Home/Privacy Policy

Privacy Policy

Last updated: April 2, 2026

1. Controller

The controller responsible for the processing of personal data on this website, within the meaning of the General Data Protection Regulation (GDPR), is:

Aliniyaz Mamat (BriefWizard)
Gustav-Heinemann-Ring 131, 81739 München, Germany
E-mail: kontakt@briefwizard.de

2. What Data We Collect and Why

2.1 Website Scans

When you submit a URL for scanning, we store the following data in our database:

  • The URL you submitted
  • Scan results (detected builder, CMS, technologies, hosting provider, AI probability)
  • Your IP address (for rate limiting and abuse prevention)
  • Your browser’s User-Agent string (for bot detection)
  • A screenshot of the scanned website (URL reference, not raw image data)
  • Timestamp of the scan

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing the scanning service, preventing abuse, and maintaining service integrity.

2.2 User Accounts

If you register for an account (e.g. to access the developer API), we store:

  • E-mail address
  • Password (hashed with bcrypt — never stored in plain text)
  • API keys you generate
  • Account creation and last login timestamps

Legal basis: Art. 6(1)(b) GDPR — performance of the contract with you.

2.3 Browser Extension

The browser extension analyses the active tab only when you explicitly trigger a scan. It sends the current page URL to our scan API. No browsing history is collected, and no data is transmitted without your interaction.

2.4 Contact Enquiries

If you contact us by e-mail, we process your e-mail address and the content of your message to respond to your enquiry. Data is deleted once the conversation is concluded and no legal retention obligations apply.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in handling enquiries.

2.5 Analytics

We use Vercel Analytics to collect aggregated, anonymised traffic statistics (page views, referrers, country-level data). No cookies are set, and no personal identifiers are stored.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding usage patterns to improve the Service.

3. Third-Party Service Providers

We use the following third-party processors to operate the Service. Where providers are based outside the EU/EEA, data transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.

ProviderPurposeLocation
Vercel Inc.Website hosting & edge networkUSA (SCCs)
Supabase Inc.Database (PostgreSQL)USA (SCCs)
Anthropic PBCAI-generated site descriptions (Claude API)USA (SCCs)
Resend Inc.Transactional e-mail deliveryUSA (SCCs)
Stripe Inc.Payment processing (paid plans)USA (SCCs)

We do not sell personal data to any third party.

4. Cookies and Session Storage

We use cookies only where strictly necessary:

  • Session cookie (next-auth) — set when you log in to your account or the admin dashboard. Contains an encrypted session token. Expires when you close your browser or after 30 days if “Remember me” is selected.

No advertising, tracking, or third-party cookies are used. No consent banner is required for strictly necessary cookies.

5. Data Retention

  • Scan records — retained indefinitely as anonymised technical data. IP addresses in scan records are not linked to personal accounts and are used solely for rate limiting.
  • User accounts — retained for as long as the account is active. You may request deletion at any time (see Section 6).
  • E-mail correspondence — deleted once the enquiry is resolved, unless a longer retention period is required by law.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of the data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”).
  • Right to restriction (Art. 18) — request that we limit how we process your data.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interest.

To exercise any of these rights, contact us at kontakt@briefwizard.de. We will respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach.

7. Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption for all data in transit, bcrypt password hashing, and database access restricted to authorised infrastructure only.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Last updated” date at the top of the page will always reflect the most recent revision. For significant changes, we will notify registered users by e-mail.

9. Contact

For all privacy-related enquiries: kontakt@briefwizard.de

See our Impressum for full contact and legal details.