Logo

Privacy Policy

Last updated: July 24, 2025

1. Overview

General Information

This privacy policy provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data with which you can be personally identified. Detailed information can be found in the full policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data is processed by the website operator. Contact details can be found in the "Controller" section below.

How do we collect your data?

Some data is provided by you — for example, by filling out a contact form.

Other data is collected automatically or with your consent when visiting the site (e.g., browser, OS, access time).

Why do we collect your data?

Part of the data ensures proper functioning of the website; others may be used to analyze user behavior, process payments, provide AI-powered features, or send transactional communications. We will not sell your data to anyone.

What rights do you have regarding your data?

You have the right to access, correct, or delete your personal data. You can revoke your consent at any time. You also have the right to restrict processing under certain conditions and to lodge a complaint with a supervisory authority.

For questions about privacy, you can contact us anytime.

2. General Information & Mandatory Disclosures

Data Protection

We treat your personal data confidentially and in accordance with GDPR and this privacy policy.

Note: Data transmission online (e.g., via email) may have security gaps.

Controller

Sebastian Maronn
Sebastian Maronn Digital Experiences (trading as Floxity)
Blankenburger Str. 22
13156 Berlin, Germany

Phone: +49 178 23 88 626
Email: support@floxity.com

The controller is the individual who determines the purpose and means of data processing.

Data Retention

Unless otherwise specified, personal data is retained until the purpose no longer applies. If you request deletion or revoke consent, your data will be deleted unless legal obligations require otherwise (e.g. tax retention).

Legal Bases

We process your data based on the following:

  • Consent: Art. 6(1)(a) GDPR
  • Contract performance: Art. 6(1)(b)
  • Legal obligation: Art. 6(1)(c)
  • Legitimate interest: Art. 6(1)(f)
  • Consent for cookies: Art. 6(1)(a) GDPR, § 25(1) TDDDG

Data Recipients

We may share your data with external service providers for contract purposes, legal obligations, or based on legitimate interest. Data is shared under proper agreements per GDPR when applicable.

Revoking Your Consent

You may revoke consent at any time. Past processing remains lawful up to that point.

Age Restrictions

Our Service is not intended for children under 16 years of age. We do not knowingly process personal data of children under 16 without parental consent in accordance with Art. 8 GDPR. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@floxity.com so we can delete it.

Right to Object (Art. 21 GDPR)

You may object at any time to processing based on Art. 6(1)(e) or (f) GDPR. If used for direct marketing, your data will no longer be processed for that purpose upon objection.

Right to Lodge a Complaint

If you believe we are processing your personal data unlawfully, you may lodge a complaint with the competent supervisory authority. The competent authority for us is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany.

Right to Data Portability

You have the right to receive your data or have it transferred to another controller in a machine-readable format.

Access, Rectification, and Deletion

You may request access to your data and request correction or deletion, where legally permitted.

Right to Restriction of Processing

You may request restriction under these circumstances:

  • You contest accuracy
  • Processing is unlawful, and you prefer restriction to deletion
  • We no longer need the data, but you need it for legal claims
  • You object under Art. 21(1) pending a balance of interests

If processing is restricted, your data may only be used with consent or for legal reasons.

SSL/TLS Encryption

Our site uses SSL/TLS encryption to protect data transmission. You can recognize this by the "https://" in the address bar and the lock symbol.

Objection to Marketing Emails

We object to the use of contact information published under the legal notice obligation for unsolicited advertising. We reserve legal action in the case of spam.

Data Processing Agreements

We have entered into data processing agreements (DPAs) with all our subprocessors in accordance with Art. 28 GDPR. These agreements ensure that our subprocessors process personal data only in accordance with our instructions and in compliance with GDPR requirements.

International Data Transfers

Some of our subprocessors are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

Automated Decision Making

We use AI-powered services to generate form suggestions. These are not used for automated decision-making that produces legal effects or significantly affects you. You have the right to request human intervention and contest any automated decisions. Legal basis: Art. 6 (1)(b) GDPR for suggestion generation.

3. Cookies

Our site uses cookies — small text files stored on your device. Some are session cookies (deleted when you leave), others persistent (stay until deleted).

Essential Cookies

We use the following essential cookies that are necessary for the proper functioning of our website:

Authentication Cookies (Supabase)

Purpose: User authentication and session management

User Preferences

Purpose: Storing user interface preferences (e.g. dark/light mode)

These essential cookies are stored based on Art. 6(1)(f) and Art. 6(1)(b) GDPR. You can configure your browser to notify you about cookies and allow/block them accordingly. However, disabling essential cookies may affect site functionality and prevent you from using certain features.

4. Newsletter

If you subscribe to our newsletter, we need your email and consent. No additional data is collected unless voluntarily provided.

Data is processed solely for sending the newsletter and will not be shared. Legal basis: Art. 6(1)(a) GDPR. You may unsubscribe anytime via the link in each newsletter.

Your data is retained until you unsubscribe. It may be added to a blocklist to prevent future emails — based on our legitimate interest (Art. 6(1)(f) GDPR).

5. Payments

Payments on Floxity are processed by Stripe, Inc. ("Stripe"). During the checkout process, your payment details are transmitted directly to Stripe and are not stored on our servers. Stripe processes information such as your payment method, billing address, and transaction identifiers to complete the purchase and to comply with legal obligations. Legal bases: Art. 6 (1)(b) GDPR (performance of contract) and Art. 6 (1)(c) GDPR (legal obligation).

6. Server Logs & Usage Analytics

When you access Floxity, our hosting provider (Cloudflare) automatically collects server log data, including your IP address, browser type, operating system, referrer URL, date/time of the request, and the amount of data transferred. This data is necessary to deliver website content, ensure security and stability, and defend against malicious activity (Art. 6 (1)(f) GDPR — legitimate interest).

We also use Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies or track individuals across sites. Cloudflare provides only aggregated, anonymised usage statistics.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available on this page. If changes are material, we will notify you via email or an in-app notice. Continued use of Floxity after the effective date of the revised Policy constitutes acceptance of the changes.

8. Subprocessors

We use the following third-party service providers (subprocessors) to help us deliver our services. These providers have access to personal data only to the extent necessary to perform their services and are contractually bound to protect your data in accordance with GDPR requirements. We may update this list of subprocessors from time to time. When we add a new subprocessor, we will notify you through our website or by email.

Cloudflare

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

EU Representative: Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 München, Germany

Purpose: Content delivery network (CDN), DNS, security, performance services, and website analytics. Cloudflare processes IP addresses, system configuration, traffic data, and anonymized usage data for security, delivery, and performance monitoring purposes.

Supabase

Provider: Supabase, Inc., 350 11th St, San Francisco, CA 94103, USA

Purpose: Database hosting, authentication, and backend services. Supabase stores user account data, form submissions, and application data.

Mailjet

Provider: Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France

Purpose: Newsletter delivery and transactional emails. Mailjet processes email addresses and email content for the purpose of sending communications to users.

Stripe

Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA

Purpose: Payment processing and billing. Stripe processes payment information, billing addresses, and transaction data. We do not have access to your full credit card details.

OpenAI

Provider: OpenAI, L.L.C., 3180 18th St, San Francisco, CA 94110, USA

Purpose: AI-powered form generation and content analysis. OpenAI processes form data and user inputs to generate form structures and provide intelligent suggestions.

Proton

Provider: Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland

Purpose: Secure email communication for customer support. Proton processes email communications between users and our support team.