Privacy

Your data lives in Germany. We collect what Friendship Tracker needs to run for you and nothing else. You can export everything you put in. You can delete your account. Both buttons are in your account settings, no email needed.

We do not sell your data. We do not share it with advertisers. We do not run third-party analytics or session recording on logged-in pages. The only third parties touching your data are our payment processor (Stripe, only when you actively pay), the mail relay we use for transactional email, and — if you choose to use it — the sign-in provider you pick (Google, LinkedIn, GitHub, or Microsoft).

Finn Glas, Lange Straße 14, 72461 Tailfingen, Germany.

Privacy enquiries: see /imprint for the contact addresses. Replies usually arrive within one working day.

Account data you give us. Your email address, the name you chose, the workspace name, anything you create inside the product (records, attachments, settings). This is the data the product cannot run without.

Operational data. Timestamps of significant events: logins, plan changes, deletes, mail bounces, payment events. We keep these so we can answer your questions and meet our legal record-keeping obligations.

Diagnostic data. Short-lived request logs (IP, user agent, response code, timing) kept for at most 30 days. Used to debug crashes, detect abuse, and tune performance. Never used to profile you.

Payment data. Handled by Stripe. We see the masked card brand + last four, the country, the amount, never the full PAN.

Newsletter signup (only if you ask for it). If you enter your email in our newsletter box, we store that email plus the page you signed up from and your language, on the basis of your consent (Art. 6(1)(a) GDPR). We use double opt-in: nothing is sent until you click the confirmation link we email you. Withdraw any time — see Your rights.

If the product offers it, you can sign in with a Google, LinkedIn, GitHub, or Microsoft account instead of a password. When you choose to, that provider sends us only the identity details you authorise — your name, your email address, whether the provider has verified it, and a stable account identifier. We store that identifier alongside your account so we recognise you on your next sign-in. We never receive or store your password, your contacts, or anything else from that account, and we never post on your behalf.

The legal basis is performance of the contract (Art. 6(1)(b) GDPR) — receiving your name and email is what lets us create and run your account — together with the consent you give the provider when you authorise the sign-in (Art. 6(1)(a)). You can withdraw a provider's access at any time from its own settings (Google: myaccount.google.com/permissions, LinkedIn: linkedin.com/psettings/permitted-services). Deleting your account removes the stored link with it; you can also just keep signing in with email and a password instead.

Performance of the contract (Art. 6(1)(b)) - everything that makes the product run for you. Legal obligation (Art. 6(1)(c)) - tax retention of invoices, security incident records. Legitimate interest (Art. 6(1)(f)) - rate limiting, abuse detection, the diagnostic logs above. We do not rely on consent for the operational pipeline; if we ever do (newsletters, an opt-in campaign), it will be a clear separate ask.

You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data (Art. 15-21 GDPR). Most of this is one button in account settings - export and delete are both self-serve. For anything else, write to us at the addresses in /imprint and we will respond within 30 days. You can also lodge a complaint with your local supervisory authority at any time.

We use a single first-party session cookie to keep you signed in, and a CSRF token cookie that signs every state-changing request. We do not set tracking cookies. We do not embed third-party advertising tags. The full cookie list lives at /cookies.

Account data is retained as long as your account exists. Once you delete the account, your records are scheduled for permanent removal within 30 days, except where we are legally required to keep them (invoices, kept for 10 years per German tax law). Diagnostic logs roll off after 30 days. Backups expire on a 30-day rolling window; once they roll off, the deleted data is gone there too.

Your account data is processed and stored in Germany. Stripe, our payment processor, may process certain transaction data in the United States under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023). If you choose to sign in with a third-party account, the provider you pick (e.g. Google or LinkedIn) handles that sign-in on its own servers in the US and/or Ireland; any US transfer relies on the same EU-US Data Privacy Framework, to which those providers are certified. We do not initiate any other transfer to non-EU countries.

Friendship Tracker is not directed at children under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided personal data to us, please contact us via /imprint and we will delete it.

We may update this notice. Material changes are announced by email at least 30 days before they take effect. The current version is always the one published here, dated at the bottom of /imprint via the operator block.