Privacy Policy

Controller (GDPR Art. 4(7)):
[Your name (private individual)]
[Address]
Email: kontakt@flatfinderde.com
Provider details are also available in the Impressum.

No data protection officer has been appointed at this time.

FlatFinderDE is built to process as much as possible locally in your browser. Server-side we store only what is necessary for operations, security, and the features you use.

Important: Payments (Stripe) and optional pass features (e.g. cross-device sync) require some server-side processing.

Depending on the processing activity, we rely in particular on:
Art. 6(1)(b) GDPR (contract/pre-contract) – e.g. pass validation, providing paid features.
Art. 6(1)(f) GDPR (legitimate interests) – e.g. security, abuse prevention, service stability, minimal product metrics.

Depending on usage we may process:
Pass token (activation code) and expiry date.
Payment status (Stripe checkout session IDs, payment status, amount, currency; no sensitive payment details).
Application/profile content if you use paid cloud features.
Technical data (e.g. IP address, user agent, timestamps) in server logs for security/stability.

For usability we store certain information locally in your browser (e.g. pass token and expiry date) so you don’t have to re-enter it every time.

We also set a language cookie (ff_lang) to remember your selected language.

Payments are processed via Stripe. Stripe processes personal data as an independent controller or processor (depending on context), including payment data and technical metadata.

We typically store only technical payment details (e.g. Stripe session ID, payment status, amount, currency) and your pass token. Legal basis: Art. 6(1)(b) GDPR (contract).

FlatFinderDE may store very minimal events (e.g. button clicks) without direct personal identifiers. Purpose: product improvement and feature usage measurement. Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

We also use Vercel Analytics. Technical metadata (e.g. page views/performance data) may be processed.

Depending on operations we use service providers. For FlatFinderDE this is especially relevant:

Vercel (hosting/analytics): operation of the website and optionally Vercel Analytics. Vercel may act as a processor.
Stripe (payments): payment processing. Stripe processes personal data (incl. payment data) under its own roles/responsibilities.

Processing may take place outside the EU/EEA (especially with US providers). In such cases, appropriate safeguards are typically used (e.g. EU Standard Contractual Clauses) and, where available, EU/EEA regions are preferred.

We retain data only as long as necessary. Payment/pass-related data is typically kept for the pass duration and to meet legal retention obligations. Technical logs are typically kept for a short period.

Subject to legal requirements, you have rights to access, rectification, erasure, restriction, data portability and objection. You can withdraw consent at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority.

For privacy requests, please contact: kontakt@flatfinderde.com