Toolflux

Privacy Policy

This is a translation of our Datenschutzerklärung. In case of any discrepancy, the German version is legally binding.

1. Controller

Inh. Oliver Erdmann, Georg-Münch-Str. 14, 85604 Zorneding, Germany Email: hi@toolflux.app

2. Overview

Toolflux is built to be data-minimal. There are no user accounts; tools run in your browser and your inputs never leave your device. We process:

  • Technical server logs on page requests
  • Pseudonymous analytics via PostHog (cookieless)
  • Emails you send us

Each processing activity is described below with purpose, legal basis, retention and recipients. Transfers to third countries (notably the US) rely on the EU Standard Contractual Clauses, in some cases reinforced by certification under the EU-US Data Privacy Framework.

3. Website hosting

  • Purpose: technical operation and security of the website
  • Data: IP address, timestamp, requested URL, HTTP status, user agent, referrer
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable, secure operation)
  • Retention: approx. 30 days, then deletion or anonymisation unless needed to investigate an attack
  • Recipient / processor: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Contractually secured via Vercel's DPA with EU SCCs; Vercel is additionally certified under the EU-US Data Privacy Framework.

4. Analytics with PostHog (cookieless)

We use PostHog for pseudonymous usage analytics - no cookies, no local storage, no durable re-identification.

  • Purpose: understand which tools and pages get used; detect errors
  • Data: page views, coarse origin, browser type, tool-interaction events; IP addresses are pseudonymised on PostHog's side and not persistently stored
  • Configuration: persistence: 'memory', person_profiles: 'identified_only', autocapture: false; no cookies, no local storage, no fingerprinting
  • Legal basis: Art. 6(1)(f) GDPR. Because no information is stored on or read from your device, § 25 TDDDG does not apply in our assessment and no consent is required.
  • Retention: raw events approx. 30 days, aggregated statistics longer
  • Recipient / processor: Hiberly Ltd. (PostHog), 268 Bath Road, Slough SL1 4DX, United Kingdom; EU instance, servers in Frankfurt. GDPR DPA and SCCs in place.

5. Email contact

If you email us we store your message and contact details until the matter is closed and no retention obligations apply.

  • Legal basis: Art. 6(1)(b) and (f) GDPR
  • Forwarding: The address hi@toolflux.app is forwarded via Porkbun email forwarding to our personal mailbox (Porkbun LLC, 1105 NE Sandy Blvd, Portland, OR 97214, USA).

6. Planned features (not yet active)

Documented up front for transparency; details will be added when these are actually used:

  • GoHighLevel (GHL) for voluntary email capture (feedback/newsletter). Legal basis will be Art. 6(1)(a) GDPR (consent) with the right to withdraw at any time.
  • Google AdSense for monetisation. AdSense sets consent-based cookies, so a consent banner will be added before activation.

7. Retention overview

CategoryRetention
Server logsapprox. 30 days
PostHog raw eventsapprox. 30 days
PostHog aggregateslonger, pseudonymous
Email correspondenceuntil matter closed + statutory retention
Porkbun forwardingduring transit only

8. Your rights

You have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interest (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

To exercise any right, an informal message to hi@toolflux.app is enough.

9. No automated decision-making

We do not use automated decision-making within the meaning of Art. 22 GDPR.

10. Supervisory authority

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Postfach 1349, 91504 Ansbach, Germany Phone: +49 981 180093-0 · Email: poststelle@lda.bayern.de Web: lda.bayern.de

11. Security

The website is served exclusively over TLS 1.2+. Data at rest at Vercel is encrypted with AES-256. Absolute security does not exist online; we keep the attack surface small by refusing user accounts and cookies.

12. Changes

We update this policy when our processing changes. The current version is on this page; the date above shows the latest revision.