AnalyticsCLI Logo AnalyticsCLI.com

AnalyticsCLI Privacy Policy

Last updated: March 4, 2026

Important: Replace all bracketed placeholders before publishing this policy. This draft is aligned with the current repository and deployment model, but it still requires your exact legal entity details, retention periods, and final vendor list.

1. Controller and contact

The controller for the processing described in this Privacy Policy is [Full legal company name], [street, postal code, city, country] ("AnalyticsCLI", "we", "us").

Email: analyticscli@wotaso.com
Privacy contact: [privacy email]
Data Protection Officer, if appointed: [DPO contact]

2. Scope of this Privacy Policy

This Privacy Policy applies to visitors of our landing page, users who create or use a AnalyticsCLI account, and business contacts who communicate with us regarding our services. It does not replace our customers' own privacy notices for data they collect through their apps or websites.

3. Core hosting in Germany

The core AnalyticsCLI application and database workloads are operated on servers in Germany. Depending on configuration, we may additionally use supporting providers for authentication, bot protection, billing, analytics, monitoring, and content delivery. Those providers are listed below to the extent they are enabled in the live environment.

4. Website access logs and infrastructure security

When you visit our website, our servers and infrastructure components process connection and request metadata such as IP address, date and time, requested URL, referrer, user agent, and status code. We process this data to deliver the website, maintain stability and security, detect abuse, and investigate incidents.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is the secure and reliable provision of the website and our services.

5. Contact requests and business communications

If you contact us by email or through a business communication channel, we process your contact data, message content, and any related correspondence in order to answer your request, handle pre-contractual communication, and document business interactions.

Legal basis: Article 6(1)(b) GDPR where the request is pre-contractual or contractual, otherwise Article 6(1)(f) GDPR.

6. Account registration, sign-in, and tenant administration

If you create or use a AnalyticsCLI account, we process account and authentication data such as your email address, authentication identifiers, tenant membership, verification state, and account-related activity needed to provide access to the service.

Legal basis: Article 6(1)(b) GDPR for the provision of the requested service and Article 6(1)(f) GDPR for account security and fraud prevention.

7. CAPTCHA and abuse prevention

If bot protection is enabled on signup or checkout flows, we use Cloudflare Turnstile to distinguish legitimate user activity from abusive or automated access. In that context, technical request data may be processed by Cloudflare.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is preventing fraud, spam, and attacks on our signup and checkout flows.

8. Billing and checkout

If paid plans or trial conversions are enabled and you start a checkout, billing-related data such as selected plan, transaction identifiers, subscription status, and payment-related metadata may be processed by us and by our billing provider Paddle. Payment card data is processed directly by the payment provider, not by us.

Legal basis: Article 6(1)(b) GDPR for contract performance and Article 6(1)(f) GDPR for fraud prevention, billing reconciliation, and enforcement of contractual claims.

9. Website analytics and attribution

We may use privacy-focused web analytics or our own analytics tooling to understand how visitors use the landing page and how signup flows perform. Based on the current codebase, such features are optional and depend on runtime configuration.

Where cookies, local storage, device identifiers, or similar technologies that are not strictly necessary are used, we will only activate them after obtaining any consent required under Section 25 TDDDG and Article 6(1)(a) GDPR. Marketing attribution storage is disabled by default in the current repository unless it is explicitly enabled.

10. Local storage, cookies, and similar technologies

We use technically necessary browser storage for account continuation, login state handling, and similar functionality that you expressly request. Optional analytics or attribution storage is only intended to be activated if the relevant feature is enabled and any required consent has been obtained.

Legal basis for technically necessary storage: Section 25(2) TDDDG and, where personal data is processed, Article 6(1)(b) or Article 6(1)(f) GDPR.

11. Customer product data and processor role

For analytics data that our customers collect through their own apps, websites, SDK integrations, or APIs, our customers generally act as the controller and we generally act as a processor under Article 28 GDPR. The customer remains responsible for choosing an appropriate legal basis, providing end-user notices, obtaining consent where required, and concluding a data processing agreement with us where applicable.

12. Recipients and service providers

Depending on the live configuration, data may be processed by the following recipients:

  • Hetzner Online GmbH for core infrastructure hosting in Germany
  • Cloudflare, Inc. for DNS, reverse proxy, CDN, caching, edge network functions, and Turnstile bot protection where enabled in production
  • Clerk, Inc. for authentication and session management if enabled. Based on the current code, the frontend attempts to load Clerk JavaScript primarily from the Clerk account domain associated with your publishable key, with a configurable override and a fallback path if needed.
  • Paddle group entities, including Paddle.com Market Ltd., Paddle.com Inc., and Paddle Payments Ltd., for billing and checkout functions where paid plans are enabled
  • Functional Software, Inc. d/b/a Sentry for error monitoring if enabled, using your configured Germany region

We currently self-host Plausible Analytics on our own infrastructure. Where Plausible is used in that self-hosted form, it does not add a separate external analytics recipient.

Our current production setup also uses Cloudflare for DNS and, in parts of the stack, proxy/CDN/caching functions. If personal data passes through those paths, Cloudflare is reflected in our vendor disclosures accordingly.

13. International data transfers

Our core hosting is in Germany. However, certain supporting vendors may process data outside the EU or EEA. Where that happens, we rely on an adequacy decision or other appropriate safeguards under Chapter V GDPR, such as the European Commission's Standard Contractual Clauses, together with any supplementary measures required by law.

14. Retention periods

We retain personal data only for as long as necessary for the purposes described above, to comply with legal retention obligations, to resolve disputes, and to enforce agreements. The final live policy must still be completed with exact retention periods for at least the following categories:

  • website server and security logs: [insert retention period]
  • account and tenant administration data: [insert retention period]
  • billing and tax-relevant records: [insert statutory retention period by jurisdiction]
  • optional analytics and attribution data: [insert retention period]

15. Your rights

Subject to applicable law, you have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to processing based on Article 6(1)(e) or (f) GDPR. Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

16. Right to lodge a complaint

You also have the right to lodge a complaint with a competent supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The competent authority for our main establishment is: [insert supervisory authority].

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. We will publish the current version on this page and update the "Last updated" date accordingly.