Privacy Policy
Learn how we collect, use, and protect your data.
Last updated: [DATE]
1. Controller
The controller responsible for data processing on this website and within the Tour Flow application is:
Lauritz Leiber
Ernst-Barlach-Str. 2A
76227 Karlsruhe
Germany
Email: it@tour-flow.net
2. General Information on Data Processing
We process personal data only to the extent necessary to provide a functional website, our SaaS application, and related services.
Processing is carried out in accordance with the General Data Protection Regulation (GDPR).
3. Hosting
This website and application are hosted by Vercel.
Vercel processes personal data such as IP addresses and log data as a data processor.
Data transfers to third countries (e.g., the United States) may occur.
4. Server Log Files
When visiting the website, the following data may be collected automatically:
- IP address (anonymized where possible)
- Date and time of request
- Browser type and version
- Operating system
- Referrer URL
Purpose:
- Technical stability
- Security
- Error analysis
Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest)
5. Analytics
We use Vercel Analytics.
According to current information, analytics are performed anonymously and without cookies.
No user profiles are created.
Legal basis:
Art. 6 (1) (f) GDPR
6. User Registration & Accounts
Users may register for an account within the application.
Processed data:
- Name
- Email address
- Phone number (if provided)
Purpose:
- Providing application functionality
- Account management
- Communication
Legal basis:
Art. 6 (1) (b) GDPR (contract)
7. Authentication
Authentication and session management are handled using NextAuth.js.
Only technically necessary data is processed to enable secure login sessions.
8. Database
User data is stored in a PostgreSQL database provided by Neon.
9. File Uploads
Users may upload files within the application.
Files are stored using:
- Backblaze B2
- Delivered via Cloudflare Workers
Purpose:
- Providing core application features
Legal basis:
Art. 6 (1) (b) GDPR
10. Payments
Payments are processed via Stripe.
Stripe processes payment data independently as a controller.
We do not store full payment details.
Legal basis:
Art. 6 (1) (b) GDPR
11. Newsletter
We offer a newsletter.
Processed data:
- Email address
Purpose:
- Sending updates and information
Legal basis:
Art. 6 (1) (a) GDPR (consent)
Users may unsubscribe at any time.
12. Contact
Users may contact us via email.
Processed data:
- Email address
- Message content
Purpose:
- Handling inquiries
Legal basis:
Art. 6 (1) (b) / (f) GDPR
13. Usage Data & Application Logging
Within the application, usage data may be processed:
- User actions
- Technical events
- Error logs
Purpose:
- Troubleshooting
- Security
- Service improvement
Legal basis:
Art. 6 (1) (f) GDPR
14. Fonts
Fonts are hosted locally or provided via Next.js.
No data is transferred to third-party font providers.
15. Embedded Content (Future)
If videos from YouTube are embedded, personal data (such as IP addresses) may be processed when accessing such content.
16. Data Retention
Personal data is stored only as long as necessary for the respective purpose unless statutory retention obligations apply.
17. Rights of Data Subjects
Users have the right to:
- Access
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Objection
Users also have the right to lodge a complaint with a supervisory authority.