Privacy Policy

Last updated: May 9, 2026

1. Introduction

FilingIQ GbR ("FilingIQ," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the FilingIQ platform, website, and related services (the "Service").

We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable German data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of your personal data is:

FilingIQ GbR
Niklas Feldmann & Thomas Kraaibeek
Wienburgstr. 23, 48147 Münster, Germany
legal@filingiq.io

For all privacy-related inquiries, please contact us at legal@filingiq.io.

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Data

When you create an account, we collect:

  • Email address
  • Hashed password credentials (we never store plaintext passwords)
  • Account creation date and last login timestamp

3.2 Usage Data

When you use the Service (web application), we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

On our landing page (filingiq.io) we use a self-hosted instance of Plausible Analytics for privacy-friendly traffic measurement. Plausible does not use cookies, does not store anything on your device, and does not collect personal identifiers. The data processed (page views, referrer, country, browser and device type) is aggregated and stored on EU-based infrastructure operated by FilingIQ GbR. No data is transmitted to third-party analytics providers from the landing page.

3.3 Financial Preferences

When you configure the Service, we store:

  • Watchlist selections and ticker preferences
  • Alert settings and notification preferences
  • Custom filter and view configurations

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Account management and authentication: To create and manage your account, verify your identity, and maintain account security.
  • Service delivery and personalization: To provide, maintain, and improve the Service, including personalized features such as watchlists and alerts.
  • Billing and subscription management: To process payments and manage subscriptions when these features are implemented in the future.
  • Fraud prevention and security: To detect, prevent, and respond to security incidents, fraud, or other malicious activity.
  • Service improvement and analytics: To analyze usage patterns, diagnose technical issues, and improve the Service.

5. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications. Where consent is the basis, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7(3) GDPR).
  • Contract performance (Art. 6(1)(b)): Where processing is necessary for the performance of a contract with you, including account management and service delivery.
  • Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests, such as improving the Service, ensuring security, preventing fraud, and measuring aggregate website traffic with our self-hosted Plausible Analytics instance. These interests do not override your fundamental rights and freedoms; you may object at any time under Art. 21 GDPR.

6. Data Sharing

We do not sell your personal data to third parties. We may share limited data with the following categories of service providers, solely for the purposes described in this policy:

  • Payment processor: When subscription billing is implemented, payment data will be processed by a third-party payment provider. We will not store full credit card numbers on our servers.
  • Email service provider (MailerSend, EU): For transactional emails such as account verification, password resets, and service notifications. MailerSend is operated by MailerSend, Inc. and processes email content on EU-based infrastructure (ISO 27001 certified data center, Belgium). Data is processed under our Data Processing Agreement and Standard Contractual Clauses. Added April 2026, replacing Resend.
  • Analytics (PostHog Cloud, EU): Our web application uses PostHog Cloud hosted on EU-based infrastructure for usage analytics. PostHog is configured to not store IP addresses or other personal identifiers. Data is processed by PostHog Inc. on EU-based infrastructure in accordance with their privacy policy and our Data Processing Agreement. PostHog is not used on our landing page.
  • Analytics (Plausible, self-hosted): Our landing page (filingiq.io) uses Plausible Analytics on infrastructure self-hosted by FilingIQ GbR in the EU. Plausible does not use cookies, does not store data on your device, does not generate persistent identifiers, and does not track users across websites. Aggregate page-view data is processed on our own server and is never transmitted to a third party. No Data Processing Agreement is required because no third-party processor is involved.
  • Error reporting (Sentry, EU): Our web application and API use Sentry (Functional Software Inc., EU region) to capture unhandled errors and exceptions so we can diagnose bugs quickly. Sentry receives your user ID, browser version, operating system, URL where the error occurred, and a stack trace. We do not send passwords, API keys, or other secrets to Sentry — the SDK is configured to scrub these fields automatically. Sentry data is hosted on EU-based infrastructure. Added April 2026.

We may also disclose personal data if required to do so by law, court order, or governmental request.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for as long as your account is active. Upon account deletion, your data will be removed within 30 days.
  • Usage data: Retained for a maximum of 24 months, after which it is automatically deleted or anonymized.
  • Financial preferences: Deleted when you remove them or upon account deletion.

You may request deletion of your personal data at any time by contacting us at legal@filingiq.io, or by using the in-app account deletion button once your account is active. Deletion completes immediately — within minutes of the request — well within the 30-day GDPR SLA required by Article 17(1). When you delete your account, we erase every row of personal data we hold about you across all user-scoped database tables in a single atomic transaction; audit-trail records such as invitation provenance are anonymized (the deleted user's identifier is replaced with the literal value deleted-user) rather than removed, so the integrity of the invite flow is preserved without retaining any PII.

You may also download a complete copy of your personal data at any time via the in-app data export endpoint (Article 15 — right of access + Article 20 — right to data portability). The export is delivered as a single JSON file containing your account profile, watchlists, preferences, alert settings, notifications, push-notification device metadata, feedback you have submitted, and invitations you have received.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20): You may request a machine-readable copy of your personal data for transfer to another service.
  • Right to restriction of processing (Art. 18): You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw that consent at any time by contacting us at legal@filingiq.io.

To exercise any of these rights, please contact us at legal@filingiq.io. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Landesbeauftragte fur Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

9. International Transfers

Your personal data is processed and stored within the European Union. Our application servers are hosted by Hetzner in Germany, our landing page analytics (Plausible) is self-hosted by FilingIQ GbR in the EU, and our web application analytics (PostHog) is processed on EU-based infrastructure. We do not transfer landing-page analytics data to any third country.

For any transfers of data outside the EU/EEA that may arise from other service providers (e.g. payment processing in the future), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure password hashing using industry-standard algorithms.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and monitoring.
  • Automated backups with encrypted storage.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. For significant changes, we may also notify you via email.

12. Contact

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

FilingIQ GbR
Niklas Feldmann & Thomas Kraaibeek
Wienburgstr. 23, 48147 Münster, Germany
legal@filingiq.io