Privacy

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, why, and how we protect it.

1. Data Controller

The data controller for this website is Marcus Smolarek (see Imprint for contact details).

2. Local Storage

We store the following preferences in your browser's local storage (never leaves your device):

  • Theme preference (dark/light mode)
  • Language preference (EN/DE)

3. Analytics (Plausible)

We use Plausible Analytics, a privacy-friendly, cookie-free analytics tool:

  • Open source and GDPR/CCPA compliant
  • No cookies, no personal data collection
  • No cross-site tracking
  • Only aggregate data (page views, referrers)

For details, see Plausible's data policy.

4. User Accounts (Clerk)

If you create an account, we use Clerk for authentication. When you register or log in, Clerk collects:

  • Email address
  • Name (if provided)
  • Profile picture (if provided)
  • Authentication data (password hash, OAuth tokens)

Cookies: Clerk uses HttpOnly session cookies for secure authentication. These cookies do not store personally identifiable information and are essential for account functionality.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) – required to provide account functionality.

Data location: Clerk stores data on servers in Germany (EU) with backup in Ireland (EU). Clerk is certified under the EU-US Data Privacy Framework (DPF).

See Clerk's Privacy Policy and Data Processing Addendum for details.

5. Database (Convex)

We use Convex as our database. If you have an account, we store:

  • Your user ID (linked to Clerk)
  • Content you submit (stacks, apps, services)
  • Timestamps (created/updated dates)

Legal basis: Contract performance (Art. 6(1)(b) GDPR) – required to store your submissions.

Data location: Convex servers in EU (Frankfurt, Germany).

See Convex's Privacy Policy for details.

6. External Services

Brandfetch (Logo CDN)

We use Brandfetch to display company logos. When you view a page with logos, your browser makes requests to Brandfetch's CDN. This may transmit your IP address to Brandfetch.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – displaying accurate brand logos.

Vercel (Hosting)

This website is hosted on Vercel with servers in Frankfurt, Germany (EU). Vercel automatically collects:

  • IP address (anonymized in logs)
  • Date/time of access
  • Browser type, OS, referrer

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – providing a secure website.

7. Data Retention

  • Account data: Retained until you delete your account
  • User content: Retained until you delete it or your account
  • Server logs: Automatically deleted after 30 days

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access – Request a copy of your personal data
  • Rectification – Correct inaccurate data
  • Erasure – Delete your data ("right to be forgotten")
  • Restriction – Limit how we process your data
  • Portability – Receive your data in a portable format
  • Object – Object to processing based on legitimate interest
  • Withdraw consent – Withdraw consent at any time

To exercise these rights, contact us at hi@finance-stacks.com.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you (Art. 22 GDPR).

10. Data Transfers

Your data is primarily processed within the European Union (Germany). Clerk stores data in Germany/Ireland and is certified under the EU-US Data Privacy Framework (DPF) for any US processing. All other services (Convex, Vercel) process data within the EU.

11. Newsletter

If you subscribe to our newsletter, we collect:

  • Your email address
  • Language preference
  • Subscription date and confirmation date

Double opt-in: We use a double opt-in process. After signing up, you will receive a confirmation email. Your subscription is only active after you click the confirmation link.

Email service: We use Brevo (formerly Sendinblue) to send newsletters. Brevo processes your email address on our behalf.

Legal basis: Consent (Art. 6(1)(a) GDPR) – you actively subscribe and confirm.

Unsubscribe: You can unsubscribe at any time using the link in every newsletter or by contacting us at hi@finance-stacks.com.

Retention: Your data is deleted when you unsubscribe.

12. Email Communication

When you contact us via email (hi@finance-stacks.com), we process:

  • Your email address
  • Your name (if provided)
  • Message content
  • Metadata (date, time)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – responding to inquiries. Retention: Emails are deleted after the inquiry is resolved, unless legal retention requirements apply.

13. External Links

This website contains links to external websites (apps, services, etc.). We are not responsible for their privacy practices. Please review their privacy policies.

14. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The responsible authority for us is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow
www.lda.brandenburg.de

15. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available on this page.

Last updated: February 13, 2026

16. Contact

For privacy-related questions, contact us at hi@finance-stacks.com or see our Imprint.