KI
KIneAngst

Privacy Policy

This is a convenience translation. The legally binding version of this privacy policy is the German original.

Version 1.3 — effective from May 19, 2026

1. Controller

Thorsten Ahrens Zillestr. 75 51067 Cologne, Germany Email: contact@kineangst.de

No data protection officer has been appointed pursuant to Art. 37 GDPR; the thresholds requiring such an appointment are not met.

2. Data Collection on This Website

a) Contact Requests via Email

When you contact us by email, the data you provide (your email address, possibly your name and your message) will be stored to process your inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

b) User Account

Upon registration, your name and email address are stored. Authentication is handled via Supabase (password or magic link). Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

c) Experience Points (XP System)

For logged-in users, interactions (articles read, tests completed, content shared) are recorded in a points system. Purpose: gamification and progress tracking. Data stored: user_id, action, reference, timestamp. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). XP data is used solely for progress display within the user's own account — no profiling, no advertising, no transfer to third parties.

d) Anonymous Test Statistics

Upon completion of the AI Anxiety Test, dimension scores are saved without any user reference and without IP address. Purpose: anonymous community comparison (only displayed once at least 10 participants). This data cannot be traced back to individual persons. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

3. Legal Basis

Data processing is carried out on the basis of:

  • Art. 6(1)(a) GDPR (consent) — for newsletter subscription.
  • Art. 6(1)(b) GDPR (performance of a contract) — for user accounts, XP system, contact requests.
  • Art. 6(1)(c) GDPR (legal obligation) — for disclosure to law enforcement authorities.
  • Art. 6(1)(f) GDPR (legitimate interest) — for anonymous test statistics, hosting logs, and web analytics.

4. Data Retention

  • Server logs (Vercel): up to 30 days.
  • Contact requests: Deleted as soon as they are no longer necessary for the purpose for which they were collected and no statutory retention obligations apply.
  • Account data (name, email): Until deletion of the user account. Accounts inactive for more than 24 months are deleted together with the associated data after a prior notification e-mail.
  • XP data: Until deletion of the user account.
  • Anonymous test statistics: Indefinitely, as they are not personal data.
  • Newsletter consent: Until revocation; after revocation the e-mail address is deleted from the distribution list (no suppression list is maintained).

5. Hosting

This website is hosted by Vercel Inc. (USA). When you visit, technical data (IP address, browser type, operating system, referrer URL, access time) is automatically recorded in server logs. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of the website and in defending against attacks). In the balancing of interests, the controller's interests prevail because the processing is limited to what is technically necessary, no profiles are created, and logs are automatically deleted after 30 days.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with Vercel Inc. Data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and the EU-US Data Privacy Framework (Art. 45 GDPR).

6. Database

Supabase (Supabase Inc., USA) is used to store user accounts, course progress, and XP data. The database is operated in the EU region (Frankfurt). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Supabase Inc. Where the provider (corporate seat USA) carries out access from the USA, the transfer is secured via EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and the EU-US Data Privacy Framework (Art. 45 GDPR, adequacy decision of 10 July 2023). More information: supabase.com/privacy.

7. Email Service

Resend (Resend Inc., USA) is used for authentication emails (magic links, password reset) and in the future for newsletters. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Resend Inc. Data transfer to the USA is based on the EU-US Data Privacy Framework (Art. 45 GDPR).

8. Cookies and Tracking

This website does not use tracking cookies or advertising trackers.

Technically Necessary Cookies

Supabase Auth session cookie: Set for logged-in users to maintain the session. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). No cookie banner is required for this.

9. Vercel Analytics (cookie-free)

This website uses Vercel Analytics, a cookie-free analytics service by Vercel Inc. (USA). Data collected: anonymised IP address (hashed + rotated daily, no traceability to the end user), requested page, referrer, user-agent, access time. No cookies are set, no fingerprinting techniques used, no user profiles built. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach analytics for product development). Third-country transfer: USA (EU-U.S. Data Privacy Framework + SCCs pursuant to Art. 46(2)(c) GDPR). More info: vercel.com/legal/privacy-policy.

10. Newsletter

During registration, you may opt in to receive newsletters. Data stored: user_id, consent timestamp, and source. Legal basis: Art. 6(1)(a) GDPR (consent). You may revoke your consent at any time by unsubscribing via the link in the email or by emailing contact@kineangst.de.

11. Social Sharing

The website offers sharing buttons for X, LinkedIn, Facebook, WhatsApp, Telegram, Reddit, and Threads. No data is transmitted to these platforms unless you actively click a button. Clicking opens a new browser window to the respective platform. The privacy policies of the respective platform then apply.

12. Disclosure to Law Enforcement

We may be legally obligated to disclose stored data to law enforcement authorities on the basis of a European Production Order or Preservation Order pursuant to Regulation (EU) 2023/1543. Such disclosure is made exclusively on the basis of a lawful order and to the extent required by law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

13. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your stored data (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR) — for the newsletter at any time with effect for the future

14. Account Deletion

Users may request deletion of their account and all associated data (profile, XP, test data, newsletter consent) at any time by emailing contact@kineangst.de.

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).

16. Changes

This privacy policy may be updated as needed. The current version with date can always be found on this page.