1. Controller
The controller responsible for data processing on this website is:
Luca Stanek
Binnewinkel 3
49219 Glandorf
Germany
Email: [email protected]
2. General Information on Data Processing
The protection of your personal data is important to us. We process personal data exclusively in accordance with the applicable legal provisions (in particular the GDPR and the German Federal Data Protection Act – BDSG).
3. Collection and Storage of Personal Data as well as Type and Purpose of Use
a) When visiting the website
When accessing the website, information is automatically collected by the server (so-called server log files). This includes in particular:
- IP address
- Date and time of the request
- Browser type and version
- Operating system
- Referrer URL
This data is processed to ensure the proper functioning of the website and to improve stability and security.
Legal basis: Art. 6(1)(f) GDPR
b) Registration and user account
When registering, the following data is processed:
- Name
- Email address
- Password (stored in encrypted form)
This data is used to provide the user account and for authentication purposes.
Legal basis: Art. 6(1)(b) GDPR
c) Use of the Service
When using the Service, the following data is processed:
- Custom-defined questions
- Categories and filters
- Answers provided during reviews
This data is required to provide the functionality of the Service.
Legal basis: Art. 6(1)(b) GDPR
d) Integration with Todoist
To use certain features, users can connect their Todoist account via OAuth.
In doing so, the following data from the Todoist account may be processed as required:
- Tasks (in particular completed tasks)
- Metadata such as labels, timestamps, and comments
- Account information to determine usage limits
This data is used exclusively to provide the functionality of the Service and may be temporarily cached.
Legal basis: Art. 6(1)(b) GDPR
e) Email communication
Emails are sent as part of providing the Service, including for:
- Verification
- Notifications
- Information
- Marketing (only in accordance with legal requirements)
Emails are sent via the service Mailtrap.
Legal basis: Art. 6(1)(b) GDPR and, where applicable, Art. 6(1)(a) GDPR
f) Use of AI Services
To provide certain features of the Service, in particular the generation of AI-generated review questions, analyses, summaries, statistics, and other intelligent features, user-related data and task information may be transmitted to and processed by external AI service providers.
This may include, in particular, the following data:
- Tasks and completed tasks
- Task metadata such as labels, timestamps, comments, and project associations
- User-defined categories, filters, and settings
- Answers and content provided during reviews
- Other information required to provide the respective AI-powered feature
AI service providers may include, in particular, OpenAI (ChatGPT), Anthropic (Claude), and Google (Gemini).
Data is transmitted only to the extent necessary to provide the respective AI-powered feature or where the user has consented to the use of such feature. Only the data required for the respective purpose is transmitted.
Legal basis: Art. 6(1)(b) GDPR and, where applicable, Art. 6(1)(a) GDPR.
4. Cookies
Only technically necessary cookies are used.
These are used in particular to store settings (e.g., language) and to ensure the technical operation of the Service.
Legal basis: Art. 6(1)(f) GDPR
5. Hosting and Infrastructure
The website is hosted on servers provided by mc-host24.de.
Cloudflare is additionally used as a content delivery network (CDN) to ensure security and performance.
This may involve the processing of personal data (e.g., IP addresses).
Legal basis: Art. 6(1)(f) GDPR
6. Disclosure of Data to Third Parties and No Sale of Personal Data
Personal data is not sold.
Personal data is disclosed to third parties only where this is necessary to provide the Service, where the user has given consent, where there is a legal obligation, or where another legal basis under the GDPR permits such disclosure.
Where external service providers are used, this is generally done on the basis of appropriate contractual agreements, in particular data processing agreements pursuant to Art. 28 GDPR, insofar as the respective service provider acts as a processor.
Personal data is not disclosed to third parties for advertising purposes or for independent commercial resale without the user’s explicit consent.
7. Data Retention
Personal data is stored only as long as necessary for the respective purposes.
When a user account is deleted, all associated data is deleted immediately, unless legal retention obligations apply.
8. Rights of Data Subjects
You have the right to:
- Request access to your stored data (Art. 15 GDPR)
- Request correction of inaccurate data (Art. 16 GDPR)
- Request deletion of your data (Art. 17 GDPR)
- Request restriction of processing (Art. 18 GDPR)
- Request data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
You also have the right to lodge a complaint with a supervisory authority.
9. Data Security
We implement appropriate technical and organizational measures to protect your data against loss, manipulation, or unauthorized access.
These measures include in particular:
- Encrypted data transmission (HTTPS)
- Encrypted storage of sensitive data
- Access restrictions
10. Minors
The use of the Service by minors is only permitted with the consent of their legal guardians.
11. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy if necessary to reflect changes in legal requirements or in the Service.