
Germany
E-Mail: [email protected]

No Data Protection Officer (DPO) is required or appointed (§38 BDSG — threshold of 20 persons not reached).

2. Scope

This policy covers data processing on the public marketing site findig.app. Account-related processing inside the Findig application (at app.findig.app) is governed by the application's own privacy policy, presented at registration.

3. Data Processed on This Site

3.1 Server logs

Data: IP address, timestamp, requested URL, HTTP referrer, user-agent string.

Purpose: Operating and securing the site (rate limiting, abuse prevention).

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in keeping the site available and secure.

Retention: Up to 14 days, then deleted.

3.2 Contact form

Data: Name, e-mail address, subject, message — only what you submit. We additionally store the timestamp of submission and the IP address from which it was sent (the latter solely for abuse prevention).

Purpose: Replying to your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual) or Art. 6(1)(f) GDPR (legitimate interest in answering your question).

Storage: Submissions are stored in an encrypted-at-rest local database, accessible only to the controller. They are not synced to any third-party CRM or analytics provider.

Retention: Submissions are automatically deleted 180 days (≈ 6 months) after they were received, unless statutory retention obligations apply or you have explicitly asked us to keep the conversation open longer. You may request earlier erasure at any time — see section 6.

Sharing: Submissions trigger an e-mail to the controller above. No third-party processors beyond the e-mail provider listed in section 4.

3.3 Analytics (Cloudflare Web Analytics, if enabled)

Data: Aggregated, anonymous page-view counts. No cookies, no fingerprinting, no IP storage. Cloudflare Web Analytics is privacy-friendly and does not require consent under GDPR/TTDSG, since it stores no information on your device.

Purpose: Understanding which pages are visited.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding aggregate site usage.

4. Processors

• Cloudflare, Inc. — CDN / TLS termination / DDoS protection (EU data routing where available; SCC in place). Cloudflare Privacy Policy.
• E-mail provider (for contact-form delivery) — used solely to forward your message to the controller.

5. Cookies

This site sets no marketing or tracking cookies. Strictly necessary cookies may be set for security (e.g. Cloudflare's __cf_bm bot-management cookie). These do not require consent under §25 TTDSG.

6. Your Rights (Art. 15–22 GDPR)

• Right of access to your personal data (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3)), where processing is based on consent

To exercise any of these, e-mail the controller at the address in section 1 from (or referencing) the e-mail address you used in the contact form, so we can identify the record. Erasure requests are actioned within 30 days, typically within one business day. You will receive written confirmation once your data has been deleted.

You also have the right to lodge a complaint with a supervisory authority — for Baden-Württemberg this is the LfDI Baden-Württemberg.

7. International Transfers

The site is hosted in Germany. Cloudflare may route traffic via servers outside the EU; standard contractual clauses (SCC) are in place for any such transfers.

8. Changes

We may update this policy from time to time. Material changes are announced on this page with an updated "Last updated" date.

← Back to home