Privacy Policy

Last updated: February 2025

1. Data Controller

Hendrik Dreesmann
c/o COCENTER, Koppoldstr. 1, 86551 Aichach, Germany
Email: [email protected]

2. Data We Collect

Data you provide directly:

  • Email address — required to create an account and deliver the service
  • Payment information — collected and processed by Stripe (we never see your card details)

Data collected automatically:

  • IP address and browser type — used for security and abuse prevention
  • Session data — stored in a server-side cookie to keep you logged in
  • Usage data — anonymised page views collected by Umami Analytics (no cookies, no cross-site tracking)

3. Legal Basis (GDPR Art. 6)

  • Art. 6(1)(b) — Contract: email address and payment data, to provide and bill the service
  • Art. 6(1)(f) — Legitimate interest: security logs, anonymised analytics, fraud prevention
  • Art. 6(1)(c) — Legal obligation: invoicing records retained for 10 years as required by German tax law

4. Sub-processors

Stripe (payments) — processes payment data on our behalf. Stripe Privacy Policy

Resend (transactional email) — sends magic-link and notification emails. Resend Privacy Policy

Umami (analytics) — self-hosted, anonymised page-view analytics. No cookies, no cross-site tracking, no personal data transferred to third parties.

Hetzner (hosting) — servers located in Germany (EU). Hetzner Privacy Policy

5. Cookies

We use only essential cookies:

  • Session cookie — keeps you logged in; expires when your session ends or after 30 days
  • CSRF token — protects form submissions; session-scoped

We do not use advertising, tracking, or third-party cookies. Umami Analytics is cookieless.

6. Data Retention

  • Account data — retained while your account is active; deleted within 30 days of account deletion
  • Invoicing records — retained for 10 years as required by German tax law (§147 AO)
  • Security logs — retained for 30 days
  • Anonymised analytics — retained indefinitely (no personal data)

7. International Transfers

All servers are located in Germany (EU). Stripe and Resend may process data outside the EU; both maintain EU Standard Contractual Clauses (SCCs) to ensure adequate protection.

8. Your Rights (GDPR)

As an EU resident you have the right to:

  • Access (Art. 15) — obtain a copy of your personal data
  • Rectification (Art. 16) — correct inaccurate data
  • Erasure (Art. 17) — delete your account and personal data
  • Restriction (Art. 18) — restrict how we process your data
  • Portability (Art. 20) — receive your data in a machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interest

To exercise any of these rights, email [email protected]. We respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Germany: BfDI.

9. Changes

We may update this policy. For significant changes we will notify you by email at least 14 days in advance.

10. Contact

Privacy enquiries: [email protected]

Share feedback

What's on your mind?

Coffee market intelligence — starting at $99/mo
Start 30-day risk-free trial