RETURN TO HOME

Privacy Policy

Last Updated: 09.12.2025

This Privacy Policy explains how I, Timo Zürner, process personal data when you use my website, API, or related services (“Services”). I act as the data controller.

Controller Contact Information

Timo Zürner
c/o IP-Management #2193
Ludwig-Erhard-Straße 18
20459 Hamburg
📧 [email protected]

1. Personal Data I Collect

I collect only the personal data necessary to operate and secure my Services.

1.1 Account & API Key Data

When you register or request an API key, I collect:

  • Email address
  • User ID
  • API key generated for your account

Purpose:

  • Creating and managing API keys
  • Authentication and service access
  • Transactional communication
  • Marketing emails (only with your consent)

Legal basis:

  • Art. 6(1)(b) GDPR – performance of a contract
  • Art. 6(1)(a) GDPR – consent (for marketing)

1.2 Server Logs & API Logs

When you access the Services, the following data may be processed automatically:

  • IP address
  • Browser/client information
  • Date and time of each request
  • Requested endpoint
  • API key used
  • General device metadata (Cloudflare/Vercel)

Purpose:

  • Security and fraud prevention
  • API abuse detection
  • Rate-limiting and usage monitoring
  • Debugging operational issues
  • Ensuring availability of the service

Legal basis:

  • Art. 6(1)(f) GDPR – legitimate interests (secure operation)

Retention:

  • API logs: up to 1 Year
  • Server logs: provider-specific retention (typically 7–30 days)

1.3 Marketing & Newsletter Data

When you subscribe, I collect and process:

  • Email address
  • Subscription status
  • Email engagement statistics (optional, via MailerLite)

Purpose:

  • Sending newsletters and updates
  • Managing your subscription

Legal basis:

  • Art. 6(1)(a) GDPR – your consent. You can unsubscribe at any time via the link in any newsletter.

1.4 Non-Personal Data: AIS Data Processed with AI

My AI models process AIS vessel movement data only. This involves no personal data of users.

To clarify:

  • AIS data processed by AI is not personal data about natural persons using my website or API.
  • Your personal data (email, IP address, logs) is never used to train, improve, or run AI models.
  • All AI processing is restricted to non-user operational data.

2. Is Providing Personal Data Required? (GDPR Art. 13(2)(e))

  • Providing your email address is necessary to create an account and obtain an API key.
  • Without this information, you cannot use authenticated parts of the Service, including the API.
  • Visiting the public website is possible without creating an account.
  • Providing your email for marketing is voluntary, and you may withdraw consent at any time.

3. Cookies

My website may use technical cookies provided by Vercel and Cloudflare for:

  • Security (bot protection, WAF)
  • Routing and caching
  • Performance optimization

No advertising or behavioral tracking cookies are used.

4. Why I Process Your Data

I process personal data for:

  • Providing and maintaining the Services
  • Creating and securing API keys
  • Monitoring usage and preventing abuse
  • Sending transactional or marketing emails
  • Operating server infrastructure
  • Legal obligations

I do not sell personal data.

5. Service Providers (Processors)

Your data may be processed by carefully selected partners who act as data processors. They process your data only according to my instructions and under GDPR-compliant agreements.

5.1 Hosting, CDN & Infrastructure

Cloudflare, Inc.

Used for DNS, CDN, caching, performance optimization, and security.

Privacy Policy | DPA (incl. SCCs)

Vercel, Inc.

Website hosting, serverless functions, logging, request routing.

Privacy Policy | DPA (incl. SCCs)

Netcup GmbH

German-based hosting provider (EU).

Privacy Policy

DigitalOcean LLC

Infrastructure hosting and compute instances.

Privacy Policy | DPA (incl. SCCs)

Elestio

Used for server management and deployment automation.

Privacy Policy | Terms (includes GDPR commitment)

5.2 Email Delivery & Marketing

MailerLite UAB

Handles marketing and transactional email delivery.

Privacy Policy | DPA (incl. SCCs) | Subprocessors

6. International Data Transfers

Some processors may operate outside the EU/EEA.

Transfers are protected by:

  • Standard Contractual Clauses (SCCs)
  • Each provider’s Data Processing Agreement
  • Additional technical and organizational measures

This ensures GDPR-level protection regardless of location.

7. Data Retention

  • Account data (email, API key): kept until deletion request
  • API logs: up to 90 days
  • Server logs: provider-specific
  • Marketing emails: kept until you unsubscribe

Data is deleted or anonymized once no longer necessary.

8. Automated Decision-Making

In accordance with Art. 22 GDPR, I confirm:

"I do not use automated decision-making or profiling that produces legal or similarly significant effects concerning you."

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time
  • Receive your data in a portable format

To exercise your rights, email: [email protected]

You may also lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).

10. Children’s Privacy

The Services are not intended for children under 18. I do not knowingly collect personal data from minors.

11. Changes to This Policy

If I change how personal data is processed, I will update this Privacy Policy and adjust the date above.

12. Contact

Timo Zürner
Example Street 12
12345 Vienna
Austria

📧 [email protected]