Privacy Policy
Last updated: February 2026
1. Controller
Jan Miskiewicz
Blankeneser Landstr. 39
22587 Hamburg, Germany
Email: miskiewicz.ventures@gmail.com
We have not appointed a Data Protection Officer, as we are not required to do so under Art. 37 GDPR.
2. Overview of Processing Activities
| Purpose | Data Categories | Lawful Basis | Retention |
|---|---|---|---|
| Website delivery & security | IP address, browser info, access timestamps | Art. 6(1)(f) GDPR (legitimate interest) | Server logs retained per hosting provider policy |
| Account registration & authentication | Email address, hashed password, session tokens | Art. 6(1)(b) GDPR (contract performance) | Duration of account + statutory retention |
| Report generation | Company name entered, language preference, generated report content | Art. 6(1)(b) GDPR (contract performance) | Stored in your account for report history; deleted upon account deletion |
| Subscription & payment | Email, name, payment data | Art. 6(1)(b) GDPR (contract performance) | Duration of contract + statutory retention (up to 10 years) |
| Email communication | Email address, message content | Art. 6(1)(b) or (f) GDPR | Until purpose is fulfilled |
3. Website Hosting
Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Vercel automatically collects:
- IP address
- Browser type and version
- Operating system
- Referrer URL
- Date and time of access
- HTTP status code
- Data volume transferred
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security and stability).
Data Processing Agreement in place per Art. 28 GDPR.
International transfer: governed by EU Standard Contractual Clauses (SCCs) per Art. 46(2)(c) GDPR.
4. Report Generation — AI Processing
When you use our report generation feature, your input (company name) is sent to:
Anthropic, PBC (San Francisco, CA, USA)
- Data transmitted: Company name (text input)
- Lawful basis: Art. 6(1)(b) GDPR (contract performance)
- International transfer: governed by EU Standard Contractual Clauses (SCCs)
- Data Processing Agreement in place with Anthropic
- Anthropic privacy policy: https://www.anthropic.com/privacy
AI Processing Details:
- Training data usage: Per our API agreement, your inputs are not used by Anthropic to train their models.
- Retention by processor: API inputs may be retained by Anthropic for up to 30 days for trust and safety purposes.
- Automated processing: Report generation is fully automated (Art. 22 GDPR). The AI model generates content without human review. This processing does not produce legal effects concerning you or similarly significantly affect you — it generates educational informational content only.
- Transfer mechanism: International transfers to Anthropic are governed by EU Standard Contractual Clauses (Module 2: Controller to Processor).
4b. Authentication & Database — Supabase
Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992
We use Supabase for user authentication and database storage. Supabase processes:
- Email address and hashed password (for account authentication)
- User profile data (subscription plan, usage counters)
- Generated report content (stored for your report history)
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Data Processing Agreement in place per Art. 28 GDPR.
International transfer: Supabase infrastructure is hosted on AWS in the US. Transfers are governed by EU Standard Contractual Clauses (SCCs) per Art. 46(2)(c) GDPR.
4c. Financial Data — Financial Modeling Prep
Financial Modeling Prep (Intelligence Banker LLC), USA
During report generation, the company name you enter is sent server-side to the Financial Modeling Prep (FMP) API to retrieve publicly available financial data. No personal data is transmitted to FMP. The request is made from our server, not from your browser.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
5. Payment Processing
Payment processing will be handled by Stripe. Details will be added before the payment system goes live. No payment data is currently collected.
6. Cookies and Tracking
We do not use tracking cookies, analytics tools, or advertising technologies. We use the following strictly necessary cookies:
| Cookie Name | Purpose | Duration |
|---|---|---|
| sb-access-token | Authentication session token (httpOnly, secure) | 1 hour |
| sb-refresh-token | Session refresh token (httpOnly, secure) | 30 days |
These cookies are strictly necessary for authentication and are exempt from consent requirements under Art. 5(3) of the ePrivacy Directive. No consent banner is required.
7. Your Rights
Under the GDPR, you have:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent (Art. 7(3))
Contact: miskiewicz.ventures@gmail.com
8. Right to Lodge a Complaint
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 20459 Hamburg
https://datenschutz-hamburg.de
9. Data Security
We implement appropriate technical and organizational measures including:
- Encrypted data transmission (TLS/SSL)
- Access controls for backend systems
- Regular review of security practices
- Data minimization
10. Changes to This Policy
We may update this policy from time to time. The current version is always available on our website.