Skip to main content
Legal Document

Privacy Policy

Transparent handling of your data
Last Update: 09.02.2026
v2.0

At a Glance

  • GDPR-compliant: We process your data according to EU law
  • No Sale: We never sell your data to third parties
  • Transparency: You always know what data we have
  • Control: You can have your data deleted at any time
  • Security: Encrypted transmission and secure storage
1

Preamble & Controller

Who is responsible for your data

We take the protection of your personal data very seriously. Below we inform you about the collection, processing, and use of your data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Controller

Umutcan Emre Tezgel

Lessingstraße 4
35578 Wetzlar
Deutschland

Email: umut@codayweb.de

Phone: +49 176 41195301

Website: www.codayweb.de

2

Principles of Data Processing

Our obligations under GDPR Art. 5

Lawfulness

Every processing is based on a valid legal basis (consent, contract, legitimate interest).

Transparency

You will be informed comprehensively about all processing operations.

Purpose Limitation

Data is collected only for specified, explicit, and legitimate purposes.

Data Minimization

We only collect the data we actually need.
3

Collection of Personal Data

What data we collect

When visiting our website, information is automatically sent to the server by the browser. This is temporarily stored in log files:

  • IP-Adresse (anonymisiert)
  • Datum & Uhrzeit des Zugriffs
  • Aufgerufene URL
  • Referrer URL (vorherige Seite)
  • Browser & Betriebssystem

Rechtsgrundlage: Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse)

4

Cookies & Tracking Technologies

How we use cookies

We use cookies to keep our website functional and improve your user experience. You can adjust your cookie settings at any time via our cookie banner.

Necessary Cookies

Required for basic website functions (session, cookie settings). The website will not function without these.

Speicherdauer: Session / 1 Jahr

Functional Cookies

Save your preferences like language selection and chatbot history (localStorage).

Speicherdauer: 1 Jahr

Analytics Cookies

Google Analytics to improve our website – only with your explicit consent.

Speicherdauer: 26 Monate

You can adjust your cookie settings at any time via the cookie banner or block all cookies in your browser settings.

5

Data Flow Overview

How your data is processed

Visualization of data flow when using our services
👤

Nutzer

🌐

Website

Vercel

🗄️

Datenbank

Supabase (EU)

🤖

KI-Verarbeitung

Google Gemini / Perplexity

📊

Analytics

Google Analytics (optional)

6

AI Services & Automated Processing

Use of Artificial Intelligence

Important Note

Our AI assistant 'Codi' and the Website Analyzer use external AI services for processing. Your inputs are transmitted to these services when used.

For the chatbot and Website Analyzer, your requests are transmitted to the Google Gemini API.

  • Verarbeitet werden: Ihre Chat-Nachrichten, Website-Inhalte bei Analyse
  • Anbieter: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Datenschutz: EU-Standardvertragsklauseln

Rechtsgrundlage: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung durch Nutzung)

No Legal/Medical Advice

AI-generated answers are for informational purposes only and do not replace professional advice. We assume no liability for decisions made based on AI answers.
7

Processors & Third Parties

Who we work with

We work with carefully selected service providers who support us in delivering our services. We have concluded Data Processing Agreements (DPA) according to Art. 28 GDPR with all processors.

Vercel Inc.

DSGVO

Website Hosting & CDN

USA (EU-Standardvertragsklauseln)Privacy Policy

Supabase Inc.

DSGVO

Database & Backend

EU (Frankfurt)Privacy Policy

Google LLC

DSGVO

Gemini API & Analytics

USA (EU-Standardvertragsklauseln)Privacy Policy

Perplexity AI

DSGVO

AI-supported Web Search

USAPrivacy Policy
8

International Data Transfer

Transfer to third countries

Some of our service providers are located outside the European Union, specifically in the USA. In these cases, we ensure through appropriate guarantees that your data is adequately protected.

EU Standard Contractual Clauses

We have concluded Standard Contractual Clauses approved by the EU Commission with service providers in third countries.

Adequacy Decisions

Where available, we rely on adequacy decisions of the EU Commission (e.g., for certain US companies).
9

Data Retention & Deletion Periods

How long we keep your data

We store your data only as long as necessary for the respective purpose or as required by statutory retention periods.

Retention Periods by Data Type

Contact Inquiries

After completion of processing, max. 6 months

Project Data

For the duration of the project + 3 years (warranty)

Invoice Data

10 years (statutory retention obligation)

Chatbot Conversations

Only locally in browser, no server-side storage

Analytics Data

Anonymized after 26 months

10

Data Subject Rights

Your rights under GDPR

You have comprehensive rights regarding your personal data. To exercise these rights, please contact us at umut@codayweb.de.

Art. 15

Access

You have the right to obtain information about your personal data stored by us.

Art. 16

Rectification

You can request the correction of incorrect or completion of your data.

Art. 17

Erasure

You have the "Right to be Forgotten" – deletion of your data upon request.

Art. 18

Restriction

You can request the restriction of processing of your data.

Art. 20

Data Portability

You can receive your data in a common, machine-readable format.

Art. 21

Objection

You can object to the processing of your data, especially for direct marketing.

How to exercise your rights:
Send us an email to umut@codayweb.de with the subject "Privacy Inquiry". We will reply within 30 days.

11

Right of Complaint to Supervisory Authority

If you are unsatisfied

If you believe that the processing of your data violates data protection law, you have the right to complain to a supervisory authority (Art. 77 GDPR).

Competent Supervisory Authority

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit

Gustav-Stresemann-Ring 1
65189 Wiesbaden
Telefon: +49 611 1408-0
E-Mail: poststelle@datenschutz.hessen.de

12

Changes to this Privacy Policy

Updates and Versioning

We reserve the right to adapt this privacy policy to changed legal situations or changes to our services. The current version can always be found on this page.

In the event of significant changes, we will inform you – as far as possible – by email or through a notice on our website.

13

Data Security

Technical and organizational measures

We implement extensive technical and organizational measures to protect your data:

Encryption

TLS/SSL encryption for all data transmissions (HTTPS).

Regular Updates

Our systems are regularly updated and checked for security vulnerabilities.

Access Control

Access to personal data is strictly limited and logged.

Backup

Regular, encrypted backups to protect against data loss.
14

Contact & Privacy Inquiries

Get in touch

If you have any questions about data protection or exercising your rights, we are happy to help:

Datenschutz-Kontakt

Umutcan Emre Tezgel
Lessingstraße 4
35578 Wetzlar

Erreichbarkeit

Email: umut@codayweb.de
Phone: +49 176 41195301
Response Time: Within 30 days