π Privacy Policy
Effective: May 2026 Β· Version 1.0
The US Aktien Screener is provided solely for informational and analytical purposes. No license under the Austrian WAG 2018.
1. Controller (Art. 4 No. 7 GDPR)
Robert Thalhammer Β· Sole proprietor
Grabengasse 13/3/2 Β· 2630 Ternitz Β· Lower Austria, Austria
Email: info@us-aktien-screener.com
Website: https://us-aktien-screener.com
No legal obligation to appoint a Data Protection Officer.
2. What data is processed?
2.1 Login data (Magic-Link)
- Email address (required)
- Internal user ID (UUID)
- Magic-Link token (max. 60 minutes lifetime)
- Access/refresh JWT tokens (in Streamlit session)
2.2 Usage data (table screening_usage)
user_id, used_at, tier_at_use, stocks_scanned, hits_count. Purpose: free-tier limit check, abuse prevention.
2.3 Subscription & payment data (table user_profiles)
tier, payment_subscription_id, payment_transaction_id, timestamps. Credit card data is never stored β all payment via Lemon Squeezy or Paddle.
2.4 Server log files
IP address, timestamp, page, referrer, browser. Auto-deleted after max. 7 days.
3. Legal bases
| Purpose | Legal basis |
|---|---|
| Magic-Link login | Art. 6 (1) (b) GDPR (contract performance) |
| Subscription + tier | Art. 6 (1) (b) GDPR |
| Payment processing | Art. 6 (1) (b) GDPR |
| Free-tier limit check | Art. 6 (1) (b) GDPR |
| Server log files | Art. 6 (1) (f) GDPR (legitimate interest, IT security) |
| Invoice retention | Art. 6 (1) (c) GDPR (BAO Β§ 132) |
4. Recipients and processors
Supabase β database + auth, server region Frankfurt (eu-central-1), DPA in place. supabase.com/privacy
Lemon Squeezy / Paddle β payment Merchant of Record. lemonsqueezy.com/privacy Β· paddle.com/legal/privacy
Render β web-app hosting, Frankfurt EU. render.com/privacy
IONOS β landing page + email, Germany. ionos.de/terms-privacy
Yahoo Finance, Finnhub, Wikipedia β external stock data sources. No personal user data is transmitted to them.
5. Retention periods
| Category | Retention |
|---|---|
| Email, user ID | as long as account exists |
| Active subscription | as long as active |
| Closed subscriptions / invoices | 7 years (BAO Β§ 132) |
| Usage logs | 12 months rolling |
| Magic-Link tokens | max. 60 minutes |
| Server logs | max. 7 days |
6. Third-country transfer
Main processors (Supabase, Render, IONOS) are in the EU. If Lemon Squeezy is used, US transfer is based on the EU-US Data Privacy Framework and SCCs (Art. 46 GDPR). Lemon Squeezy is DPF-certified.
7. Your rights as a data subject
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17)
- Restriction (Art. 18), portability (Art. 20), objection (Art. 21)
- Withdraw consent at any time
To exercise: simple email to info@us-aktien-screener.com. Response within 30 days.
8. Right to lodge a complaint
Austrian Data Protection Authority
Barichgasse 40β42, 1030 Vienna, Austria Β· www.dsb.gv.at
9. No automated decision-making (Art. 22 GDPR)
No automated decision-making or profiling within the meaning of Art. 22 GDPR. The filters are pure data displays based on user-chosen metrics.
10. Cookies and tracking
No tracking or advertising cookies. Only technically necessary Streamlit session cookies (no consent required under Β§ 165 (3) TKG 2021). No Google Analytics, Meta Pixel etc.
11. Data security
- HTTPS / TLS for all connections
- Row Level Security in Supabase β users only see their own data
- Passwordless authentication (Magic Link)
- EU hosting (Frankfurt)
12. Changes to this Privacy Policy
Material changes are communicated by email. Current version always available via the "Privacy" footer link.
Effective: May 2026 Β· Version 1.0