FeaturesPricingFAQUpdatesBlog
Login
back

Privacy Policy

Last updated: February 24, 2026

1. General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy, which can be found below this section.

Data Collection on this Website

Who is responsible for data collection on this website?

Data collection on this website is carried out by the website operator. The operator's contact details can be found in the "Notice on the Responsible Party" section of this privacy policy.

How is your data collected?

Your data is collected in part through your direct communication with us. This may include filling out a contact form, for example. Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily concerns technical information (such as internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive free information at any time about the origin of your personal data, its recipients, and the purpose for which it is stored. You also have the right to request correction or deletion of your data. If you have consented to data processing, you can revoke this consent at any time. Additionally, under certain conditions, you have the right to restrict the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority.

For further questions about data protection, you can contact us at any time.

2. Hosting

Hostinger

The provider is Hostinger International Ltd, 61 Lordou Vironos Str., 6023 Larnaca, Cyprus (hereinafter Hostinger).

Details can be found in Hostinger's privacy policy: https://www.hostinger.com/legal/privacy-policy

The use of Hostinger is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

The Data Processing Addendum (DPA) can be viewed at the following link: https://www.hostinger.com/legal/dpa

Additionally, Hostinger's Terms and Conditions can be viewed at the following link: https://www.hostinger.com/legal/universal-terms-of-service-agreement

2a. Stripe Revenue Integration

Description and Scope of Data Processing

We offer users the option to connect their Stripe revenue data with our platform to display it on their public profile. This feature is optional and requires the user's active consent.

What Data is Processed?

As part of this integration, the following data is processed:

  1. Stripe API Key (Read-Only)

    • The user provides a read-only API key from Stripe
    • This key is stored encrypted (AES-256) in our database
    • The key grants us read-only access to revenue data
    • We have no write access to the user's Stripe account

  2. Revenue Data

    • Monthly revenue history for the last 12 months
    • Current Monthly Recurring Revenue (MRR)
    • Number of active subscriptions
    • Currency information
    • Product-specific revenue data

  3. Metadata

    • Timestamp of last synchronization
    • Stripe Product IDs (if product filter is active)
    • Last four digits of the API key (for identification)

Legal Basis

Processing is based on:

  • Art. 6(1)(a) GDPR (Consent): Integration only occurs after the user's explicit, active consent

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Display of authentic revenue data on the user's public profile
  • Automatic updating of revenue statistics
  • Provision of revenue analytics in the user's dashboard

Data Transfers to Third Parties

As part of this feature, data is exchanged with the following third parties:

Stripe, Inc.

  • 510 Townsend Street, San Francisco, CA 94103, USA
  • Privacy Policy: https://stripe.com/privacy
  • Purpose: Retrieval of revenue data via the Stripe API
  • Legal Basis: Art. 6(1)(a) GDPR (Consent)
  • Data Transfer to the USA: Stripe is certified under the EU-US Data Privacy Framework (Participant ID: a2zt0000000TQOUAA4)

Important Notice: Stripe processes data as an independent controller according to its own privacy policy. You already have a direct contractual relationship with Stripe. We only access your data in read-only mode via the API key you provide. Data transfers to the USA carry the risk of access by US authorities under FISA 702 and Executive Order 12333. For more information, please refer to Stripe's privacy policy.

Storage Duration

  • API Key: Until deactivation of the integration by the user or account deletion
  • Revenue Data: As long as the integration is active; irreversibly deleted upon deactivation
  • Historical Data: Not stored on our servers; fetched from Stripe during each synchronization (data minimization)

Your Rights under GDPR

You have the following rights at any time:

  • Right of Access (Art. 15 GDPR): Information about your stored data
  • Right to Rectification (Art. 16 GDPR): Correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR): Deletion of your data
  • Right to Restriction (Art. 18 GDPR): Restriction of processing
  • Right to Data Portability (Art. 20 GDPR): Receipt of your data in structured format
  • Right to Withdraw Consent (Art. 7(3) GDPR): Withdrawal of your consent (without affecting the lawfulness of processing based on consent before its withdrawal)
  • Right to Lodge a Complaint (Art. 77 GDPR): Complaint with a supervisory authority

Contact for Data Protection Inquiries: [your email]

Competent Supervisory Authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestraße 2-4, 40213 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

You can deactivate the integration yourself in your dashboard under "Projects → Stripe Configuration". Upon deactivation, all stored data will be irreversibly deleted.

Security Measures

To protect your sensitive financial data, we have implemented the following security measures in accordance with Art. 32 GDPR:

  • Encryption: API keys are stored encrypted with AES-256
  • Read-Only Access: We exclusively accept read-only API keys
  • Minimal Data Collection: Only data required for display is retrieved
  • Access Control: Only you can access your Stripe configuration
  • TLS Encryption: All connections to Stripe use HTTPS/TLS 1.3
  • EU Servers: All data is stored exclusively on servers in Germany
  • Regular Security Audits: Our systems are regularly reviewed

Voluntary Nature

The use of the Stripe integration is completely voluntary. You can use our service fully without this feature. Not using this feature has no negative impact on your use of the platform.

Description and Scope of Data Processing

We offer users the option to connect their Stripe revenue data with our platform to display it on their public profile. This feature is optional and requires the active consent of the user.

What data is processed?

The following data is processed as part of this integration:

1. Stripe API Key (Read-Only)

  • The user provides a read-only API key from Stripe
  • This key is stored encrypted (AES-256) in our database
  • The key grants us read-only access to revenue data
  • We have no write permissions to the user's Stripe account

2. Revenue Data

  • Monthly revenue history for the last 12 months
  • Current monthly recurring revenue (MRR)
  • Number of active subscriptions
  • Currency information
  • Product-specific revenue data

3. Metadata

  • Time of last synchronization
  • Stripe Product IDs (if product filter is active)
  • Last four digits of the API key (for identification)

Legal Basis

Processing is based on:

  • Art. 6 Para. 1 lit. a GDPR (Consent): Integration only occurs after explicit user consent
  • Art. 6 Para. 1 lit. b GDPR (Contract fulfillment): Processing is necessary to fulfill the contractually agreed service

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Display of authentic revenue data on the user's public profile
  • Automatic updating of revenue statistics
  • Provision of revenue analytics in the user's dashboard

Data Transfer to Third Parties

As part of this function, data is exchanged with the following third parties:

Stripe, Inc.

  • 510 Townsend Street, San Francisco, CA 94103, USA
  • Privacy Policy: https://stripe.com/privacy
  • Purpose: Retrieval of revenue data via the Stripe API
  • Legal basis: Art. 6 Para. 1 lit. a GDPR (Consent)
  • Data transfer to the USA: Stripe is certified under the EU-US Data Privacy Framework

Stripe processes the data according to its own privacy policies. We have concluded a Data Processing Agreement with Stripe. More information: https://stripe.com/legal/dpa

Storage Duration

  • API Key: Until deactivation of the integration by the user or deletion of the account
  • Revenue Data: As long as the integration is active; will be irrevocably deleted upon deactivation
  • Historical Data: Not stored, but retrieved from Stripe anew with each synchronization

Your Rights

You have the right at any time to:

  • Deactivate the Stripe integration
  • Revoke your consent (without affecting the lawfulness of processing based on consent before its withdrawal)
  • Request deletion of all data stored as part of the integration
  • Control the visibility of revenue data on your profile

You can deactivate the integration yourself in your dashboard under "Projects → Stripe Configuration".

Security Measures

To protect your sensitive financial data, we have implemented the following security measures:

  • Encryption: API keys are stored encrypted with AES-256
  • Read-Only Access: We accept only read-only API keys
  • Minimal Data Collection: Only the data necessary for display is retrieved
  • Access Control: Only you can access your Stripe configuration
  • TLS Encryption: All connections to Stripe are made via HTTPS
  • Regular Security Audits: Our systems are regularly reviewed

Voluntary Nature

The use of the Stripe integration is completely voluntary. You can fully use our service without this feature. Non-use has no negative impact on your use of the platform.

2b. Newsletter Integration (Listmonk Wrapper)

Description

Premium users can connect their own self-hosted Listmonk instance to SolopreneurPage to display a newsletter subscription widget on their public profile page. SolopreneurPage acts solely as a technical proxy; no subscriber email addresses are stored in our database.

What data do WE (SolopreneurPage) process?

From the platform user (who sets up the integration):

  • Listmonk instance URL (stored encrypted)
  • Listmonk API username (stored encrypted)
  • Listmonk API password (stored encrypted with AES-256)
  • Listmonk list ID

From website visitors (who use the subscribe widget):

  • The email address entered is only forwarded and not stored
  • IP address for rate limiting (max. 3 requests per hour per IP; not stored persistently)

What we do NOT store

  • Subscriber email addresses are never stored in our database
  • We do not maintain subscriber lists
  • We have no access to the content of the user's newsletter

Data flow

When a website visitor uses the subscribe widget, SolopreneurPage forwards the entered email address directly to the list owner's Listmonk instance. SolopreneurPage acts solely as a technical intermediary without processing data for marketing purposes.

Responsibility

The operator of the public profile page is the sole data controller (Art. 4(7) GDPR) for the subscriber data processed by their Listmonk instance. This includes in particular the obligation to implement double opt-in, to provide their own privacy policy, and to comply with all applicable data protection laws.

Legal basis for our processing

  • Art. 6(1)(a) GDPR (Consent) for the storage of API credentials by the platform user
  • Art. 6(1)(f) GDPR (Legitimate interest) for rate limiting to prevent abuse

Retention period

API credentials are deleted as soon as the user disconnects the integration or deletes their account.

Voluntary nature

Use of the newsletter integration is entirely voluntary and only available to premium users. You can use our service without this feature.

2c. GitHub OAuth Authentication

Description and Scope of Data Processing

We offer users the option to register and log in to our platform using their GitHub account. This feature is optional and requires the active consent of the user.

What data is processed?

The following data is processed as part of GitHub OAuth authentication:

1. GitHub Profile Data

  • GitHub username
  • GitHub user ID (unique identifier)
  • Public email address (if available)
  • Profile picture URL (avatar)
  • Profile URL

2. OAuth Token

  • Access token (stored encrypted)
  • Time of authentication
  • Account linking information

3. Metadata

  • Time of first login
  • Time of last login

Legal Basis

Processing is based on:

  • Art. 6 Para. 1 lit. a GDPR (Consent): Login via GitHub only occurs after explicit user consent
  • Art. 6 Para. 1 lit. b GDPR (Contract fulfillment): Processing is necessary to fulfill the contractually agreed service

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Enabling registration and login on the platform
  • Managing the user account
  • Authenticating the user during repeat visits
  • Assigning user activities to the corresponding account

Data Transfer to Third Parties

As part of this function, data is exchanged with the following third party:

GitHub, Inc.

GitHub processes the data according to its own privacy policies. More information: https://docs.github.com/en/site-policy/privacy-policies

Storage Duration

  • GitHub Profile Data: Until account deletion or removal of GitHub connection by the user
  • OAuth Token: Until logout or revocation of authorization
  • Metadata: Until account deletion

Your Rights

You have the right at any time to:

  • Remove the connection with GitHub
  • Revoke your consent (without affecting the lawfulness of processing based on consent before its withdrawal)
  • Request deletion of all data stored as part of GitHub authentication

You can manage the connection with GitHub yourself in your dashboard under "Settings → Connected Accounts".

Security Measures

To protect your authentication data, we have implemented the following security measures:

  • Encryption: OAuth tokens are stored encrypted with AES-256
  • HTTPS: All connections are made via TLS encryption
  • Access Control: Only you can access your account connections
  • Minimal Permissions: We only request the necessary OAuth scopes
  • Regular Security Audits: Our systems are regularly reviewed

Voluntary Nature

The use of GitHub authentication is completely voluntary. You can fully use our service with the classic email login (Magic Link). Non-use has no negative impact on your use of the platform.

3. General Information and Mandatory Information

Data Protection

We place great importance on protecting your personal data. We treat your data confidentially and in accordance with applicable data protection regulations and the provisions of this privacy policy. When using our website, various personal data is collected. Personal data is information that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains the purpose of this data collection. We would like to point out that data transmission over the Internet (e.g., when communicating via email) poses security risks. Complete protection of your data from access by third parties cannot be guaranteed.

Notice on the Responsible Party

The responsible party for data processing on this website is:

Max Anton Schneider
c/o MDC Management#1582
Welserstraße 3
87463 Dietmannsried
Germany

Email: info@maxantonschneider.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a specific storage period is specified in this privacy policy, your personal data will be stored with us until the purpose for data processing no longer applies. If you request deletion of your data or revoke your consent to data processing, your data will be deleted unless there are other legal reasons for storage (e.g., tax or commercial retention periods). In this case, deletion will occur after these legal reasons cease to apply.

General Information on the Legal Basis of Data Processing on this Website

If you have consented to data processing, we process your personal data in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 Para. 1 GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place in accordance with Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing additionally takes place in accordance with § 25 Para. 1 TTDSG. This consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data in accordance with Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. The following sections of this privacy policy provide information about the respective legal bases in individual cases.

Notice on Data Transfer to Third Countries without Adequate Data Protection Level and Transfer to US Companies without DPF Certification

We use various tools from companies based in third countries that do not offer an adequate level of data protection, as well as from US companies that are not certified under the EU-US Data Privacy Framework (DPF). When these tools are activated, your personal data may be transferred to these countries and processed there. Please note that in third countries without an adequate level of data protection, no comparable protection of your data as in the EU can be guaranteed.

We would like to point out that the USA is generally considered a safe third country that has a similar level of data protection to the EU. A transfer of your data to the USA is therefore permissible provided the recipient has certification under the EU-US Data Privacy Framework (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including the recipients of your data, can be found in this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external partners. Occasionally, it is necessary to pass on personal data to these external partners. We only transmit personal data to external partners if this is necessary to fulfill a contract, if we are legally obliged to do so (e.g., when passing on data to tax authorities), if we have a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in the transmission, or if another legal basis permits data transmission. When we use processors, we only transmit personal data of our customers on the basis of a valid data processing agreement. In the case of joint data processing, a contract on joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You have the right to revoke consent already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Certain Data Processing and to Direct Marketing (Art. 21 GDPR)

IF PERSONAL DATA IS PROCESSED IN ACCORDANCE WITH ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS PRIVACY POLICY FOR THE EXACT LEGAL BASIS FOR PROCESSING. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS USED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

If you believe that the GDPR has been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The right to lodge a complaint exists independently of other administrative or judicial remedies.

Right to Data Portability

You have the right to have the personal data that we process automatically based on your consent or in fulfillment of a contract transferred to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of data to another controller, this will only be done if it is technically feasible.

Information, Correction, and Deletion

In accordance with applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipients, the purpose of data processing, and, where applicable, the right to correction or deletion of this data. For further questions on the subject of personal data, we are always available to you.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data. This may be the case in various situations, for example, if you dispute the accuracy of your data or if processing is unlawful. Please contact us to exercise this right.

SSL or TLS Encryption

To protect the transmission of confidential data, we use SSL or TLS encryption. If this encryption is activated, your data can be transmitted securely as it cannot be read by third parties. You can recognize an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the lock symbol in your browser bar.

4. Data Collection on this Website

Cookies

Our website uses cookies, small data packets that cause no damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit, while permanent cookies remain on your end device until you manually delete them or your web browser automatically removes them.

Cookies can come either from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies on our websites, such as cookies for processing payment services.

The use of necessary cookies to carry out the electronic communication process, to provide certain functions, or to optimize the website is based on Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. Processing also takes place on the basis of your consent, if this has been requested (Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG); consent can be revoked at any time.

Technically Necessary Cookies

Here you will find all cookies that are necessary for the operation of our website and its functions (technically necessary cookies). These are usually set in response to an action you have taken. This includes registration, login, or settings such as language or cookie preferences. It is possible to deactivate these cookies in the browser. Error-free functioning of our website cannot be guaranteed in this case.

Cookie NameHostTypePurposeProcessed DataThird Party ServiceValidity PeriodTarget Country
solopreneurpage.com_login_emailsolopreneurpage.comTechnically necessaryStores email for quick loginEmail addressNoneSessionUser's country
solopreneurpage.de_login_tokensolopreneurpage.deTechnically necessaryStores token for quick loginTokenNoneSessionUser's country

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to refuse the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Please note that the functionality of our website may be restricted if cookies are deactivated.

Server Log Files

The provider of this site automatically collects and stores information in server log files that your browser automatically transmits to us. This data includes the browser type and version, the operating system used, the referrer URL, the hostname of the accessing computer, the time of the server request, and the IP address. This data is not merged with other data sources.

This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website, for which the collection of server log files is necessary.

Use of Umami Analytics

This website uses the privacy-friendly analysis tool Umami Analytics to analyze user behavior and continuously improve the website.

Umami works without the use of cookies and does not collect personal data such as IP addresses. Instead, Umami uses anonymized data for evaluation to give us information about the use of the website (e.g., which pages are particularly frequently accessed).

Legal basis: Data processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the analysis and optimization of our website. Further information on how Umami Analytics works can be found on the official Umami website: https://umami.is

Internal Analytics System for User Profiles

Users of our platform can use a GDPR-compliant analytics system on their public profile pages to view visitor statistics for their profile page.

Description and Scope of Data Processing

This analytics system allows users to obtain anonymized statistics about visitors to their profile page without storing personal data or using cookies.

What data is processed?

As part of this analytics system, the following anonymized data is processed:

1. Anonymized Visitor Identification

  • IP addresses are NEVER stored in plain text
  • Instead, a hash value is created: SHA256(IP address + User-Agent + Daily Salt)
  • This hash cannot be reverse-engineered and is not traceable across days
  • The daily salt rotates automatically, so visitors cannot be identified across multiple days

2. Technical Information (anonymized)

  • Visited page paths (e.g., "/u/username")
  • Referrer domain (domain only, not full URL, e.g., "google.com")
  • Device type (Desktop, Mobile, Tablet)
  • Browser name and version (e.g., "Chrome 120")
  • Operating system (e.g., "Windows", "macOS", "iOS")
  • Screen resolution
  • Browser language

3. Geographic Information (optional)

  • Country code (ISO 3166-1 alpha-2, e.g., "DE", "US")
  • This information is optional and can be null

4. Project Clicks

  • Which projects/startups on the profile page were clicked
  • Number of clicks per project

Legal Basis

Processing is based on:

  • Art. 6 Para. 1 lit. f GDPR (Legitimate Interest): The analysis serves the legitimate interest of users to obtain statistics about their profile page in order to optimize it

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Provision of anonymized visitor statistics for profile page operators
  • Analysis of profile page usage (which pages are visited, which projects are clicked)
  • Identification of traffic sources (which websites visitors come from)
  • Optimization of profile pages based on anonymized usage data

Anonymization and Data Protection

To ensure the highest data protection standards, we have implemented the following measures:

  • No Cookies: The system does not use cookies, localStorage, or sessionStorage
  • IP Anonymization: IP addresses are hashed with SHA256 and cannot be reverse-engineered
  • Daily Salt Rotation: The salt value changes daily, so visitors cannot be tracked across multiple days
  • Stateless: Each request is independent; no persistent identifiers are stored
  • Data Minimization: Only data necessary for statistics is stored
  • No User-Agent Strings in Plain Text: User-Agent information is only used for hash generation, not stored in plain text

Opt-Out Options

Visitors can disable tracking in the following ways:

  1. Do Not Track (DNT) Header: If your browser sends the DNT header, tracking is automatically disabled
  2. URL Parameter: Add ?dnt=1 to the URL (e.g., https://solopreneurpage.com/u/username?dnt=1)
  3. Browser Settings: Enable "Do Not Track" in your browser settings

When tracking is disabled, no data is stored.

Storage Duration

  • Raw Data (Page Views, Project Clicks): Automatically deleted after 90 days
  • Aggregated Data (daily summaries): Automatically deleted after 24 months
  • Daily Salts: Deleted after 7 days (for security reasons)

Data Transfer to Third Parties

Data is stored exclusively on our own servers and is not shared with third parties. No data is transferred to external analytics services.

Your Rights

As a visitor to a profile page, you have the right at any time to:

  • Disable tracking via DNT header or URL parameter
  • Request information about stored data (to the extent technically possible due to anonymization)
  • Object to data processing (by disabling tracking)

As a profile page operator, you have the right at any time to:

  • View your analytics data in the dashboard
  • Disable the analytics function (by removing the tracking script)

Security Measures

To protect the data, we have implemented the following security measures:

  • Encryption: All data transmissions are made via HTTPS/TLS
  • Anonymization: IP addresses are cryptographically hashed
  • Automatic Cleanup: Old data is automatically deleted
  • Access Control: Only the profile page operator can view their own analytics data

Use of GlitchTip

This website uses the monitoring tool GlitchTip to detect and analyze errors and problems on the website. This allows us to ensure and improve the stability and functionality of the website.

Type of data processed:

  • Error reports (e.g., time, affected URL, error messages)
  • Technical information (e.g., browser type, operating system, IP address in anonymized form)

Hosting: GlitchTip is hosted on a server (VPS) operated by us. Data processing therefore takes place exclusively within our infrastructure, and no data is passed on to third parties.

Legal basis: Data processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in monitoring and ensuring trouble-free operation as well as optimizing our website. The collected data is deleted after completion of troubleshooting or after a defined period, unless there are legal retention requirements.

Contact Requests by Email, Telephone, or Fax

If you contact us, whether by email, telephone, or fax, your inquiries and all associated personal data (such as name and inquiry) will be stored and processed by us for the purpose of handling your request. This data will not be passed on to third parties without your consent.

Processing of this data takes place in accordance with Art. 6 Para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, processing takes place on the basis of our legitimate interest in the efficient handling of inquiries made to us (in accordance with Art. 6 Para. 1 lit. f GDPR) or on the basis of your consent (in accordance with Art. 6 Para. 1 lit. a GDPR), if such consent has been obtained. Your consent can be revoked at any time.

The data you submit remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (for example, after completion of processing your inquiry). This is subject to no statutory retention obligations.

Stripe

We offer the option to process the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe, insofar as it is necessary for contract fulfillment (Art. 6 Para. 1 lit. b GDPR).

  • Name of cardholder
  • Email address
  • Customer number
  • Order number
  • Bank details
  • Credit card data
  • Validity period of the credit card
  • Credit card verification number (CVC)
  • Date and time of the transaction
  • Transaction amount
  • Name of provider
  • Location

Processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via Stripe.

Stripe assumes a dual role as controller and processor in data processing activities. As a controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (in accordance with Art. 6 Para. 1 lit. f GDPR) and serves contract performance (in accordance with Art. 6 Para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor to complete transactions within payment networks. As part of the data processing relationship, Stripe acts exclusively on our instructions and has been contractually obligated in accordance with Art. 28 GDPR to comply with data protection provisions.

Stripe has implemented compliance measures for international data transfers. These apply to all worldwide activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

Further information on objection and elimination options with respect to Stripe can be found at: https://stripe.com/privacy-center/legal

Your data will be stored by us until the payment processing is completed. This also includes the period required for processing refunds, receivables management, and fraud prevention. According to § 147 AO / § 257 HGB, a statutory retention period of 10 years applies to us.

Legal Information

Address:
Stripe Payments Europe Limited
1 Grand Canal Street Lower, Grand Canal Dock
Dublin, D02 H210, Ireland
Attention: Stripe Legal

Lemon Squeezy

We also offer the option to process payments via the payment service provider Lemon Squeezy (Lemon Squeezy LLC, 222 South Main Street Suite 500, Salt Lake City, UT 84101, USA). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Lemon Squeezy insofar as it is necessary for contract fulfillment (Art. 6 Para. 1 lit. b GDPR):

  • Name
  • Email address
  • Customer number / order number
  • Transaction amount, date and time
  • Payment method (e.g. credit card)
  • Billing address / location

Processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via Lemon Squeezy.

Lemon Squeezy processes the data as controller or processor in accordance with its own privacy policies. We have no influence on Lemon Squeezy’s processing beyond transmitting the data necessary for the transaction. For data transfers to the USA, Lemon Squeezy implements appropriate safeguards (e.g. EU Standard Contractual Clauses). A risk of access by US authorities (e.g. under FISA 702) cannot be ruled out.

Further information on data protection and objection rights: https://www.lemonsqueezy.com/privacy
Data Processing Agreement (DPA): https://lemonsqueezy.com/dpa

We store the data you provide in connection with payment until payment processing is completed, including the period required for refunds, receivables management, and fraud prevention. According to § 147 AO / § 257 HGB, a statutory retention period of 10 years applies to us.

Legal Information

Address:
Lemon Squeezy LLC
222 South Main Street Suite 500
Salt Lake City, UT 84101, USA