Privacy Policy

Last updated: March 6, 2026

1. Introduction

FilingIQ GbR ("FilingIQ," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the FilingIQ platform, website, and related services (the "Service").

We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable German data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of your personal data is:

FilingIQ GbR
Niklas Feldmann & Thomas Kraaibeek
Wienburgstr. 23, 48147 Munster, Germany
legal@filingiq.io

For all privacy-related inquiries, please contact us at legal@filingiq.io.

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Data

When you create an account, we collect:

  • Email address
  • Hashed password credentials (we never store plaintext passwords)
  • Account creation date and last login timestamp

3.2 Usage Data

When you use the Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

3.3 Financial Preferences

When you configure the Service, we store:

  • Watchlist selections and ticker preferences
  • Alert settings and notification preferences
  • Custom filter and view configurations

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Account management and authentication: To create and manage your account, verify your identity, and maintain account security.
  • Service delivery and personalization: To provide, maintain, and improve the Service, including personalized features such as watchlists and alerts.
  • Billing and subscription management: To process payments and manage subscriptions when these features are implemented in the future.
  • Fraud prevention and security: To detect, prevent, and respond to security incidents, fraud, or other malicious activity.
  • Service improvement and analytics: To analyze usage patterns, diagnose technical issues, and improve the Service.

5. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications or non-essential cookies.
  • Contract performance (Art. 6(1)(b)): Where processing is necessary for the performance of a contract with you, including account management and service delivery.
  • Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests do not override your fundamental rights and freedoms.

6. Data Sharing

We do not sell your personal data to third parties. We may share limited data with the following categories of service providers, solely for the purposes described in this policy:

  • Payment processor: When subscription billing is implemented, payment data will be processed by a third-party payment provider. We will not store full credit card numbers on our servers.
  • Email service provider (Resend): For transactional emails such as account verification, password resets, and service notifications.
  • Analytics (PostHog, self-hosted): We use a self-hosted instance of PostHog for usage analytics. Since it is self-hosted on our own infrastructure, your data is not shared with PostHog Inc. or any other third party for analytics purposes.

We may also disclose personal data if required to do so by law, court order, or governmental request.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for as long as your account is active. Upon account deletion, your data will be removed within 30 days.
  • Usage data: Retained for a maximum of 24 months, after which it is automatically deleted or anonymized.
  • Financial preferences: Deleted when you remove them or upon account deletion.

You may request deletion of your personal data at any time by contacting us at legal@filingiq.io.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20): You may request a machine-readable copy of your personal data for transfer to another service.
  • Right to restriction of processing (Art. 18): You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests.

To exercise any of these rights, please contact us at legal@filingiq.io. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Landesbeauftragte fur Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

9. International Transfers

Your personal data is primarily processed and stored within the European Union. Our servers are hosted by Hetzner in Germany, ensuring that your data remains within the EU jurisdiction.

In the event that data is transferred outside the EU, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure password hashing using industry-standard algorithms.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and monitoring.
  • Automated backups with encrypted storage.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. For significant changes, we may also notify you via email.

12. Contact

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

FilingIQ GbR
Niklas Feldmann & Thomas Kraaibeek
Wienburgstr. 23, 48147 Munster, Germany
legal@filingiq.io