Privacy Policy
This policy describes precisely which services we use and what happens to your data.
1. Data Controller
Floxa
Owner Paul Ler
Washingtonring 14
71686 Remseck am Neckar
Germany
Email: hello@floxa.de
2. Hosting (Vercel)
This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. It is served from the Frankfurt region (fra1). When you access the site, Vercel processes technically necessary server log data: IP address, date and time, page accessed, browser type and operating system.
The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in the secure and reliable provision of the website. A data processing agreement is in place with Vercel. As Vercel is a US company, transfer of data to the USA cannot be ruled out; such transfers are safeguarded by Standard Contractual Clauses. Vercel's privacy policy
3. Contact Form
When you use our contact form, we process the data you provide: name, email address, optionally company and website, and your message.
The legal basis is Art. 6(1)(b) GDPR, as processing is necessary to answer your enquiry and to take steps prior to entering into a contract. We deliberately do not ask for consent: we need the data in order to reply to you.
Your enquiry is processed in two places: it is stored in our database (see section 4) and additionally delivered to us by email (see section 5).
Retention: if your enquiry does not lead to a working relationship, we delete the data no later than six months after the last contact. If it does, the periods in section 4 apply.
4. Database and Client Portal (Supabase)
We use Supabase (Supabase, Inc., 970 Toa Payoh North, Singapore) for our database and client portal login. The data is stored exclusively in the eu-central-1 region (Frankfurt am Main, Germany).
Processed there: contact form enquiries, contact and project data of our clients, and the tasks within a project. The legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures).
The client portal is passwordless: to sign in, we send a one-time link to your email address. Technically necessary cookies are set to maintain your session (see section 7).
Retention: we store client and project data for the duration of the working relationship. Afterwards we delete it, unless statutory retention periods apply (in particular commercial and tax law, up to 10 years).
5. Email Delivery (Resend)
We use Resend (Plus Five Five, Inc., 2261 Market Street, San Francisco, CA 94114, USA) to send emails — such as the notification about your enquiry or the portal sign-in link. Delivery runs through the eu-west-1 region (Ireland).
Your email address and the content of the message are processed. The legal basis is Art. 6(1)(b) GDPR. A data processing agreement is in place with Resend; transfers to the USA are safeguarded by Standard Contractual Clauses. Resend's privacy policy
6. Analytics (Vercel Analytics)
We use Vercel Analytics and Vercel Speed Insights to understand which pages are visited and how fast they load. Both work without cookies and without tracking you across websites. No individual user profile is created; the data is evaluated in aggregate.
The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in a well-functioning website that meets users' needs. As no information is stored on or read from your device, no consent under § 25 TDDDG is required.
7. Cookies
This website uses only technically necessary cookies. There is no tracking or advertising measurement, and no third-party cookies are set. A cookie banner is therefore not required.
- NEXT_LOCALE — stores your language choice (German or English) so the site appears in the right language on your next visit.
- sb-… — keeps you signed in to the client portal. Only set if you sign in there.
The legal basis is § 25(2)(2) TDDDG — storage is strictly necessary for the website and the portal to function.
8. Fonts
The fonts used (Inter and Playfair Display) are served from our own server. No connection to Google's servers is established, and your IP address is not transmitted to Google.
9. Encryption
This website uses TLS encryption throughout. You can recognise this by the “https://” in the address bar and the padlock icon in your browser.
10. Your Rights
You have the right at any time to free information about your stored data, its origin and recipients, and the purpose of processing (Art. 15 GDPR). You also have the right to rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18) and data portability (Art. 20).
Right to object (Art. 21 GDPR): Where we process data on the basis of legitimate interest (sections 2 and 6), you may object to that processing at any time on grounds relating to your particular situation.
For any of this, an informal message to hello@floxa.de is sufficient.
You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Last updated: July 2026