finifun
en
/de
/fr
/es
← Back to finifun

Privacy Policy

Last updated: 12 May 2026

In case of inconsistency between language versions, the German version prevails.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Pesché Design – Atelier für Marken & Kommunikation
Emanuela Pesché

Leimengrubweg 6
77716 Haslach
Germany

Email: hello@finifun.app

2. General notes on data processing on finifun

finifun is designed as a data-minimal application. We deliberately avoid tracking, analytics cookies, advertising, and account systems. Only data strictly required for technical operation, payment processing, or restoring Premium status is processed.

3. Server log files

When you access the website, our hosting provider (see point 7) automatically stores data in so-called server log files, which your browser transmits:

  • IP address
  • date and time of access
  • page accessed
  • browser and operating system used
  • referrer URL

This data is technically required to deliver the website and to defend against attacks.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a stable operation).

Log data is deleted or anonymised after no more than 30 days.

4. Local storage

finifun stores the following information on your device in so-called local storage:

  • finifun_premium – whether you have activated Premium features

This storage is strictly necessary under § 25 (2) no. 2 TDDDG so that your Premium content remains available. No transmission to us or third parties takes place. You can delete this data at any time in your browser settings.

5. Purchase of finifun Premium

Purchases of finifun Premium content are processed through our payment provider Paddle. Paddle acts as the seller (Merchant of Record) and is responsible for the entire payment processing, invoicing, and tax handling.

Provider: Paddle.com Market Limited, Judd House, 18–29 Mora Street, London EC1V 8BT, United Kingdom.

The data processing in connection with the purchase (name, payment data, email address, billing address, and other data required for tax purposes) takes place directly between you and Paddle. From Paddle, we only receive the following data back:

  • your email address
  • a transaction ID

We use these to associate your Premium purchase and to enable a restore of your Premium status upon request (see point 6).

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

Paddle has its own privacy policy: https://www.paddle.com/legal/privacy

6. Premium restore (Magic Link)

If you have purchased finifun Premium and want to activate it on a new device, you can do this via email-based restore. You enter your email address in the corresponding form. We check whether this address is linked to a purchase made through Paddle and, if so, send you a restore link by email.

Data processed:

  • email address
  • language (for email localisation)
  • temporary security token

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

Retention:

The security token automatically expires and is deleted after 24 hours. The email address is stored for as long as we should be able to enable Premium restore for you. You can request deletion at any time by an informal email to hello@finifun.app.

Emails are sent through our processor Resend (see point 7).

7. Processors and services used

We use the following service providers to operate the website. Data processing agreements (DPA / AVV) under Art. 28 GDPR have been concluded with all of them:

Hosting and Backend: Lovable Cloud

Lovable AB, Stockholm, Sweden. Lovable Cloud provides the website, backend, database, authentication, and server-side functions.

Sub-processors of Lovable

Lovable engages sub-processors, in particular Supabase Inc. (USA) for the database infrastructure. Transfer to the USA is based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR). An up-to-date list of Lovable's sub-processors is available through their privacy documentation.

Transactional emails: Resend

Resend, Inc., USA. Sends restore emails. Transfer to the USA is based on the EU Standard Contractual Clauses.

Payment provider: Paddle

See point 5.

Domain and email forwarding: Netcup

Netcup GmbH, Karlsruhe, Germany.

8. External links

This website contains links to social networks (Instagram, TikTok, Pinterest, Facebook). No automatic connections or tracking pixels to these services are loaded. Only when you actively click on a link will you be taken to the respective platform; their data processing takes place exclusively under their own privacy policy.

9. Your rights

You have the right, at any time, to:

  • access the data we hold about you (Art. 15 GDPR)
  • rectify inaccurate data (Art. 16 GDPR)
  • erasure of your data (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)
  • lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, an informal email to hello@finifun.app is sufficient.

Competent supervisory authority:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de

10. Changes to this privacy policy

We reserve the right to adjust this privacy policy if the legal or technical conditions change. The current version is always available on this page.