Privacy policy

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

2. General information on data processing

We process personal data only to the extent necessary to provide this website and its features, or where you have consented to it. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection law.

3. Provision of the website

When you access this website, technically necessary data is processed in order to deliver the page and to ensure the security and stability of the service.

• technical access data such as IP address, timestamp and pages accessed
• information about the browser, device and operating system used

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and functional provision of the website.

4. Use of the application

When you use features of the application, we process the inputs and content required for this — for example search queries, configuration data, uploaded files or requested downloads — solely to provide the function you triggered.

Where technically possible, processing takes place directly in your browser. Otherwise, data is processed only to the extent necessary to provide the requested function.

The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR respectively.

5. Waitlist and download sign-up

If you sign up for a waitlist notification or leave your email address before downloading a video, we store only the following data in a database:

• your email address
• the trigger of your sign-up (e.g. free download, Pro waitlist, Studio waitlist)
• the time of your first and last sign-up

We use your email address solely to send you product news about chartrace. No other use takes place without your additional consent.

The legal basis is Art. 6(1)(a) GDPR (consent), which you give by submitting the form. We do not store any IP address or browser information together with your entry. To prevent automated mass sign-ups, we briefly check the IP address of a request in memory; it is not stored permanently.

Retention period: We delete waitlist entries no later than 24 months after your last activity, or immediately after you withdraw your consent.

Withdrawal: You can withdraw your consent at any time with effect for the future. To do so, send a short message to dominik@chartrace.app. We will then delete your data promptly.

6. Reach measurement, cookies and privacy settings

Anonymous reach measurement (without cookies): To determine visitor numbers and frequently accessed pages, we use Vercel Web Analytics. No cookies are set and no information is stored on or read from your device. Only aggregated statistics (e.g. page views, referrer, country) are created; there is no personal reference and no recognition of your device. § 25 TDDDG does not apply because no information is stored on or read from your device. The legal basis is our legitimate interest in a statistical evaluation of reach, Art. 6(1)(f) GDPR.

Optional analytics with consent: With your consent, we additionally use extended analytics technologies to better understand the use of core features and to improve chartrace. These are only activated after your express consent. You can change or withdraw your choice here at any time.

Necessary storage: We store your privacy choice locally in your browser (localStorage) so that the selection is retained on your next visit. This storage is technically necessary to implement the choice you made.

Storage of your inputs: So that your configuration (e.g. selected tickers, colors, time frame, title, format) is available again on your next visit, we also store these inputs locally in your browser (localStorage). The data does not leave your device; no transfer to us or third parties takes place. You can delete it at any time via your browser settings.

The legal basis is Art. 6(1)(f) GDPR for the anonymous reach measurement and the necessary storage of your setting, as well as Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG for optional analytics technologies.

7. Recipients and processors

We use the following service providers as processors within the meaning of Art. 28 GDPR:

• Vercel Inc.— hosting of the website, provision of the application and cookieless reach measurement (Vercel Web Analytics). Servers in the EU region (Frankfurt).
• Neon Inc.— provision of the PostgreSQL database in which user and waitlist entries are stored. Region: AWS eu-central-1 (Frankfurt).
• Resend, Inc., San Francisco, USA — sending of transactional emails (in particular the magic-link sign-in emails). Only the email address and the content of the message sent are processed. Legal basis: Art. 6(1)(b) GDPR (initiation and performance of a contract).
• Lemon Squeezy Inc., 17 Edgewater Park, Boston, MA 02125, USA — processing of payments for paid plans as Merchant of Record (invoicing, payment processing, collection and remittance of VAT, fraud prevention). Processed data includes in particular email address, name, billing address, country, IP address for geo-based tax determination, and payment metadata. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

We have entered into the data processing agreements required under Art. 28 GDPR with all providers.

Transfer to third countries:Resend, Inc. and Lemon Squeezy Inc. are based in the USA. Where personal data is transferred there, this is done on the basis of the European Commission’s Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 and, where applicable, supplementary technical and organizational measures (Art. 46(2)(c) GDPR). Vercel Inc. and Neon Inc. process our data exclusively in the EU (Frankfurt region); a transfer to a third country does not take place in normal operation.

We will provide further information about the specific recipients used on request, as part of your data subject rights.

8. Your rights

You have the right at any time:

• to obtain information about your stored data (Art. 15 GDPR)
• to request rectification of inaccurate data (Art. 16 GDPR)
• to request erasure of your data (Art. 17 GDPR)
• to request restriction of processing (Art. 18 GDPR)
• to request data portability (Art. 20 GDPR)
• to object to processing (Art. 21 GDPR)

To exercise your rights, please contact: dominik@chartrace.app

9. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is:

10. SSL/TLS encryption

For security reasons, this website uses SSL/TLS encryption.

11. Changes to this privacy policy

We reserve the right to amend this privacy policy in order to adapt it to changes in the law or changes to the service.

Last updated: 24 May 2026