Privacy Policy
Last updated: March 2026
1. Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
WealthCompass
(Details as per Impressum)
Email: wealthcompass.contact@gmail.com
A Data Protection Officer has not been appointed as the conditions under Art. 37 GDPR are not met.
2. Information We Collect
2.1 Account Data
When you create an account, we collect your email address and display name. If you sign in with Google, we additionally receive your name and profile picture from Google.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — providing your user account).
2.2 Payment Data
Payment information is processed directly by Stripe and never touches our servers. We only store your Stripe customer ID and subscription status.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — subscription processing).
2.3 Usage Data
We track your reading progress (which articles you have read) to personalize your dashboard.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — delivering personalized content).
2.4 Analytics Data
With your consent, we use Vercel Analytics and Vercel Speed Insights to understand website performance and usage patterns. These services collect anonymized page views and web vitals metrics. No third-party tracking or advertising cookies are used.
Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25 TTDSG. You may withdraw your consent at any time by clearing your cookie preferences in your browser.
3. How We Use Your Information
- Providing and maintaining your account
- Processing subscriptions and payments
- Tracking your reading progress
- Sending transactional emails (e.g., password resets)
- Improving our website (with consent only)
We do not sell your data to third parties.
4. Data Storage & International Transfers
Your data is processed by the following third-party providers located in the United States:
- Supabase (hosted on AWS) — account data, reading progress, profile information
- Stripe — payment processing and subscription management
- Vercel — website hosting, analytics and performance monitoring (with consent only)
- Upstash — rate limiting for abuse protection
Transfers to the US are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR) and/or the EU-U.S. Data Privacy Framework (adequacy decision under Art. 45 GDPR). Data processing agreements pursuant to Art. 28 GDPR are in place with all processors.
Passwords are hashed and never stored in plaintext.
5. Cookies & Tracking
| Cookie | Purpose | Type |
|---|---|---|
| wealthcompass-auth | Authentication & session | Essential |
| wealthcompass-cookie-consent | Stores cookie preference | Essential |
| Vercel Analytics | Anonymized usage statistics | Analytics (consent) |
6. Data Retention
- Account data: Until you delete your account.
- Payment data: In accordance with legal retention periods (up to 10 years under German fiscal law).
- Reading progress: Until you delete your account.
- Analytics data: Anonymized, retained per Vercel’s policies.
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15 GDPR) — You may request information about your stored data.
- Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR) — You may request deletion of your data.
- Right to restriction (Art. 18 GDPR) — You may request restriction of processing.
- Right to data portability (Art. 20 GDPR) — You may receive your data in a machine-readable format.
- Right to object (Art. 21 GDPR) — You may object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7 Abs. 3 GDPR) — You may withdraw any consent at any time (e.g., analytics). Withdrawal does not affect the lawfulness of prior processing.
- Right to lodge a complaint (Art. 77 GDPR) — You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).
8. Automated Decision-Making
No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.
9. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be posted on this page and the last-updated date above will be adjusted.
10. Contact
For privacy-related inquiries, contact us at wealthcompass.contact@gmail.com