Privacy Policy

1. Controller

The controller within the meaning of the GDPR and the German Federal Data Protection Act (BDSG) is:

2. Principle

By design, netleft is a data-minimal service. The calculator can be used without an account; the values you enter do not leave your device by default. Personal data is collected only when you actively use a feature that requires it (e.g. "email me this calculation" or newsletter sign-up).

3. Hosting (Vercel Inc., USA)

The site is hosted via Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you load a page, Vercel processes technical connection data (IP address, user agent, requested URL, timestamp) to deliver content and protect against attacks. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure, reliable operation).

Transfers to the USA are based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and supplementary measures where required.

4. Database (Supabase, EU region)

We use Supabase Inc. as our database and authentication provider. Our project is hosted in the EU region (Frankfurt); data is stored exclusively within the EU. Only data you actively submit is processed here (see sections 7 and 8). Legal basis: Art. 6 (1) (b) GDPR (performance of contract or pre-contractual measures).

5. Email delivery (Resend, USA)

For sending transactional emails (result emails, newsletter confirmation, newsletter delivery), we use Resend, Inc., San Francisco, CA, USA. The email address you provide and the content of the relevant message are transmitted. Legal basis: Art. 6 (1) (b) GDPR (fulfilment of an action you initiated) or Art. 6 (1) (a) GDPR (consent, for newsletter).

Transfers to the USA are again based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR).

6. Local browser storage (localStorage)

The calculator saves your inputs (e.g. gross salary, tax class, state) in your browser's local storage so that you can pick up where you left off on your next visit. This data does not leave your device and is not transmitted to us. You can clear browser storage at any time via your browser settings.

7. Newsletter (double opt-in)

If you sign up for our newsletter, we store your email address together with the timestamps of your sign-up and confirmation (double opt-in) in our EU database (Supabase, see section 4). Legal basis: Art. 6 (1) (a) GDPR (consent). You can withdraw your consent at any time — every email contains an unsubscribe link that removes your address from the distribution list. An informal email to hello@netleft.de is also sufficient.

8. "Email me this calculation"

If you actively use the feature to email yourself a calculation, we transmit the email address you provided together with the calculation parameters to Resend (see section 5) and store the send event in our database (Supabase, see section 4). The parameters allow us to send you the matching link back into the calculator. Legal basis: Art. 6 (1) (b) GDPR (fulfilment of an action you initiated).

9. Your rights

You have the following rights:

• Access to the data we process about you (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent (Art. 7 (3) GDPR)
• Complaint to a supervisory authority (Art. 77 GDPR)

To exercise your rights, an informal message to hello@netleft.de is sufficient.

10. Supervisory authority

The competent supervisory authority for the controller is: