Privacy Policy

1. Introduction

This Privacy Policy explains how Stefan Rosanitsch ("we", "us", "our") collects, uses, and protects your personal data when you use the Easy Earnings Tracker service. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable German data protection laws.

Data Controller: Stefan Rosanitsch, Kriegerdankstr. 14, 96450 Coburg, Germany

Contact: stefanrows@gmail.com

Last Updated: 7/27/2025

2. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Art. 6(1)(b) GDPR): To provide our income tracking service and manage your account
  • Legitimate Interest (Art. 6(1)(f) GDPR): To improve our service, ensure security, and prevent fraud
  • Consent (Art. 6(1)(a) GDPR): For analytics and marketing purposes (where applicable)
3. Personal Data We Collect

Account and Profile Data:

  • Email address (for authentication and communication)
  • Name and profile information
  • Account preferences and settings

Income Tracking Data:

  • Income amounts, sources, and dates you enter
  • Platform information for income sources
  • Notes and categories you create

Technical Data:

  • IP address and location data
  • Browser type, version, and settings
  • Operating system and device information
  • Usage patterns and interaction data

Payment Data (via Stripe):

  • Payment method information (processed by Stripe)
  • Subscription status and billing history
  • Transaction records
4. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To create and manage your account, provide income tracking functionality
  • Payment Processing: To process payments and manage subscriptions through Stripe
  • Communication: To send service updates, security notifications, and support messages
  • Security: To protect against fraud, abuse, and unauthorized access
  • Analytics: To understand usage patterns and improve our service (with consent)
  • Legal Compliance: To comply with legal obligations and resolve disputes
5. Third-Party Services

Stripe (Payment Processing):

We use Stripe to process payments and manage subscriptions. Stripe collects and processes payment information according to their own privacy policy. We only receive confirmation of successful payments and subscription status.

  • Stripe Privacy Policy: https://stripe.com/privacy
  • Data shared: Payment method details, transaction amounts, subscription status
  • Purpose: Payment processing and subscription management

Google Analytics:

We use Google Analytics 4 (GA4) to understand how users interact with our website and improve our service. Google Analytics uses cookies and similar technologies to collect information about your use of our website.

  • Google Privacy Policy: https://policies.google.com/privacy
  • Data collected: Page views, session duration, user interactions, device information
  • Purpose: Website analytics and service improvement
  • Legal basis: Consent (you can opt-out via cookie settings)

Supabase (Backend Services):

We use Supabase as our backend service provider for data storage and authentication.

  • Supabase Privacy Policy: https://supabase.com/privacy
  • Data stored: Account information, income data, preferences
  • Purpose: Data storage and authentication
6. Data Retention

We retain your personal data for the following periods:

  • Account Data: Until you delete your account or request deletion
  • Income Data: Until you delete your account or the specific entries
  • Payment Records: As required by law (typically 7-10 years for tax purposes)
  • Analytics Data: 26 months (Google Analytics default retention period)
  • Logs and Security Data: Up to 12 months for security and debugging purposes

Account Deletion: You can delete your account at any time from your Account Settings page. This will permanently delete all your personal data and income entries. This action cannot be undone.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): Request a copy of your personal data and information about how it's processed
  • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18 GDPR): Request limitation of data processing
  • Right to Data Portability (Art. 20 GDPR): Request transfer of your data to another service
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing based on consent
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at stefanrows@gmail.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure hosting through Supabase with industry-standard security
  • Regular backups and disaster recovery procedures
9. Cookies and Tracking Technologies

Essential Cookies:

These cookies are necessary for the website to function properly and cannot be disabled.

  • Authentication cookies (session management)
  • Security cookies (CSRF protection)
  • Preference cookies (theme, language settings)

Analytics Cookies:

Google Analytics cookies help us understand website usage. You can control these through your browser settings or our cookie consent mechanism.

  • _ga, _ga_* (Google Analytics)
  • _gid (Google Analytics)
  • _gat (Google Analytics)

You can manage cookie preferences through your browser settings. However, disabling essential cookies may affect website functionality.

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

We encourage you to review this policy periodically. Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this privacy policy or our data practices, please contact us:

Data Controller: Stefan Rosanitsch

Address: Kriegerdankstr. 14, 96450 Coburg, Germany

Email: stefanrows@gmail.com

Supervisory Authority: If you have concerns about our data processing, you may also contact the relevant data protection supervisory authority in your jurisdiction.