Privacy Policy

1. Account & Authentication (Clerk)

For registration and login we use the service Clerk (Clerk Inc., USA). The following data is processed:

• Email address
• Account data (name, username)
• Login data (timestamp, IP address)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Transfer to the USA – Clerk uses standard contractual clauses pursuant to Art. 46 GDPR and the EU US Data Privacy Framework.

2. Database (Convex – EU Server)

User data is stored in the Convex database on servers in the EU. Processed data:

• Profile data (name, bio, profile picture, username)
• SEO metadata and Schema.org structured data (optional, incl. address + contact info if provided by the user)
• Imprint fields (name, address, email, phone – if provided)
• Links, social links, videos and galleries (incl. Instagram username for feed galleries, if applicable)
• Teams: team name, slug, membership roles, invitation email addresses (pending invitations)
• Stripe reference data: subscription status, subscription ID, customer number (no access to payment details)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). No third country transfer (EU servers).

3. Hosting (Vercel)

Our website is hosted by Vercel Inc. (USA). When accessing the site, the following data is automatically collected:

• IP address
• Server logs (date, time, visited page)

Purpose: Operation and security of the website. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Third country transfer to the USA – Vercel uses standard contractual clauses.

4. Payment processing (Stripe)

Payments are processed via Stripe Inc. (USA). Stripe processes:

• Payment data (card number, expiry date – only Stripe directly)
• Billing data (name, address)
• Subscription status and transaction history

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Transfer to the USA – Stripe is certified under the EU US Data Privacy Framework and uses standard contractual clauses. Payment data is stored in accordance with tax retention periods (10 years).

5. Analytics (Profile views & link clicks)

We collect statistics on profile views and link clicks to provide profile owners with insights into their reach. The following data is stored per event:

Profile views:

• Timestamp of the view
• Referrer URL (if available, e.g. Google or Instagram)
• Referrer source (categorized: google, direct, etc.)
• User agent (browser and operating system, max. 512 characters)

Link clicks:

• Timestamp of the click
• Referrer URL (if available, max. 2048 characters)
• User agent (max. 512 characters)

The IP address is processed server side only for rate limiting (max. 30 requests/minute) in memory and is not persisted. Country of origin is not currently collected. Bot and crawler requests are automatically filtered and not stored. Legal basis: Art. 6(1)(f) GDPR. Retention: Individual events are stored as long as the corresponding profile exists and are deleted when the profile is deleted.

Notice on access: Profile owners are only shown aggregated metrics – e.g. total views, views in the last 7 days, visitor sources (categorized), and click counts per link. Access to individual raw data (single events, specific referrer URLs or user agent strings) is not possible via the dashboard.

6. Facade Embeds (Social Media)

Profile pages may include embedded content from third party platforms (e.g. YouTube, Instagram, Twitter/X, TikTok, Spotify, TrustMRR, ProductHunt, etc.). We use a facade technique: a connection to the respective platform is only established after the user actively clicks. Only then can the following data be transmitted:

• IP address
• Browser data / technical metadata
• Possibly platform specific cookies

Legal basis: Art. 6(1)(a) GDPR (consent via active click). Third country transfer to the USA and possibly other countries may occur – responsibility lies with the respective platform.

6b. TrustMRR (Revenue badge)

Profile owners can embed a verified revenue badge from the service TrustMRR (trustmrr.com). The badge is loaded as an image directly from TrustMRR servers. The connection to TrustMRR is only established after active consent (facade technique). The following data may be transmitted:

• IP address
• Browser data / technical metadata
• Possibly platform specific cookies

Legal basis: Art. 6(1)(a) GDPR (consent via active click). TrustMRR is responsible for further data processing. For information on TrustMRR's privacy practices, see trustmrr.com.

7. Server logs

When accessing our services, technical access data is automatically logged at the server level (server logs). This includes, among other things, IP address, timestamp and requested resource.

Purpose: IT security, error diagnosis and protection against attacks. Retention: 7 days, then automatic deletion. Legal basis: Art. 6(1)(f) GDPR.

Field encryption in the database (AES-256 GCM)

Sensitive content is encrypted server side before being stored in the database. The algorithm used is AES-256 GCM – an authenticated encryption that ensures both confidentiality and integrity of the data (manipulations are reliably detected). Decryption occurs exclusively server side in secured API routes; the database itself only contains encrypted values.

The following fields are encrypted before storage:

• Profile: Bio text, profile picture URL, all imprint fields (name, address, email, phone, website, commercial register entry, VAT ID), Schema.org email and phone
• Links: destination URL (the link title remains unencrypted as it is needed for display)
• Social links: destination URL

The username is not encrypted because it must be retrievable for the public profile address and search. Account data (email, name) is managed by Clerk and subject to its own security standards.

Further technical measures

• Transmission of all data exclusively over HTTPS (TLS 1.2+)
• Authentication and session management via Clerk (hardened infrastructure with MFA support)
• Rate limiting on all public API endpoints to protect against abuse
• Bot filtering in the analytics system

Access concept

Access to personal data is governed by the principle of least privilege (need to know):

• Controller (admin): sole access to Convex dashboard, Clerk admin panel and Stripe dashboard. Password protection and MFA are enabled.
• Application level users: Each user sees only their own profile data and analytics. Access to other users' data is not possible.
• Application level teams: Team members receive role based permissions (owner/member). Access to team data is limited to the respective role; no cross team data access.
• Encrypted fields: Even direct database access yields only ciphertext – use without the server side key is not possible.
• Third parties / subprocessors: Clerk, Convex and Stripe receive only the data necessary for their service. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place for each.

Access permissions are adjusted or revoked immediately upon termination of a collaboration or role changes.

Deletion concept

Personal data is deleted as soon as it is no longer required for the processing purpose, or the user asserts their right to deletion under Art. 17 GDPR – unless a legal retention obligation applies.

• Account deletion by the user: Profile data, links, social links, videos, galleries, embeds and all associated analytics events are deleted immediately and permanently. Deletion can be triggered by the user in the dashboard.
• Team invitations: Email addresses of pending invitations are removed automatically when the invitation link expires or is withdrawn.
• Server logs: Automatic deletion after 7 days.
• Payment data (Stripe): Retention for 10 years in accordance with tax retention obligations (§ 257 HGB, § 147 AO), then deletion.
• Account data (Clerk): Deletion at the user's request; Clerk provides a self service function and an admin API for this.

Deletion requests can be submitted at any time via email to mail.profileverse@gmail.com . We process such requests within 30 days.