Privacy policy

Courtesy translation. The German original is the legally binding version.

As of: June 2026

1. Controller

Maximilian Meisner
Email: kontakt@rechteradar.de
Full postal address: see imprint.

2. Visiting the website (server logs)

When you visit our website, technically necessary data is processed (truncated IP address, timestamp, requested URL, user-agent). Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stability and security). Logs are automatically deleted after 14 days.

3. Compliance scan and token reports

  • Domain and publicly available data of the scanned website (imprint, privacy policy, terms, footer HTML) — legal basis Art. 6 (1) (f) GDPR, legitimate interest in automated compliance information.
  • Email address of the contact named in the imprint — legal basis Art. 6 (1) (f) GDPR, legitimate interest in direct business communication (B2B). You may object to further processing at any time, informally.
  • Token requests (timestamp, truncated IP, user-agent) for abuse detection — legal basis Art. 6 (1) (f) GDPR. Retention: 90 days.

4. On purchase (order, account, invoice)

We process: contact details, Stripe customer identifier, payment status, invoice data. Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (c) GDPR (statutory retention duties, § 257 HGB, § 147 AO — 6 or 10 years).

We do not store payment data (cards, SEPA mandates). These are processed exclusively by Stripe.

5. Processors

  • Stripe Payments Europe Ltd. (Ireland) — payment processing, customer portal. Own privacy policy: stripe.com/en-gb/privacy.
  • Sendinblue GmbH (Brevo) (Germany/France) — transactional email delivery (compliance reports, invoices, login links). Own privacy policy: brevo.com/legal/privacypolicy.
  • Hostinger International Ltd. (Lithuania) — hosting of the domain rechteradar.de. A data processing agreement under Art. 28 GDPR is in place.
  • Own VPS (Hostinger, located in the EU) — application server, Postgres database. Data does not leave the EU.

6. Cookies and tracking

This website uses exclusively technically necessary cookies (session cookie for logged-in customers and operators). There is no tracking, no analytics tool, no third-party banner. Legal basis: § 25 (2) no. 2 TDDDG.

7. Retention periods

  • Lead data without purchase: 12 months, then deletion
  • Customer data after cancellation: email anonymisation; invoices 10 years (§ 147 AO)
  • Server logs: 14 days
  • Token request statistics: 90 days

8. Your rights

You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). Requests can be made informally to the contact address.

Right to lodge a complaint with the competent supervisory authority — list: bfdi.bund.de.

9. Withdrawal of consent

If processing is based on your consent, you may withdraw it at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

RechteRadar