Privacy Policy

1. Controller

Responsible for data processing on this website:

2. Overview: What data do we process?

We process personal data only as far as it is necessary for the provision of our services or legally permitted:

• Server log data (e.g., IP address, timestamp, requested URL, user agent) for security and stability
• Search/usage data (e.g., ISBN/title inputs) to execute searches and price queries
• Account and profile data (e.g., email) if you create a user account (Better-Auth)
• Price alerts (saved books, target price) if you use alerts
• Newsletter data (email) if you voluntarily subscribe
• LocalStorage only for your opt-out preference of anonymous reach measurement (umami.disabled flag). We set no cookies and no identifying trackers.

3. Purposes and Legal Basis

• Provision of the website (Art. 6(1)(f) GDPR; legitimate interest in operation/security)
• User account (Art. 6(1)(b) GDPR; contract/pre-contractual measures)
• Price alerts & notifications (Art. 6(1)(b) GDPR)
• Newsletter (Art. 6(1)(a) GDPR; consent, typically double opt-in)
• Anonymous reach measurement (Art. 6(1)(f) GDPR; legitimate interest in a cookie- and identifier-free measurement; details in §8)

4. Hosting

We host this website via Vercel. Technically necessary data (e.g., IP address, log data) is processed. Privacy Policy Vercel.

5. Authentication & Database

Login/accounts and user data are processed on Supabase. Purpose: providing features (e.g., account, saved books, price alerts). Legal basis: Art. 6(1)(b) GDPR (contract/service). Privacy Policy Supabase.

You can optionally sign in with your Google account. In that case your sign-in data is processed by Google LLC. Legal basis: Art. 6(1)(a) GDPR (consent via clicking "Continue with Google"). More information: Privacy Policy Google LLC.

6. Price Alerts & Emails

If you enable price alerts, we store the associated settings and may send you notifications (e.g., via email). Legal basis is Art. 6(1)(b) GDPR (contract/service provision).

For sending emails, we use UseSend (Self-Hosted). Privacy Policy UseSend (Self-Hosted)

7. Newsletter

If you subscribe to a newsletter, we process your email address exclusively for sending it. You can revoke your consent at any time (unsubscribe link in every email). Legal basis is Art. 6(1)(a) GDPR.

Note: The specific newsletter service provider can be configured (LEGAL_PROVIDER_NEWSLETTER_*).

8. Web Analytics

For anonymous reach measurement we use a cookieless, self-hosted analytics tool. No cookies or persistent identifiers are stored on your device. Visitors are only recognized within a single day via a server-side hash (IP + User-Agent + daily-rotating salt). Legal basis is Art. 6(1)(f) GDPR (legitimate interest in data-minimized reach measurement). You may object to this counting at any time under Tracking Settings.

Note: If you use analytics, please configure provider information in LEGAL_PROVIDER_ANALYTICS_*.

9. Affiliate/Partner Links

Our pages may contain links to merchant/marketplace sites. If you purchase via a partner link, we may receive a commission – at no extra cost to you. More information can be found under Affiliate Disclosure.

10. Cookies & Settings

We do not use a cookie banner because we do not set any cookies or trackers requiring consent. Technically necessary cookies (e.g., for login and security via Better-Auth) are set only for operation and are exempt from §25 TDDDG. Our anonymous reach measurement writes nothing to your device.

11. Storage Duration

We store personal data only as long as necessary for the stated purposes or as required by legal retention obligations. Account data can be deleted (where possible); price alerts can be deactivated/deleted.

12. Your Rights

You have the right to information, correction, deletion, restriction of processing, data portability, and objection to certain processing. For consent-based processing, you can revoke your consent at any time with effect for the future.

13. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. Generally, the authority of your usual place of residence or our company location is responsible.