PRIVACY POLICY – AlertoWatch
1. Controller
Lukas Herbst
c/o flexdienst – #20521
Kurt-Schumacher-StraĂźe 76
67663 Kaiserslautern
Germany
Email: info@alertowatch.com
---
2. General Information on Data Processing
(1) We process personal data exclusively within the framework of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR).
(2) Personal data means any information relating to an identified or identifiable natural person.
(3) Processing is carried out exclusively to the extent necessary for the provision of our services, for the performance of a contract, for the protection of legitimate interests, or on the basis of consent.
---
3. Legal Bases
Processing is carried out in particular on the basis of:
- Art. 6(1)(a) GDPR (consent)
- Art. 6(1)(b) GDPR (performance of a contract)
- Art. 6(1)(c) GDPR (legal obligation)
- Art. 6(1)(f) GDPR (legitimate interest)
---
4. Technical Provision
When accessing the platform, technical data is processed:
- IP address
- Timestamps
- Browser / system data
- Request information
Purpose: operation, security, stability
Legal basis: Art. 6(1)(f) GDPR
---
5. Hosting
Our platform is operated within the EU.
Server logs are processed to ensure operation and security.
Legal basis: Art. 6(1)(f) GDPR
---
6. User Account
Processed data:
- Email address
- Login / account data
- Plan information
- Usage timestamps
Purpose: performance of contract, account operation
Legal basis: Art. 6(1)(b) GDPR
---
7. Security and Authentication
We process security-related data such as:
- IP addresses
- Login attempts
- Session data
- Security events
Purpose: protection against misuse and unauthorized access
Legal basis: Art. 6(1)(f) GDPR
---
8. Use of the Platform
The following is processed:
- Alert and watcher configurations
- Parameters and settings
- System events
Purpose: provision of the platform
Legal basis: Art. 6(1)(b) GDPR
---
9. Alert and Watcher Events
The following is processed:
- Trigger timestamps
- System status
- Market references
Purpose: functionality, history, error analysis
Legal basis: Art. 6(1)(b) GDPR
---
10. Log Files and Security
The following is processed:
- IP
- Logs
- Error data
- Integration data
Purpose: security, debugging, prevention of misuse
Legal basis: Art. 6(1)(f) GDPR
---
11. Contact
The following is processed:
- Email address
- Contents of the inquiry
Purpose: communication
Legal basis: Art. 6(1)(b) or (f) GDPR
---
12. Payment Processing (Stripe)
Stripe Payments Europe Ltd., Ireland
The following is processed:
- Payment data
- Transaction data
- Billing data
Purpose: payment processing
Legal basis: Art. 6(1)(b) GDPR
Transfer to third countries (USA) may occur on the basis of Standard Contractual Clauses (Art. 46 GDPR).
---
13. Contract and Billing Data
The following is processed:
- Contract data
- Invoice data
- Payment status
Purpose: contract, accounting, legal obligations
Legal basis: Art. 6(1)(b) and (c) GDPR
---
14. Use of AI (e.g. OpenAI)
When using AI functions, the following may be processed:
- User inputs (prompts)
- Generated content
- Context data
Purpose: provision of AI functions
Legal basis: Art. 6(1)(b) GDPR
External providers (e.g. OpenAI) may be used for technical implementation.
In this context, transfers to third countries, in particular to the USA, may occur.
Such transfers are carried out exclusively on the basis of appropriate safeguards (Art. 44 et seq. GDPR), in particular Standard Contractual Clauses.
Users should not enter sensitive personal data into AI inputs.
---
15. Notifications
The following is processed:
- Email addresses
- Content
- Delivery status
Purpose: delivery of notifications
Legal basis: Art. 6(1)(b) GDPR
---
16. Affiliate Program
The following is processed:
- Referral codes
- Allocation data
- Status of referrals
Purpose: implementation of the affiliate program
Legal basis: Art. 6(1)(b) and (f) GDPR
---
17. Security and Abuse Prevention
The following is processed:
- IP
- Log data
- Behavioral data
Purpose: protection of the platform
Legal basis: Art. 6(1)(f) GDPR
---
18. No Tracking Tools
No tracking or marketing tools are used.
---
19. Cookies
Only technically necessary storage mechanisms are used.
Legal basis: Art. 6(1)(b) and (f) GDPR
---
20. Recipients
Recipients may include:
- Hosting providers
- Payment providers
- AI providers
- Infrastructure service providers
---
21. Transfer to Third Countries
Transfers are made only with appropriate safeguards in accordance with Art. 44 et seq. GDPR.
---
22. Storage Duration
Data is stored only for as long as necessary or required by law (in particular under tax retention obligations).
---
23. Data Subject Rights
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent
---
24. Right to Object
Where processing is based on Art. 6(1)(f) GDPR, a right to object exists.
---
25. Right to Lodge a Complaint
A complaint may be lodged with a supervisory authority.
---
26. Obligation to Provide Data
Use of the platform is not possible without the required data.
---
27. Automated Decisions
None within the meaning of Art. 22 GDPR.
---
28. Data Security
Technical and organizational measures are implemented.
---
29. Amendments
Changes may be made at any time.
Version: March 2026
---
30. Extended Use of Artificial Intelligence (OpenAI)
To provide certain functions, AlertoWatch uses services of OpenAI, L.L.C., 3180 18th St, San Francisco, CA 94110, USA.
In the context of use, entered data, user inputs, content, market parameters, and system-generated data may be transmitted to OpenAI servers for processing.
Processing is carried out for the provision of analysis functions, evaluations, signals, and AI-supported content.
Please note that content generated by AI may be faulty, incomplete, or delayed.
The legal basis is Art. 6(1)(b) GDPR as well as Art. 6(1)(f) GDPR.
It cannot be ruled out that data may be transferred to the USA. Such transfer is carried out on the basis of appropriate safeguards pursuant to Art. 46 GDPR (in particular Standard Contractual Clauses).
Further information:
https://openai.com/privacy
---
31. Profiling and Automated Processing (Supplement)
In the course of using the platform, automated evaluations of user data, inputs, and market parameters are carried out for the generation of alerts, signals, and analyses.
This processing serves exclusively the technical functionality of the platform.
No automated decision-making within the meaning of Art. 22 GDPR takes place that produces legal effects or similarly significantly affects the user.
The provided results do not constitute a basis for decisions.
---
32. Payment Processing (Stripe – Supplement)
Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, is used for payment processing.
In the context of payment processing, in particular payment data, transaction data, and billing-related information are processed and transmitted to Stripe.
Stripe may transfer data to affiliated companies outside the European Union, in particular to the USA.
Such transfer is carried out on the basis of appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses).
Further information:
https://stripe.com/de/privacy
---
33. Affiliate Programs and Payouts (Supplement)
Within affiliate programs, personal data is processed for the allocation of commissions and the execution of payouts.
Payouts are currently made manually and may be made in the form of cryptocurrencies.
In this context, wallet addresses in particular may be processed.
It is expressly noted that transactions on blockchain networks are publicly visible, permanently stored, and generally irreversible.
---
34. Hosting (Supplement)
The platform is hosted on servers of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
IONOS acts as a processor pursuant to Art. 28 GDPR.
---
35. Tracking and Analytics (Clarification)
No tracking or analytics tools are used.
No evaluation of user behavior takes place for marketing or analytics purposes.
---
36. Storage Duration (Supplement)
Personal data is stored only for as long as necessary to achieve the respective purposes.
In addition, storage takes place only insofar as statutory retention obligations exist.
Once the respective purpose no longer applies or statutory periods expire, the data is deleted.
---
Language Version
This English version is provided for convenience only. In the event of any discrepancies, inconsistencies, or deviations between the English version and the German version, the German version shall prevail.
