Privacy Policy

1. Controller

Responsible for data processing on this website:

2. Overview: What data do we process?

We process personal data only as far as it is necessary for the provision of our services or legally permitted:

• Server log data (e.g., IP address, timestamp, requested URL, user agent) for security and stability
• Search/usage data (e.g., ISBN/title inputs) to execute searches and price queries
• Account and profile data (e.g., email) if you create a user account (Supabase Auth)
• Price alerts (saved books, target price) if you use alerts
• Newsletter data (email) if you voluntarily subscribe
• Cookie/LocalStorage data for consent management and settings

3. Purposes and Legal Basis

• Provision of the website (Art. 6(1)(f) GDPR; legitimate interest in operation/security)
• User account (Art. 6(1)(b) GDPR; contract/pre-contractual measures)
• Price alerts & notifications (Art. 6(1)(b) GDPR)
• Newsletter (Art. 6(1)(a) GDPR; consent, typically double opt-in)
• Analytics (Art. 6(1)(a) GDPR; consent; only after consent in cookie banner)
• Cookies/Technologies (TTDSG § 25: necessary technologies without consent, optional only with consent)

4. Hosting

We host this website via Vercel. Technically necessary data (e.g., IP address, log data) is processed. Privacy Policy Vercel.

5. Authentication & Database

For login/accounts and storage of user data, we use Supabase. Processing is done to provide features (e.g., account, saved books, price alerts). More information: Privacy Policy Supabase.

6. Price Alerts & Emails

If you enable price alerts, we store the associated settings and may send you notifications (e.g., via email). Legal basis is Art. 6(1)(b) GDPR (contract/service provision).

For sending emails, we use UseSend (Self-Hosted).

7. Newsletter

If you subscribe to a newsletter, we process your email address exclusively for sending it. You can revoke your consent at any time (unsubscribe link in every email). Legal basis is Art. 6(1)(a) GDPR.

Note: The specific newsletter service provider can be configured (LEGAL_PROVIDER_NEWSLETTER_*).

8. Web Analytics

If we use an analytics tool, it is only after your consent via the cookie banner. You can change your selection at any time under Cookie Settings.

Provider: PostHog (EU Cloud). Purpose: Webanalyse zur Verbesserung des Produkts (nur nach Einwilligung). Privacy Policy PostHog (EU Cloud)

9. Affiliate/Partner Links

Our pages may contain links to merchant/marketplace sites. If you purchase via a partner link, we may receive a commission – at no extra cost to you. More information can be found under Affiliate Disclosure.

10. Cookies & Settings

We use necessary cookies/technologies for operation (e.g., security, login) and store your consent choices (cookie bp_consent_v1). Optional categories (preferences/analytics) are only set after your selection.

11. Storage Duration

We store personal data only as long as necessary for the stated purposes or as required by legal retention obligations. Account data can be deleted (where possible); price alerts can be deactivated/deleted.

12. Your Rights

You have the right to information, correction, deletion, restriction of processing, data portability, and objection to certain processing. For consent-based processing, you can revoke your consent at any time with effect for the future.

13. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. Generally, the authority of your usual place of residence or our company location is responsible.