Privacy Policy
1. Controller
The controller responsible for data processing on this website is:
Richlack Webdesign · Danny Richlack
Güldensteiner Weg 6A · 23738 Lensahn · Germany
Email: hallo@knallhart.dev
2. Data we process
When you use knallhart.dev, we process the following personal data:
- Email address — to deliver your feedback report
- Website URL — the site you submit for analysis
- Payment data — processed exclusively by Stripe; we never receive card details
- Server log data — IP address, timestamp, requested URL (collected automatically by Vercel)
We use privacy-friendly, cookieless analytics (see Section 11) to understand how the site is used. No cross-site tracking or personal profiling takes place.
3. Legal basis
- Art. 6(1)(b) GDPR — Contract performance: processing your email and URL to deliver the service you paid for.
- Art. 6(1)(c) GDPR — Legal obligation: retaining transaction records as required by tax and commercial law.
- Art. 6(1)(f) GDPR — Legitimate interests: server logging to protect against misuse and ensure reliable operation.
4. Hosting — Vercel
This website is hosted by Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA. When you visit the site, Vercel automatically collects server log data (IP address, browser type, requested URLs, timestamps).
Data transfers to the USA are based on Art. 45 GDPR (adequacy decision) and Art. 46 GDPR (standard contractual clauses). Further information: vercel.com/legal/privacy-policy
5. Payment processing — Stripe
Payments are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Your name, email address, and payment data are transmitted directly to Stripe. We only receive a payment confirmation and anonymised transaction ID — card details never reach our servers.
Legal basis: Art. 6(1)(b) GDPR. Stripe's privacy policy: stripe.com/en-de/privacy
6. Screenshot creation
After successful payment, our system automatically takes a screenshot of the website URL you submitted. This is handled by a self-operated server service (running on our own infrastructure in the EU) using a headless browser. The screenshot is used solely for the AI analysis described below and is not stored permanently.
Note: By submitting a URL, you confirm that you are authorised to submit that website for analysis. Submitting third-party URLs without permission is prohibited and is solely your responsibility.
Legal basis: Art. 6(1)(b) GDPR.
7. AI-assisted analysis — Google Gemini API
The screenshot is transmitted to the Gemini API operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to generate the feedback report. Only the screenshot of the publicly accessible website is sent — no personal data (email, name) is transmitted to Google.
Legal basis: Art. 6(1)(b) GDPR. Further information: ai.google.dev/gemini-api/terms
8. Email delivery — Resend
Your feedback report is delivered by email using Resend (Resend Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA). Your email address and the feedback content are transmitted to Resend for delivery purposes.
Legal basis: Art. 6(1)(b) GDPR. Resend's privacy policy: resend.com/legal/privacy-policy
9. Data retention
- Email address and URL: Not stored in a permanent database after the report is delivered. Stripe retains transaction records as required by law (typically 10 years).
- Screenshot: Deleted immediately after AI analysis — not stored permanently.
- Server logs: Automatically deleted by Vercel after 30 days.
10. Your rights
Under the GDPR, you have the following rights:
- Access (Art. 15 GDPR) — what data we hold about you
- Rectification (Art. 16 GDPR) — correction of inaccurate data
- Erasure (Art. 17 GDPR) — right to be forgotten
- Restriction (Art. 18 GDPR) — limiting how we process your data
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR) — against processing based on legitimate interests
To exercise your rights, contact us at: hallo@knallhart.dev
You also have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for Schleswig-Holstein is the Unabhängiges Landeszentrum für Datenschutz (ULD).
11. Cookies and analytics
This website uses two privacy-friendly, cookieless analytics tools to understand general usage patterns — no cross-site tracking, no retargeting, and no advertising cookies are used.
Vercel Web Analytics collects anonymized, aggregate page view data (e.g. which pages are visited, general location by country). No individual visitor profiles are created.
Self-hosted analytics (Umami): We additionally run a self-hosted, cookieless analytics tool on our own infrastructure to measure specific interactions on this page — for example, whether a visitor scrolls to the order form or clicks the submit button. Visitor identification is pseudonymous and session-based, with no persistent cross-site identifier or stored IP address. This data is used solely to improve usability and is not shared with any third party.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding and improving site usability). As no cookies or persistent identifiers are used, no consent banner is required for this type of analytics under current guidance.
Stripe may set technically necessary cookies during the payment process. These are governed by Stripe's own privacy policy.