# Privacy Policy

Last updated: March 9, 2026

## 1. Introduction

This Privacy Policy explains how Fueling Optimizer ("we", "us", "our") collects, uses, stores, and shares personal data when you use our service ("Service").

Controller:

- Yannikwuenker / Fueling Optimizer
- Loevenicher Weg 2b, 50933 Koeln, Germany
- Email: mail@yannikwuenker.de

## 2. Data We Collect

We collect and process the following categories of data:

- Account data: email address, authentication metadata, session identifiers.
- Profile and preference data: language and calculator defaults/preferences.
- Input and calculation data: values submitted to fueling calculators and generated recommendation outputs.
- Technical data: IP address, user agent, timestamps, request logs, error logs.
- Payment/subscription metadata (if applicable): entitlement and transaction status data from payment providers.

We do not intentionally request special categories of personal data. Please do not submit health data beyond what is necessary for fueling calculations.

## 3. How We Use Data

We use data to:

- provide and maintain the Service;
- authenticate users and secure accounts;
- process fueling calculations and save preferences;
- enforce access controls and subscription entitlements;
- monitor, debug, and improve reliability and performance;
- comply with legal obligations and enforce terms.

## 4. Legal Bases (Where Applicable)

For users in the EEA/UK, we process data on one or more legal bases under Art. 6 GDPR:

- performance of a contract (Art. 6(1)(b)) for account, login, and core calculator/service functionality;
- legitimate interests (Art. 6(1)(f)) for security, abuse prevention, and service stability;
- legal obligations (Art. 6(1)(c)) for legal retention and compliance duties;
- consent (Art. 6(1)(a)) where legally required.

## 5. Cookies and Similar Technologies

The Service uses only essential cookies/tokens required for operation, including:

- `session` (or configured equivalent): authentication session state;
- `csrf_token` (or configured equivalent): CSRF protection for form/API requests.

Without these, core authenticated and form-based features may not function.
No advertising cookies are used by default.

## 6. Sharing of Data

We may share data with:

- infrastructure and hosting providers;
- database, analytics, logging, and monitoring providers;
- payment processors (for subscription handling);
- transactional email providers (for account confirmation and onboarding email);
- legal authorities when required by law.

Current sub-processors used by the Service stack can include (depending on enabled configuration): Stripe (payments), Resend (transactional email), and Vercel (hosting/runtime).

We do not sell personal data.

## 7. International Transfers

Your data may be processed in countries other than your own.
Where required, we implement appropriate safeguards for cross-border transfers.

## 8. Data Retention

We retain personal data only as long as needed for the purposes described in this policy, including security, legal, accounting, and dispute-resolution needs.

Typical retention logic:

- account data: until account deletion request and completion of required legal retention;
- authentication/session and security logs: short-term operational retention;
- saved preferences and calculator records tied to an account: until deletion request or account deletion;
- payment/subscription records: according to tax/accounting retention duties.

Exact retention can vary based on legal requirements and active provider configuration.

## 9. Security

We use reasonable technical and organizational measures to protect personal data.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

## 10. Your Rights

Subject to applicable law, you may have rights to:

- access your personal data;
- correct inaccurate data;
- delete data;
- restrict or object to processing;
- data portability;
- withdraw consent where processing is based on consent.

You may also have the right to lodge a complaint with a supervisory authority.
For North Rhine-Westphalia (Germany), the competent authority is generally the LDI NRW.

## 11. Children's Privacy

The Service is not directed to children or minors.
We do not knowingly collect personal data from children without an appropriate legal basis and parental authorization where required.

## 12. Changes to This Policy

We may update this Privacy Policy from time to time.
We will post the updated version with a revised "Last updated" date.

## 13. Contact

For privacy requests or questions, contact:

- Email: mail@yannikwuenker.de
- Address: Loevenicher Weg 2b, 50933 Koeln, Germany