Privacy Policy
Last updated: May 26, 2026
1. Controller
Kristian Hoffmann, Karl-Kraut-Straße 15, 30177 Hannover, Germany. Contact: moin [at] kristianhoffmann.de.
2. Data we process
We process account metadata, organizations, clients, projects, briefing answers, required-item responses, uploaded file metadata, portal events, billing identifiers and support communication to provide the client portal workflow.
3. Hosting, database and code hosting
The web application is deployed on Vercel. The primary database, authentication and storage are hosted on Supabase in the Frankfurt, Germany region. Source code and deployment metadata are managed with GitHub. Vercel and GitHub may process technical logs and metadata outside Germany subject to appropriate transfer safeguards.
4. Portal privacy
Client portal access is scoped through hashed, expiring tokens. Raw portal tokens are not stored. IP addresses are hashed before audit logging where application logs are created.
5. Google Analytics 4
We use Google Analytics 4 by Google Ireland Limited only after consent. The Google Analytics tag is not loaded before consent. After consent, Google may process page views, referrers, approximate location, device data and pseudonymous identifiers. Google states that GA4 does not log or store individual IP addresses.
6. Rights and retention
You may request access, rectification, deletion, restriction, portability and object to processing under the GDPR. Workspace data can be exported by organization owners. Deleted workspaces follow the documented read-only, soft-delete and hard-delete retention schedule.