Privacy Policy
Last updated: February 12, 2026
1. Data Controller
The data controller responsible for processing your personal data on this website is:
Mind-Sprout
Hajo-Rüter-Straße 14
65239 Hochheim am Main
Germany
Email: print.design2212@gmail.com
Phone: +49 1578 2835232
2. Overview
This privacy policy explains how CostofX collects and processes personal data when you use our website and calculators. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the German Digital Services Act (DDG), and the German Telecommunications Telemedia Data Protection Act (TTDSG).
Summary: We only collect usage data through Google Analytics when you explicitly consent via our cookie banner. All calculator inputs are processed entirely in your browser and are never transmitted to our servers or stored anywhere.
3. Types of Data Collected
3.1 Personal Data Directly Collected
None. We do not require registration, login, or any form submission that would collect your personal information directly.
3.2 Usage Data (Collected via Google Analytics when Consented)
When you consent to analytics cookies via our cookie banner, we collect the following usage data through Google Analytics:
- Pages visited and time spent on each page
- Browser type, version, and operating system
- Device information (desktop, mobile, or tablet)
- Referring website URL (how you arrived at CostofX)
- IP address (anonymized immediately - last octet removed)
- Calculator usage patterns (which calculators you use, but NOT your input values)
- Geographic location (country and region level only, not precise location)
3.3 Calculator Inputs
IMPORTANT: All calculator inputs and results are processed entirely in your browser using client-side JavaScript. Your calculator data is NEVER transmitted to our servers, never stored, and never accessible to us. We have no technical means to see what you enter into our calculators.
4. Legal Basis for Processing (GDPR Article 6)
4.1 Analytics Cookies
Legal Basis: Article 6(1)(a) GDPR - Consent
We only process usage data through Google Analytics after you explicitly consent via our cookie banner. You can withdraw consent at any time by clicking "Cookie Settings" in the footer.
4.2 Essential Cookies
Legal Basis: Article 6(1)(f) GDPR - Legitimate Interest
We store a cookie to remember your cookie consent choice and language preference. This is necessary for the technical functionality of our website and constitutes a legitimate interest under GDPR.
5. Detailed Cookie Information
In accordance with TTDSG §25, here is comprehensive information about all cookies used on CostofX:
| Cookie Name | Purpose | Type | Duration | Legal Basis |
|---|---|---|---|---|
cookieConsent | Stores your cookie preferences and language choice | Essential | Persistent (until you clear or change settings) | TTDSG §25(2) - Necessary for service |
_ga | Distinguishes unique users for analytics | Analytics | 2 years | TTDSG §25(1) - Consent required |
_gid | Distinguishes users for 24-hour session analytics | Analytics | 24 hours | TTDSG §25(1) - Consent required |
_ga_<container-id> | Maintains session state for Google Analytics 4 | Analytics | 2 years | TTDSG §25(1) - Consent required |
_gat | Throttles request rate to Google servers | Analytics | 1 minute | TTDSG §25(1) - Consent required |
Cookie Management
- Manage via our website: Click "Cookie Settings" in the footer to change your preferences at any time
- Browser settings: You can disable cookies in your browser settings:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Block all cookies
- Edge: Settings → Cookies and site permissions
- Important: Rejecting analytics cookies does NOT affect calculator functionality - all calculators work identically regardless of your cookie choice
6. Google Analytics - Data Processor Information
6.1 Service Provider
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
United States
Parent Company: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
6.2 Purpose
We use Google Analytics 4 to analyze website usage, understand visitor behavior, and improve our calculators. This helps us determine which calculators are most useful and identify areas for improvement.
6.3 Data Processed
See "3.2 Usage Data" section above for the complete list of data collected when you consent to analytics.
6.4 Privacy Safeguards Implemented
- IP Anonymization: Enabled - the last octet of your IP address is removed immediately before processing
- Data Retention: Set to 2 months in Google Analytics 4 - all event data is automatically deleted after this period
- No Advertising Features: We have disabled all Google advertising features, remarketing, and audience targeting
- No Cross-Device Tracking: We do not track users across multiple devices
- No User ID Tracking: We do not assign or track persistent user identifiers beyond standard cookies
6.5 Google's Privacy Policies
- Privacy Policy: https://policies.google.com/privacy
- Google Analytics Terms: https://marketingplatform.google.com/about/analytics/terms/
- Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
7. International Data Transfers (GDPR Articles 44-50)
⚠️ IMPORTANT DISCLOSURE ABOUT US DATA TRANSFERS
Google Analytics may transfer personal data to servers located in the United States. These transfers are currently based on the EU-U.S. Data Privacy Framework (DPF), adopted by the European Commission on July 10, 2023. Google LLC is certified under this framework.
View Google's DPF Certification: Data Privacy Framework Participant Search
7.1 Legal Uncertainty and Ongoing Challenges
⚠️ LEGAL STATUS UPDATE - PLEASE READ
The Data Privacy Framework is subject to ongoing legal challenges in several EU member states. Multiple data protection authorities have declared Google Analytics non-compliant under their interpretation of GDPR:
- Austria: Austrian DPA ruled Google Analytics violates GDPR (January 2022)
- France: CNIL declared Google Analytics non-compliant (February 2022)
- Italy: Garante found Google Analytics illegal (June 2022)
- Norway: Datatilsynet imposed usage ban (July 2023)
- Denmark: Datatilsynet declared non-compliance (September 2022)
The Court of Justice of the European Union (CJEU) is expected to review the DPF's validity by 2026 in what may become the "Schrems III" case, following previous rulings that invalidated Safe Harbor (2015) and Privacy Shield (2020).
7.2 Our Position and Safeguards
We have chosen to use Google Analytics despite these legal uncertainties because:
- IP Anonymization: Reduces identifiability of users significantly
- Minimal Data Retention: 2-month automatic deletion minimizes exposure
- No Advertising Features: No cross-tracking or profiling for marketing purposes
- Explicit Consent Required: We only activate analytics after you explicitly consent via our cookie banner
- Fully Optional: All calculators work identically whether you accept or reject analytics cookies
We continuously monitor the legal situation and will adapt our practices immediately if:
- The Data Privacy Framework is invalidated by the CJEU
- German data protection authorities issue binding guidance requiring changes
- New legal frameworks or Standard Contractual Clauses (SCCs) become available
7.3 Your Choice
If you do not consent to potential data transfers to the United States, you can reject analytics cookies via our cookie banner. This will NOT affect your ability to use our calculators in any way. All calculator functionality is preserved regardless of your cookie choice.
8. Data Retention Periods
- Calculator Inputs: Never stored (processed in browser only, never transmitted to servers)
- Cookie Consent Choice: Stored locally in your browser until you withdraw consent or clear browser data
- Google Analytics Data: Automatically deleted after 2 months
- Analytics Cookies: Stored for up to 2 years (see cookie table), but the underlying event data in Google Analytics is deleted after 2 months
9. Your Rights Under GDPR (Articles 15-22)
You have comprehensive rights regarding your personal data under the General Data Protection Regulation. Here are all your rights explained:
9.1 Right to Access (Article 15)
You can request a copy of any personal data we hold about you. Given our minimal data collection (only analytics data when consented), there is very little personal data we can provide, but you have the right to request confirmation of what data exists.
9.2 Right to Rectification (Article 16)
You can request correction of inaccurate personal data. Since we only collect automated usage data, this right is rarely applicable to CostofX.
9.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent for analytics cookies
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
Note: Google Analytics data is automatically deleted after 2 months, so any deletion request would only affect data less than 2 months old.
9.4 Right to Restrict Processing (Article 18)
You can request we limit how we use your data in certain circumstances, such as when you contest the accuracy of data or object to processing.
9.5 Right to Data Portability (Article 20)
You can request your personal data in a structured, machine-readable format to transfer to another service. Given our minimal data collection, there is very little data to port, but you have this right.
9.6 Right to Object (Article 21)
You can object to data processing at any time, especially for direct marketing purposes (though we do not conduct any marketing activities). You can object to analytics by withdrawing consent via "Cookie Settings" in our footer.
9.7 Right to Withdraw Consent (Article 7(3))
You can withdraw your cookie consent at any time by clicking "Cookie Settings" in the footer and changing your preferences. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
9.8 Right to Lodge a Complaint (Article 77)
You have the right to file a complaint with a data protection supervisory authority if you believe your data protection rights have been violated. See Section 10 below for contact information.
How to Exercise Your Rights
Contact us to exercise any of these rights:
- Email: print.design2212@gmail.com
- Phone: +49 1578 2835232
- Mail: Mind-Sprout, Hajo-Rüter-Straße 14, 65239 Hochheim am Main, Germany
Response Time: Within 30 days (can be extended by 2 months for complex requests)
Cost: Free of charge (unless request is manifestly unfounded or excessive)
10. Supervisory Authority Information
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the following data protection authorities:
10.1 German Federal Data Protection Commissioner
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Phone: +49 (0)228-997799-0
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de
10.2 Hesse State Data Protection Commissioner
(Local authority for Hochheim am Main, Hesse)
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de
11. Security Measures
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse:
- HTTPS/TLS Encryption: All data transmission between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security)
- IP Anonymization: Google Analytics immediately removes the last octet of your IP address before processing
- Secure Cookie Flags: Cookies are set with
SameSite=LaxandSecureflags for cross-site security - No Server-Side Storage of Calculator Data: Calculator inputs are processed entirely client-side in your browser and never transmitted to our servers
- Regular Security Updates: We maintain all software dependencies with the latest security patches
- Hosting Security: Vercel provides enterprise-grade infrastructure with DDoS protection, automatic SSL certificates, and ISO 27001 certification
- Minimal Data Collection: We minimize the personal data we collect to reduce security risks
12. Third-Party Services
We use the following external services to operate CostofX. Each service has its own privacy policy governing how they process data:
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Hosting | Vercel Inc. 440 N Barranca Ave #4133 Covina, CA 91723, USA | Website infrastructure and content delivery | Privacy Policy |
| Analytics | Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA | Usage statistics to improve calculators (only when consented) | Privacy Policy |
13. Changes to This Privacy Policy
We may update this privacy policy periodically to reflect:
- Changes in applicable laws and regulations
- New features or services we offer
- Changes to our data processing practices
- Improvements to clarity and transparency
How we notify you of changes:
- Changes will be posted on this page with an updated "Last Updated" date at the top
- Significant changes will be highlighted prominently at the top of this page for 30 days
- Continued use of CostofX after changes are posted constitutes acceptance of the updated policy
- For substantial changes that require new consent (e.g., new types of data collection), we will obtain explicit consent via our cookie banner
14. Contact for Privacy Questions
If you have any questions about this Privacy Policy, our data protection practices, or wish to exercise your GDPR rights, please contact us:
Mind-Sprout
Hajo-Rüter-Straße 14
65239 Hochheim am Main
Germany
Email: print.design2212@gmail.com
Phone: +49 1578 2835232
Last Updated: February 12, 2026