1. Introduction

At Finanz Kompass, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is Finanz Kompass. For any privacy-related inquiries, please contact our Data Protection Officer at contact@finanzkompass.app.

3. Data We Collect

We collect and process the following categories of personal data:

• Account information: email address, authentication provider
• Financial calculations you save (loan amounts, interest rates, property details)
• Usage data: features used, calculation types, language preferences
• Payment information: processed securely through Stripe (we do not store card numbers)

4. Data Storage

Your data is stored locally in your browser using IndexedDB. If you subscribe to our Basic tier, your data is also synced to our cloud servers (Firebase) located in the European Union. Local data remains on your device and is never transmitted without your explicit consent.

5. Legal Basis for Processing

We process your personal data based on: (a) your explicit consent for account creation and cloud sync, (b) the necessity to perform our contract with you, and (c) our legitimate interests in improving the Service while ensuring your rights are protected.

6. Third-Party Services

We use the following third-party services to provide our Service:

• Firebase (Google): Authentication and cloud data storage, subject to Google's Privacy Policy
• Stripe: Payment processing, subject to Stripe's Privacy Policy
• PostHog Inc.: Product analytics, autocapture, and optional session recordings — only loaded after you grant the analytics category consent. Data is processed exclusively on EU servers (Frankfurt am Main). Requests are routed through our own domain so no third-party cookies are set unless you opt in.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interests

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we delete your data within 30 days, except where retention is required by law. Local browser data is not automatically deleted and must be cleared manually.

9. Cookies and Local Storage

We use cookies and browser storage in three categories. Strictly necessary cookies are set automatically to keep you signed in and to remember your preferences. Analytics cookies (PostHog) are only set after you grant consent — they record anonymous usage patterns to help us improve the Service. Optional session recordings (also PostHog) capture screen interactions to help us debug UX issues, and can be enabled separately. We do not share data with advertising networks. You can review and change your choices at any time using the Cookie preferences link in the footer.