back

Privacy Policy

1. General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy, which can be found below this section.

Data Collection on this Website

Who is responsible for data collection on this website?

Data collection on this website is carried out by the website operator. The operator's contact details can be found in the "Notice on the Responsible Party" section of this privacy policy.

How is your data collected?

Your data is collected in part through your direct communication with us. This may include filling out a contact form, for example. Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily concerns technical information (such as internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive free information at any time about the origin of your personal data, its recipients, and the purpose for which it is stored. You also have the right to request correction or deletion of your data. If you have consented to data processing, you can revoke this consent at any time. Additionally, under certain conditions, you have the right to restrict the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority.

For further questions about data protection, you can contact us at any time.

2. Hosting

Hostinger

The provider is Hostinger International Ltd, 61 Lordou Vironos Str., 6023 Larnaca, Cyprus (hereinafter Hostinger).

Details can be found in Hostinger's privacy policy: https://www.hostinger.com/legal/privacy-policy

The use of Hostinger is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

The Data Processing Addendum (DPA) can be viewed at the following link: https://www.hostinger.com/legal/dpa

Additionally, Hostinger's Terms and Conditions can be viewed at the following link: https://www.hostinger.com/legal/universal-terms-of-service-agreement

2a. Stripe Revenue Integration

Description and Scope of Data Processing

We offer users the option to connect their Stripe revenue data with our platform to display it on their public profile. This feature is optional and requires the active consent of the user.

What data is processed?

The following data is processed as part of this integration:

1. Stripe API Key (Read-Only)

  • The user provides a read-only API key from Stripe
  • This key is stored encrypted (AES-256) in our database
  • The key grants us read-only access to revenue data
  • We have no write permissions to the user's Stripe account

2. Revenue Data

  • Monthly revenue history for the last 12 months
  • Current monthly recurring revenue (MRR)
  • Number of active subscriptions
  • Currency information
  • Product-specific revenue data

3. Metadata

  • Time of last synchronization
  • Stripe Product IDs (if product filter is active)
  • Last four digits of the API key (for identification)

Legal Basis

Processing is based on:

  • Art. 6 Para. 1 lit. a GDPR (Consent): Integration only occurs after explicit user consent
  • Art. 6 Para. 1 lit. b GDPR (Contract fulfillment): Processing is necessary to fulfill the contractually agreed service

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Display of authentic revenue data on the user's public profile
  • Automatic updating of revenue statistics
  • Provision of revenue analytics in the user's dashboard

Data Transfer to Third Parties

As part of this function, data is exchanged with the following third parties:

Stripe, Inc.

  • 510 Townsend Street, San Francisco, CA 94103, USA
  • Privacy Policy: https://stripe.com/privacy
  • Purpose: Retrieval of revenue data via the Stripe API
  • Legal basis: Art. 6 Para. 1 lit. a GDPR (Consent)
  • Data transfer to the USA: Stripe is certified under the EU-US Data Privacy Framework

Stripe processes the data according to its own privacy policies. We have concluded a Data Processing Agreement with Stripe. More information: https://stripe.com/legal/dpa

Storage Duration

  • API Key: Until deactivation of the integration by the user or deletion of the account
  • Revenue Data: As long as the integration is active; will be irrevocably deleted upon deactivation
  • Historical Data: Not stored, but retrieved from Stripe anew with each synchronization

Your Rights

You have the right at any time to:

  • Deactivate the Stripe integration
  • Revoke your consent (without affecting the lawfulness of processing based on consent before its withdrawal)
  • Request deletion of all data stored as part of the integration
  • Control the visibility of revenue data on your profile

You can deactivate the integration yourself in your dashboard under "Projects → Stripe Configuration".

Security Measures

To protect your sensitive financial data, we have implemented the following security measures:

  • Encryption: API keys are stored encrypted with AES-256
  • Read-Only Access: We accept only read-only API keys
  • Minimal Data Collection: Only the data necessary for display is retrieved
  • Access Control: Only you can access your Stripe configuration
  • TLS Encryption: All connections to Stripe are made via HTTPS
  • Regular Security Audits: Our systems are regularly reviewed

Voluntary Nature

The use of the Stripe integration is completely voluntary. You can fully use our service without this feature. Non-use has no negative impact on your use of the platform.

2b. GitHub OAuth Authentication

Description and Scope of Data Processing

We offer users the option to register and log in to our platform using their GitHub account. This feature is optional and requires the active consent of the user.

What data is processed?

The following data is processed as part of GitHub OAuth authentication:

1. GitHub Profile Data

  • GitHub username
  • GitHub user ID (unique identifier)
  • Public email address (if available)
  • Profile picture URL (avatar)
  • Profile URL

2. OAuth Token

  • Access token (stored encrypted)
  • Time of authentication
  • Account linking information

3. Metadata

  • Time of first login
  • Time of last login

Legal Basis

Processing is based on:

  • Art. 6 Para. 1 lit. a GDPR (Consent): Login via GitHub only occurs after explicit user consent
  • Art. 6 Para. 1 lit. b GDPR (Contract fulfillment): Processing is necessary to fulfill the contractually agreed service

Purpose of Processing

Data processing serves exclusively the following purposes:

  • Enabling registration and login on the platform
  • Managing the user account
  • Authenticating the user during repeat visits
  • Assigning user activities to the corresponding account

Data Transfer to Third Parties

As part of this function, data is exchanged with the following third party:

GitHub, Inc.

GitHub processes the data according to its own privacy policies. More information: https://docs.github.com/en/site-policy/privacy-policies

Storage Duration

  • GitHub Profile Data: Until account deletion or removal of GitHub connection by the user
  • OAuth Token: Until logout or revocation of authorization
  • Metadata: Until account deletion

Your Rights

You have the right at any time to:

  • Remove the connection with GitHub
  • Revoke your consent (without affecting the lawfulness of processing based on consent before its withdrawal)
  • Request deletion of all data stored as part of GitHub authentication

You can manage the connection with GitHub yourself in your dashboard under "Settings → Connected Accounts".

Security Measures

To protect your authentication data, we have implemented the following security measures:

  • Encryption: OAuth tokens are stored encrypted with AES-256
  • HTTPS: All connections are made via TLS encryption
  • Access Control: Only you can access your account connections
  • Minimal Permissions: We only request the necessary OAuth scopes
  • Regular Security Audits: Our systems are regularly reviewed

Voluntary Nature

The use of GitHub authentication is completely voluntary. You can fully use our service with the classic email login (Magic Link). Non-use has no negative impact on your use of the platform.

3. General Information and Mandatory Information

Data Protection

We place great importance on protecting your personal data. We treat your data confidentially and in accordance with applicable data protection regulations and the provisions of this privacy policy. When using our website, various personal data is collected. Personal data is information that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains the purpose of this data collection. We would like to point out that data transmission over the Internet (e.g., when communicating via email) poses security risks. Complete protection of your data from access by third parties cannot be guaranteed.

Notice on the Responsible Party

The responsible party for data processing on this website is:

Max Anton Schneider
c/o MDC Management#1582
Welserstraße 3
87463 Dietmannsried
Germany

Email: info@maxschneidercodes.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a specific storage period is specified in this privacy policy, your personal data will be stored with us until the purpose for data processing no longer applies. If you request deletion of your data or revoke your consent to data processing, your data will be deleted unless there are other legal reasons for storage (e.g., tax or commercial retention periods). In this case, deletion will occur after these legal reasons cease to apply.

General Information on the Legal Basis of Data Processing on this Website

If you have consented to data processing, we process your personal data in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 Para. 1 GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place in accordance with Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing additionally takes place in accordance with § 25 Para. 1 TTDSG. This consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data in accordance with Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. The following sections of this privacy policy provide information about the respective legal bases in individual cases.

Notice on Data Transfer to Third Countries without Adequate Data Protection Level and Transfer to US Companies without DPF Certification

We use various tools from companies based in third countries that do not offer an adequate level of data protection, as well as from US companies that are not certified under the EU-US Data Privacy Framework (DPF). When these tools are activated, your personal data may be transferred to these countries and processed there. Please note that in third countries without an adequate level of data protection, no comparable protection of your data as in the EU can be guaranteed.

We would like to point out that the USA is generally considered a safe third country that has a similar level of data protection to the EU. A transfer of your data to the USA is therefore permissible provided the recipient has certification under the EU-US Data Privacy Framework (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including the recipients of your data, can be found in this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external partners. Occasionally, it is necessary to pass on personal data to these external partners. We only transmit personal data to external partners if this is necessary to fulfill a contract, if we are legally obliged to do so (e.g., when passing on data to tax authorities), if we have a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in the transmission, or if another legal basis permits data transmission. When we use processors, we only transmit personal data of our customers on the basis of a valid data processing agreement. In the case of joint data processing, a contract on joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You have the right to revoke consent already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Certain Data Processing and to Direct Marketing (Art. 21 GDPR)

IF PERSONAL DATA IS PROCESSED IN ACCORDANCE WITH ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS PRIVACY POLICY FOR THE EXACT LEGAL BASIS FOR PROCESSING. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS USED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

If you believe that the GDPR has been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The right to lodge a complaint exists independently of other administrative or judicial remedies.

Right to Data Portability

You have the right to have the personal data that we process automatically based on your consent or in fulfillment of a contract transferred to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of data to another controller, this will only be done if it is technically feasible.

Information, Correction, and Deletion

In accordance with applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipients, the purpose of data processing, and, where applicable, the right to correction or deletion of this data. For further questions on the subject of personal data, we are always available to you.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data. This may be the case in various situations, for example, if you dispute the accuracy of your data or if processing is unlawful. Please contact us to exercise this right.

SSL or TLS Encryption

To protect the transmission of confidential data, we use SSL or TLS encryption. If this encryption is activated, your data can be transmitted securely as it cannot be read by third parties. You can recognize an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the lock symbol in your browser bar.

4. Data Collection on this Website

Cookies

Our website uses cookies, small data packets that cause no damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit, while permanent cookies remain on your end device until you manually delete them or your web browser automatically removes them.

Cookies can come either from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies on our websites, such as cookies for processing payment services.

The use of necessary cookies to carry out the electronic communication process, to provide certain functions, or to optimize the website is based on Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. Processing also takes place on the basis of your consent, if this has been requested (Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG); consent can be revoked at any time.

Technically Necessary Cookies

Here you will find all cookies that are necessary for the operation of our website and its functions (technically necessary cookies). These are usually set in response to an action you have taken. This includes registration, login, or settings such as language or cookie preferences. It is possible to deactivate these cookies in the browser. Error-free functioning of our website cannot be guaranteed in this case.

Cookie NameHostTypePurposeProcessed DataThird Party ServiceValidity PeriodTarget Country
solopreneurpage.com_login_emailsolopreneurpage.comTechnically necessaryStores email for quick loginEmail addressNoneSessionUser's country
solopreneurpage.de_login_tokensolopreneurpage.deTechnically necessaryStores token for quick loginTokenNoneSessionUser's country

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to refuse the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Please note that the functionality of our website may be restricted if cookies are deactivated.

Server Log Files

The provider of this site automatically collects and stores information in server log files that your browser automatically transmits to us. This data includes the browser type and version, the operating system used, the referrer URL, the hostname of the accessing computer, the time of the server request, and the IP address. This data is not merged with other data sources.

This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website, for which the collection of server log files is necessary.

Use of Umami Analytics

This website uses the privacy-friendly analysis tool Umami Analytics to analyze user behavior and continuously improve the website.

Umami works without the use of cookies and does not collect personal data such as IP addresses. Instead, Umami uses anonymized data for evaluation to give us information about the use of the website (e.g., which pages are particularly frequently accessed).

Legal basis: Data processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the analysis and optimization of our website. Further information on how Umami Analytics works can be found on the official Umami website: https://umami.is

Use of GlitchTip

This website uses the monitoring tool GlitchTip to detect and analyze errors and problems on the website. This allows us to ensure and improve the stability and functionality of the website.

Type of data processed:

  • Error reports (e.g., time, affected URL, error messages)
  • Technical information (e.g., browser type, operating system, IP address in anonymized form)

Hosting: GlitchTip is hosted on a server (VPS) operated by us. Data processing therefore takes place exclusively within our infrastructure, and no data is passed on to third parties.

Legal basis: Data processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in monitoring and ensuring trouble-free operation as well as optimizing our website. The collected data is deleted after completion of troubleshooting or after a defined period, unless there are legal retention requirements.

Contact Requests by Email, Telephone, or Fax

If you contact us, whether by email, telephone, or fax, your inquiries and all associated personal data (such as name and inquiry) will be stored and processed by us for the purpose of handling your request. This data will not be passed on to third parties without your consent.

Processing of this data takes place in accordance with Art. 6 Para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, processing takes place on the basis of our legitimate interest in the efficient handling of inquiries made to us (in accordance with Art. 6 Para. 1 lit. f GDPR) or on the basis of your consent (in accordance with Art. 6 Para. 1 lit. a GDPR), if such consent has been obtained. Your consent can be revoked at any time.

The data you submit remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (for example, after completion of processing your inquiry). This is subject to no statutory retention obligations.

Stripe

We offer the option to process the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe, insofar as it is necessary for contract fulfillment (Art. 6 Para. 1 lit. b GDPR).

  • Name of cardholder
  • Email address
  • Customer number
  • Order number
  • Bank details
  • Credit card data
  • Validity period of the credit card
  • Credit card verification number (CVC)
  • Date and time of the transaction
  • Transaction amount
  • Name of provider
  • Location

Processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via Stripe.

Stripe assumes a dual role as controller and processor in data processing activities. As a controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (in accordance with Art. 6 Para. 1 lit. f GDPR) and serves contract performance (in accordance with Art. 6 Para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor to complete transactions within payment networks. As part of the data processing relationship, Stripe acts exclusively on our instructions and has been contractually obligated in accordance with Art. 28 GDPR to comply with data protection provisions.

Stripe has implemented compliance measures for international data transfers. These apply to all worldwide activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

Further information on objection and elimination options with respect to Stripe can be found at: https://stripe.com/privacy-center/legal

Your data will be stored by us until the payment processing is completed. This also includes the period required for processing refunds, receivables management, and fraud prevention. According to § 147 AO / § 257 HGB, a statutory retention period of 10 years applies to us.

Legal Information

Address:
Stripe Payments Europe Limited
1 Grand Canal Street Lower, Grand Canal Dock
Dublin, D02 H210, Ireland
Attention: Stripe Legal