Last updated: July 13, 2025
1. Controller and Contact Information
The controller responsible for data processing on this website is:
OPILIO ventures UG (haftungsbeschränkt)
Represented by: Dr. Jan M. Schäfer
Bossestraße 6, 10245 Berlin, Germany
Email: support@investlogic.io
Phone: +49 30 555 733 60
2. Data Protection Principles
We take the protection of your personal data very seriously. We process your personal data only in accordance with the applicable data protection laws, particularly the General Data Protection Regulation (GDPR).
Privacy by Design
investlogic.io follows a privacy-by-design approach. All portfolio calculations are performed locally in your browser. We do not store or process your financial data on our servers.
3. Data Collection and Processing
3.1 Website Usage
When you visit our website, we automatically collect certain information:
- IP address (anonymized)
- Browser type and version
- Operating system
- Date and time of access
- Pages visited
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security and optimization)
3.2 User Registration and Authentication
When you create an account, we collect:
- Email address
- Selected risk level
- Subscription information
- Login timestamps
Legal basis: Art. 6(1)(b) GDPR (contract performance)
3.3 Payment Processing
Payment processing is handled by Stripe. We do not store credit card information. Stripe processes:
- Billing information
- Payment method details
- Transaction data
Legal basis: Art. 6(1)(b) GDPR (contract performance)
4. Data Storage and Retention
We store your data only as long as necessary for the purposes described in this privacy policy:
- Account data: Until account deletion or end of business relationship
- Payment data: 10 years (German tax law requirements)
- Website logs: 30 days
No Marketing Data Collection
We do not collect, store, or process any marketing data. Your email address is used solely for account authentication and essential service communications.
5. Third-Party Services
5.1 Supabase (Database)
We use Supabase for user authentication and data storage. Supabase is GDPR compliant and provides data processing in the EU.
5.2 Stripe (Payment Processing)
We use Stripe for payment processing. Stripe is PCI DSS compliant and handles all payment data securely.
5.3 Vercel (Hosting)
Our website is hosted on Vercel. Server logs may be processed by Vercel for security and performance purposes.
6. Your Rights under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR): Information about your stored data
- Right to rectification (Art. 16 GDPR): Correction of incorrect data
- Right to erasure (Art. 17 GDPR): Deletion of your data
- Right to restriction (Art. 18 GDPR): Limitation of data processing
- Right to data portability (Art. 20 GDPR): Receive your data in a structured format
- Right to object (Art. 21 GDPR): Object to data processing
- Right to withdraw consent: Withdraw consent at any time
To exercise these rights, please contact us at: support@investlogic.io
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data transmission
- Secure authentication via magic links
- Regular security updates and monitoring
- Access controls and audit logs
- Privacy-by-design architecture
8. International Data Transfers
We primarily process data within the European Union. Any international transfers are secured through:
- EU-US Data Privacy Framework
- Standard Contractual Clauses
- Adequacy decisions by the European Commission
9. Changes to this Privacy Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through a notice on our website. The current version is always available at this URL.
10. Complaints
If you believe we have not complied with data protection laws, you can file a complaint with:
Data Protection Authority of Berlin
Friedrichstraße 219, 10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de
Phone: +49 30 13889-0