Privacy Policy

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR) is:

If you have any questions about data protection, you can reach us at the email address above.

2. Data Collection on this Website

What data is collected?

When visiting this website, the following data is automatically collected:

• IP address (anonymized)
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred
• Referrer URL (previously visited page)
• Browser and browser version
• Operating system

Legal Basis

Processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring trouble-free operation of our website and improving our services.

Storage Duration

Server log files are automatically deleted after 30 days.

3. Hosting and Content Delivery Network (CDN)

Dedicated Server (UpCloud)

This website runs on a dedicated server rented from UpCloud Ltd (Helsinki, Finland). Server administration and responsibility lies entirely with us. All data is processed exclusively on servers within the European Union.

No transfer of personal data to third countries takes place as part of UpCloud hosting. However, due to the use of Cloudflare as CDN, data may be routed through US servers (see Cloudflare section below).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and fast website delivery).

More information: UpCloud Privacy Policy

Content Delivery Network (Cloudflare)

To accelerate page delivery and protect against DDoS attacks, we use Cloudflare as a Content Delivery Network (CDN) and DNS provider. All HTTP requests to our website are routed through Cloudflare's global network.

Processed Data

Cloudflare necessarily processes the following data:

• User's IP address
• Requested URL and HTTP headers
• Time of access
• Amount of data transferred
• Referrer and user agent

Cloudflare is based in the USA (Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107). Data transfer is based on the EU-US Data Privacy Framework (adequacy decision) and additionally through EU Standard Contractual Clauses (SCCs).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and fast delivery of the website).

More information: Cloudflare Privacy Policy

4. Database and Backend (Supabase)

For storing and processing data, we use Supabase, an open-source backend-as-a-service platform.

Processed Data

The following data is stored in Supabase:

• Contact form inquiries (name, email, message)
• Blog content and comments
• User accounts (if registered): email, encrypted password
• CRM data for business contacts

Server Location

Our Supabase instance is hosted in the EU region (Frankfurt, Germany) to meet GDPR requirements.

Security

Supabase uses encryption both in transit (TLS/SSL) and at rest (AES-256). Passwords are hashed with bcrypt.

Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment) and Art. 6 (1) (f) GDPR (legitimate interest).

More information: Supabase Privacy Policy

5. Cookies

Our website uses cookies. Cookies are small text files stored on your device that save certain settings and data.

Types of Cookies

Change cookie settings

You can change your cookie settings at any time via the "Cookie Settings" link in the footer of this website or withdraw your consent.

Legal basis: Art. 6 (1) (a) GDPR (consent) for optional cookies; Art. 6 (1) (f) GDPR for technically necessary cookies.

6. Embedded Content (Third Parties)

Our website embeds content from third-party providers. These integrations may result in providers setting cookies or collecting your IP address.

Figma

Legal basis: Art. 6 (1) (a) GDPR (consent). Embedding only occurs if you have agreed to functional cookies.

7. Contact Form and Email Contact

When you contact us via contact form or email, your information will be stored for processing the inquiry and for possible follow-up questions.

Collected Data

• Name
• Email address
• Message content
• Time of inquiry
• IP address (for spam prevention)

Storage Duration

Data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from contact forms, this is the case when the respective conversation has ended.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in answering inquiries).

8. AI & Machine Learning

We use Artificial Intelligence (AI) to provide you with automated SEO analyses, recommendations, and reports. Data is transmitted to the following AI service providers:

Processed Data

• Website URLs entered by you
• Publicly accessible content of analyzed websites (HTML structure, meta tags, headings, text)
• Generated analysis results and recommendations

API Usage Logging

For quality assurance and billing, we log the use of AI services. Stored data includes: user ID, provider used, model, number of tokens, and cost. The prompts and responses themselves are not permanently stored.

Third Country Transfer

When using Google Gemini, processing takes place on Google servers within the EU/EEA. When using the fallback providers Anthropic and Groq, data may be transferred to the USA. The transfer is based on Standard Contractual Clauses (Art. 46 (2) (c) GDPR) or an adequacy decision by the EU Commission (EU-US Data Privacy Framework).

Transparency Notice (EU AI Act)

AI-generated content is clearly labeled in our analysis reports. No automated individual decisions within the meaning of Art. 22 GDPR are made — the AI serves exclusively as an analysis and recommendation tool.

Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment) and Art. 6 (1) (f) GDPR (legitimate interest in providing accurate analyses).

Storage duration: API usage logs are deleted after 90 days. Analysis results are stored for 2 hours (free) or 30 days (premium).

9. Website Analysis & Crawling

Our Website Analyzer examines websites entered by you to perform SEO audits, WCAG accessibility checks, and backlink analyses.

How it Works

We use automated methods (web crawling via BeautifulSoup and httpx) to analyze publicly accessible web pages. Only freely available information is collected — no login-protected areas or non-public content is accessed.

Collected Data

• URLs entered by you
• Publicly accessible HTML content (meta tags, headings, links, text)
• Sitemap structures and robots.txt rules
• HTTP status codes and response times
• Accessibility attributes (ARIA, alt texts, contrast ratios)

No Personal Data of Third Parties

Only publicly accessible, technical information from the analyzed websites is collected. Personal data appearing on the analyzed websites is neither extracted nor stored.

PDF Report Generation

For premium analyses, we generate PDF reports using Playwright/Chromium. The generation takes place entirely on our server — no data is transmitted to third parties.

Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment) and Art. 6 (1) (f) GDPR (legitimate interest in providing the analysis service).

Storage duration: Analysis cache 2 hours (free) or 30 days (premium). URLs and analysis results are automatically deleted upon expiration.

10. Payment Processing (Revolut)

For payment of our premium analysis services, we use the payment service provider Revolut.

Payment Service Provider

Data Transmitted to Revolut

• Payment amount (€3.99)
• Email address (if provided)
• Order description (shortened URL of the analyzed website)

Actual payment data (credit card number, bank details, etc.) is processed exclusively by Revolut as an independent controller. We have no access to this sensitive payment information.

Data Stored by Us

• Revolut order ID (for payment assignment)
• IP address (at the time of the order)
• Email address (if provided)
• Payment status and timestamp
• License status and validity period (30 days)

Third Country Transfer

Revolut Bank UAB is based in Lithuania (EU). However, Revolut may transfer your data to companies outside the EEA as part of payment processing. Revolut has implemented appropriate safeguards in accordance with GDPR requirements.

Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment — payment processing is necessary to provide the service you requested).

Storage duration: Payment data (order ID, status) is stored for up to 10 years in accordance with commercial and tax law retention obligations. License data is deleted 30 days after expiration.

Revolut Privacy Notice

11. Your Rights under GDPR

You have the following rights regarding your personal data:

• Right of Access: You can request information about your personal data stored with us (Art. 15 GDPR).
• Right to Rectification: You can request the correction of inaccurate data (Art. 16 GDPR).
• Right to Erasure: You can request the deletion of your data, provided there are no legal retention obligations (Art. 17 GDPR).
• Right to Restriction: You can request the restriction of processing (Art. 18 GDPR).
• Right to Data Portability: You can receive your data in a structured format (Art. 20 GDPR).
• Right to Object: You can object to processing if it is based on Art. 6 (1) (f) GDPR (Art. 21 GDPR).

12. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the address bar of the browser changing from "http://" to "https://" and by the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

13. Storage Duration

We only store your personal data for as long as is necessary for the respective purposes or as required by legal retention periods.

14. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services.

The new privacy policy will apply to your next visit. We recommend that you read this privacy policy regularly.