Privacy Policy

1. Controller and Data Protection Officer

The controller responsible for data processing is:

Foldy UG (haftungsbeschränkt)
Hunefeldzeile 12a
12247 Berlin
Germany

[email protected]

2. Data Collection and Processing

Personal Data

We collect the following types of data:

• Essential Data: Necessary for website functionality and security
• Analytics Data: With your consent, we collect anonymized usage statistics via Google Analytics including:
  • Page views and visitor counts
  • Time spent on pages and user behavior patterns
  • Traffic sources and referral information
  • Device and browser information (anonymized)

Document Data

Your documents are processed locally on your device. Only non-sensitive metadata (file types, dates, categories) may be transmitted to our servers for AI processing. Personal information within documents (names, addresses, account numbers) remains on your device.

Cookies

We use two types of cookies:

• Essential Cookies: Required for website functionality, cannot be disabled
• Analytics Cookies: Google Analytics cookies, only with your explicit consent

3. Legal Basis and International Transfers

We process your data based on:

• Article 6(1)(b) GDPR: Performance of a contract (service provision)
• Article 6(1)(f) GDPR: Legitimate interests (service improvement, security)
• Article 6(1)(a) GDPR: Your consent (analytics cookies)

International Data Transfers

Your data is primarily processed within the European Union. Google Analytics data may be transferred to the United States under Google's Data Processing Terms and appropriate safeguards such as Standard Contractual Clauses.

4. Data Retention

We retain your data as follows:

• Account data: Until account deletion or 3 years of inactivity
• Analytics data: 14 months (Google Analytics default)
• Cookie preferences: Until manually reset or 1 year
• Documents: Stored locally on your device; we do not retain document content

5. Data Sharing and Third Parties

We do not sell your personal data. We only share data in these limited circumstances:

• With your explicit consent
• Legal compliance: To comply with legal obligations or court orders
• Service providers under strict data processing agreements:
  • Google Analytics: For website analytics (only with your consent)
  • Hosting providers: For technical infrastructure
  • Security services: For website protection

All third-party processors are bound by strict data protection agreements and can only process data for the specific purposes we've authorized.

6. Your Rights and Cookie Control

Your GDPR Rights

You have the following rights:

• Right of access: Request information about your data
• Right to rectification: Correct inaccurate data
• Right to erasure: Request deletion of your data
• Right to restriction: Limit processing of your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for analytics cookies

Cookie Management

You can control cookies in several ways:

• Use our cookie consent banner when first visiting
• Adjust your browser settings to block or delete cookies
• Reset Cookie Preferences

Note: Blocking essential cookies may affect website functionality.

To exercise your rights, contact us at: [email protected]

7. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• End-to-end encryption for sensitive data
• Local data processing (documents remain on your device)
• Regular security audits and updates
• Access controls and authentication
• Data anonymization where possible