Privacy Policy

1. Controller

cashlog.org (brand) · Christian Bahnmüller, sole proprietorship
Lendorf 241/17
9811 Lendorf
Austria
Email: info@cashlog.org

2. General information on data processing

Protecting your personal data is important to us. We process personal data only to the extent necessary for the respective function and on the basis of the applicable data protection laws (in particular GDPR, DSG, and TKG 2003, if applicable).

3. Collection and storage of personal data

3.1 Access to the website (hosting, logs)

When you access cashlog.org, our hosting provider Cloudflare (Cloudflare, Inc., USA) processes technical connection data (e.g., IP address in shortened/secured form, timestamp, requested resource, user agent) in order to deliver the site and detect misuse. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, stable operation and protection against attacks). As a rule, it is not combined with other data we process.

3.2 Cloudflare Turnstile (bot protection)

On the Contact page as well as in the contact modal on the homepage we use Cloudflare Turnstile to reduce automated abuse attempts. Technical information may be transmitted to Cloudflare (operation of the security service). Legal basis: Art. 6(1)(f) GDPR. Information provided by Cloudflare: Cloudflare Privacy Policy, Turnstile.

3.3 Use of the cashlog.org app (locally)

The cashlog.org web application processes your financial data locally on your device (e.g., storage in the browser). For this purpose, we operate no user account and have no access to your portfolio contents as long as you do not send them to us yourself via email or similar.

3.4 Scan / file import in the app

When you import statements or other files in the app, the processing happens to transfer values into your portfolio locally in your browser. No automatic transmission of the file contents to our servers occurs for the import.

3.5 Exchange rates (ECB via Frankfurter)

When you start the app and upon your explicit action (e.g., “load ECB rate”), the app can fetch ECB reference exchange rates via the Frankfurter service (frankfurter.dev, filter providers=ECB). In doing so, no portfolio content is transmitted — only technical request parameters such as currency and date. Legal basis: Art. 6(1)(f) GDPR. ECB notes: ECB reference rates.

3.6 Contact form, storage & email sending (Cloudflare Worker, D1, Resend)

If you use the contact form (on the contact page or in the modal on the homepage), the details you provide (e.g., name, email address, message) are transmitted for processing to a technical endpoint under admin.cashlog.org and processed there within the scope of a Cloudflare Worker. For processing and internal assignment, the data may be stored in a database Cloudflare D1 (same hosting ecosystem as the website). Notification email sending is handled via the service Resend (Resend Inc., USA). Legal basis: Art. 6(1)(b) GDPR (pre-contract measures / contract initiation) or Art. 6(1)(f) GDPR (legitimate interest in answering general inquiries and operating the forms securely). Resend information: Resend Privacy Policy.

Contact by email: the data you provide is stored for processing where required; legal basis Art. 6(1)(b) or (f) GDPR.

3.7 Waitlist

On the website you can register for a notification at launch. Registration is received via admin.cashlog.org (Cloudflare Worker); we store your email address in a database Cloudflare D1 (hosting within the Cloudflare ecosystem). For confirmation and notice emails, Resend may also be used (see section 3.5). We use the address only for the announced information about the launch, not for newsletter advertising without separate consent. Legal basis: Art. 6(1)(a) GDPR (consent).

4. Cookies & similar technologies

We do not use Google Analytics, social pixels, or advertising tracking tools. For bot protection (Turnstile) and operation of the website, technically necessary cookies or similar storage may be used by Cloudflare within the scope of the service. Legal basis: Art. 6(1)(f) GDPR.

5. Payment processing (Stripe)

For purchasing access to cashlog.org, we use the payment service provider Stripe (Stripe Technology Europe Ltd. or group-affiliated companies). If you are redirected to payment on the Purchase page, payment processing takes place on Stripe’s servers. We receive the information necessary for contract performance (e.g., payment confirmation, email for delivering your access details). Legal basis: Art. 6(1)(b) GDPR. Further information: stripe.com/at/privacy.

6. Hosting & data processing (Cloudflare)

The public website is served via Cloudflare Pages; technical supporting functions (e.g., delivery of the Turnstile site key) can also run via Pages/Workers. Waitlist and contact requests are handled by a separate Cloudflare Worker under admin.cashlog.org and stored in D1; emails are sent via Resend (sections 3.5 and 3.6). To the extent that Cloudflare or Resend process personal data on our behalf, we rely on the contractual and technical arrangements of the providers (including EU standard contractual clauses and/or adequacy decisions, where data transfers to third countries occur). Details Cloudflare: Cloudflare Privacy Policy.

7. Retention period

We store personal data only for as long as required for the respective purpose or if statutory retention obligations apply. Contact requests and waitlist entries are processed in an internal overview (leads). We remove the entries as soon as the purpose no longer applies, or when you request deletion — subject to statutory retention obligations. We delete email correspondence after handling the request, unless there are legal reasons for a longer retention.

8. Your rights & complaint

Under the statutory conditions, you have rights to information, rectification, deletion, restriction of processing, and data portability, as well as objection against certain processing. You can also complain to the competent supervisory authority. In Austria: Data Protection Authority — dsb.gv.at.

9. Changes to this privacy policy

We update this privacy policy when our services or the legal situation change. The decisive version is the one published at the beginning of the page.