GEOfastgeofast_

GEOfast Privacy Policy

Effective Date: October 2, 2025

1. Introduction and Controller Information

This Privacy Policy explains how we collect, use, and protect information when you use GEOfast (the "Service"). The Service is provided by two sole proprietors acting as joint controllers under Art. 26 GDPR. An internal agreement defines our respective responsibilities for data protection obligations.

Primary Controller
Glossardi — Simon Busshart
Prinzenallee 67, 13359 Berlin, Germany
Joint Controller
Furkan Yildiz
Wildmeisterdamm 254, 12353 Berlin, Germany
Data Protection Contact
For questions or to exercise your rights contact: [email protected]

2. Information We Collect

We follow the principle of data minimization and only collect what is necessary to provide and operate the Service.

  • Account Information: Your email address when you create a GEOfast account.
  • Website Information: The URL of your website to generate the JavaScript snippet required for the Service.
  • Usage Data: Anonymous or aggregated data about feature usage and interactions to improve the Service (not personal data).

3. Purposes and Legal Basis

  1. Provide the Service (Art. 6(1)(b) GDPR): Email and website URL are needed to create/manage accounts and generate your snippet.
  2. Service Communication (Art. 6(1)(b) GDPR): We use your email for technical updates and security notices.
  3. Product Information (Art. 6(1)(f) GDPR): We may send information about new features or related products based on our legitimate interests. You can object at any time.

Note: The GEOfast script processes your website's content client-side in the user's browser. We do not store a copy of your website's content on our servers.

4. Data Sharing & Sub-processors

We do not sell your data. We work with a small set of trusted providers who process data on our behalf under contractual terms.

  • Hosting: Supabase (Frankfurt, Germany) for application and DB hosting; website served from an IONOS VPS (Germany).
  • Email: Resend (USA) for transactional emails and service updates.
  • DNS & Security: Cloudflare (USA) for DNS management and security.

5. International Transfers

Data is primarily stored and processed within the EU (Germany). Where third-party services operate outside the EU (e.g., Resend, Cloudflare), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect transfers.

6. Data from Your Website's Visitors

The GEOfast JavaScript snippet is designed not to collect personal data from your visitors. It does not set tracking cookies, nor does it record IP addresses or user behavior. Its sole purpose is to read public HTML content to make it machine-readable. You remain the controller for your visitors' data.

7. Your Rights

Under GDPR you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you (Art. 15).
  • Rectification: Request correction of inaccurate or incomplete data (Art. 16).
  • Erasure: Request deletion (Art. 17).
  • Restriction: Request restriction of processing (Art. 18).
  • Objection: Object to processing, particularly for marketing (Art. 21).
  • Portability: Request data in a machine-readable format (Art. 20).

To exercise any right, contact us at [email protected].

8. Changes to This Policy

We may update this policy to reflect changes in our Service or legal requirements. Significant changes will be communicated by email. Please review this policy periodically.

GEOfast Privacy Policy