Legal
Privacy policy
This privacy policy explains which personal data is processed when you use smtyyy.de, for what purposes this happens, and which rights you have in this context.
1. Controller
Dan Schmid trading as smtyyy
Wesendonkstraße 35
81925 München
Germany
Email: legal@smtyyy.de
2. Scope
This privacy policy applies to smtyyy.de, including the localized pages, the contact form, consent handling, voluntary contributions, the self-service management of monthly support, and the related email communication.
It does not apply to separate product websites or applications such as weniger.smtyyy.de where separate privacy information is provided.
3. Website delivery and server logs
When you access the website, my hosting provider processes technically necessary connection data, in particular IP address, timestamp, requested URL, referrer, user agent, and status codes.
This data is used to deliver the website, maintain system security, analyse errors, and defend against misuse or attacks.
smtyyy.de currently does not show visible ads and does not use marketing cookies.
4. Contact form, back office, and Cloudflare Turnstile
When you use the contact form, I process your name, email address, subject, message, locale, time of entry, and technical anti-abuse signals.
The anti-bot protection is provided by Cloudflare Turnstile. Related Cloudflare requests are loaded only after you interact with the form.
Incoming messages are documented in the internal back office, assigned to the responsible role mailbox, and answered from there.
5. Voluntary contributions, Stripe Checkout, and payment emails
If you use the donation feature, an embedded Stripe checkout is loaded within the website or, where the selected payment method requires it, continued for individual steps on Stripe or the respective payment service.
This may involve processing the selected amount, payment and mandate details, technical connection data, contact and confirmation data, invoice or receipt data, and customer, subscription, or status data to the extent required for one-time or recurring contributions, fraud prevention, payment confirmations, receipts, refunds, disputes, accounting, and the management of ongoing support.
For recurring contributions, Stripe can also send official payment-related emails such as payment confirmations, renewal reminders, invoices, or notifications about failed collection attempts.
In addition, smtyyy.de may send short transactional emails, in particular for a successful one-time contribution, the start of monthly support, secure management links, and confirmations about scheduled or immediate cancellation.
If you use the self-service management for monthly support, I compare the email address entered there with existing Stripe customer and subscription data so I can send a secure management link where a matching active support exists. The response shown in the form intentionally remains generic.
Payment handling takes place primarily through Stripe. Depending on the selected payment method, additional payment providers, wallet operators, banks, or card networks may also be involved, for example for PayPal, Apple Pay, Google Pay, Link, SEPA Direct Debit, or Pix.
Stripe privacy notice: https://stripe.com/privacy
6. Optional audience measurement with Google Analytics 4
Google Analytics 4 is loaded only after your explicit consent.
I use a privacy-conscious configuration with IP anonymisation, disabled Google Signals, and disabled ad personalisation signals.
The website remains fully usable without consent.
7. Browser storage and similar technologies
"smtyyy-theme-preference" is stored in localStorage when you choose a theme. It remains there until you change or delete it in your browser.
"smtyyy-consent-choice" is stored in localStorage so the site can remember your analytics decision. It remains there until you change or delete it.
"smtyyy-locale-scroll-context" is written to sessionStorage only when you switch language versions so the target page can restore your approximate scroll position. It ends with the browser session.
The embedded Stripe checkout and secure Stripe management pages can also use technically necessary storage access or similar technologies by the payment provider where required for rendering, security, support management, and payment handling.
8. Recipients and processors
Hosting: Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany.
Email infrastructure, mailbox hosting, and delivery of transactional support or management emails: STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany.
Payment handling for voluntary contributions: Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Self-service management of monthly support, including the Customer Portal and official payment emails: Stripe, Inc. and/or Stripe Payments Europe, Limited, depending on the service and region involved.
Depending on the selected payment method, the respective payment providers, wallet operators, banks, and card networks may also receive data as additional recipients or act under their own responsibility.
Optional audience measurement: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Contact-form bot protection: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.
9. Transfers to third countries
For Stripe, Cloudflare Turnstile and, depending on the selected payment method, additional payment providers or wallet operators, personal data may also be transferred to or processed in third countries, especially in the United States. The same can apply to Google Analytics 4 when enabled with consent.
Where an adequacy decision of the European Commission exists, I rely on that mechanism. Otherwise I rely on Article 46 GDPR, in particular on EU standard contractual clauses and supplementary safeguards provided by the respective providers.
Further information about the safeguards that apply in each case and the possible recipients is available in the privacy information of the providers involved.
Even so, a level of data protection equivalent to the EU cannot be guaranteed in every case outside the EU or EEA.
10. Storage periods
Operational and error logs for the homepage are kept only briefly and are rotated regularly.
Contact enquiries submitted through the website form and the related correspondence are generally deleted twelve months after the last activity unless a statutory retention obligation or a documented retention reason requires further storage.
Information about voluntary contributions, recurring support, management requests, and transactional payment or cancellation emails is stored where necessary for reliable processing, anti-abuse safeguards, support handling, and compliance with accounting and tax retention obligations.
Browser storage ends when you delete the entry, change the relevant setting, or close the session, depending on the purpose.
11. Legal bases
Section 25(2) no. 2 TDDDG and Article 6(1)(f) GDPR for technically necessary storage access, website delivery, security measures, and restoring the scroll position when switching languages.
Article 6(1)(b) GDPR where your enquiry relates to a contract or pre-contractual measures.
Article 6(1)(f) GDPR for other contact enquiries, internal back-office handling, and anti-abuse measures.
Section 25(2) no. 2 TDDDG and Article 6(1)(b) GDPR for technically required payment steps and the embedded checkout or self-service management flow that you actively start.
Article 6(1)(b) GDPR for transactional payment and management emails where they are needed to process, confirm, or end ongoing support.
Article 6(1)(f) GDPR for fraud prevention, security interests, generic responses to management requests, avoiding duplicate notifications, and the reliable delivery of transactional emails.
Article 6(1)(c) GDPR for statutory accounting, retention, and evidence obligations.
Section 25(1) TDDDG and Article 6(1)(a) GDPR for Google Analytics 4 after your explicit consent.
12. Your rights
Subject to the statutory requirements, you have the right of access, rectification, erasure, restriction of processing, data portability, and objection.
You may withdraw any consent at any time with effect for the future.
13. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.