Responsible for data processing:
Orangize Digital
Owner: Naumche Joshevski
Brüderstraße 11
32547 Bad Oeynhausen, Germany
Email: hello@dversum.com
Phone: +49 (0) 15122031093
The following data is processed when using the SaaS application:
Data is processed for:
Legal basis:
Art. 6(1)(b) GDPR (contract performance)
Art. 6(1)(f) GDPR (legitimate interest in security and operations)
The application is hosted by:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Servers are located in Germany. A data processing agreement is in place with Hetzner.
Backups are provided through Hetzner's backup services.
Payment processing is handled by:
Stripe Payments Europe Ltd.
Stripe processes payment data as an independent controller. Stripe's privacy policy applies. Stripe uses technically necessary cookies for fraud prevention, which are only loaded on payment pages.
The following providers are used for AI features:
Data is transmitted solely for performing the AI function requested by the user. Only user-submitted content and the context required for processing are transmitted.
Data may be transferred to the USA. Transfers are based on Standard Contractual Clauses pursuant to Art. 46 GDPR.
Data protection measures: Communication with AI providers uses encrypted connections (TLS) exclusively. API keys are stored encrypted on the server (AES-256-GCM). For BYOK (Bring Your Own Key), user-provided keys are encrypted per user and only decrypted for the respective session. AI providers have no access to the database or other user data beyond the explicit request.
Google OAuth may be used for login and calendar synchronization.
Google user data processed:
Google data is only accessed after the user's explicit consent through the Google authorization process.
Sharing and transfer of Google user data:
Google user data is not sold, rented, or shared for advertising purposes. Data is processed exclusively for the purpose requested by the user (calendar synchronization). Data is only shared in the following cases:
Protection of Google user data:
The use of Google user data complies with the Google API Services User Data Policy, including the Limited Use Requirements.
When using the optional Telegram integration, the following data is processed:
Telegram is a third-party provider (Telegram FZ-LLC, Dubai). Their privacy policy applies. The connection can be disconnected at any time in the settings.
For sending transactional emails (invoices, quotes, payment reminders, notifications, password resets) and receiving inbound emails (receipt forwarding, support inbox), we use:
Resend, Inc.
2261 Market Street #5039
San Francisco, CA 94114, USA
resend.com/legal/privacy-policy
Data processed: email addresses (sender and recipient), subject, message content, attachments, send date, delivery status.
Purpose: sending and receiving emails as part of contract performance.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
Data is transferred to the USA. The transfer is safeguarded by Standard Contractual Clauses pursuant to Art. 46 GDPR and Resend's certification under the EU-US Data Privacy Framework. A data processing agreement is in place with Resend.
On select marketing pages, the font "Caveat" is loaded from Google Fonts, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). When the font is loaded, a connection to Google's servers is established, and the user's IP address may be transmitted to Google.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent brand presentation).
A transfer to the USA cannot be excluded. Google is certified under the EU-US Data Privacy Framework. More information: policies.google.com/privacy.
We use cookies and comparable storage technologies (e.g. localStorage). These are grouped into three categories: strictly necessary, statistics, and marketing.
Statistics and marketing technologies are loaded only after your explicit consent via the cookie banner (§ 25(1) TDDDG, Art. 6(1)(a) GDPR). You may withdraw your consent at any time using the "Change cookie settings" link in the footer. Strictly necessary cookies are exempt from the consent requirement under § 25(2)(2) TDDDG.
Issuer: Orangize Digital (controller of this website)
Purpose: providing the functions requested by the user (login, language, theme, cookie decision, payment processing).
Legal basis: § 25(2)(2) TDDDG; Art. 6(1)(b) and (f) GDPR.
| Name | Type | Lifetime | Purpose |
|---|---|---|---|
| auth_token | Cookie | 7 days | Authentication (JWT) |
| consent_v1 | Cookie | 12 months | Stores the cookie consent choice |
| i18n_locale | Cookie | 12 months | Language preference |
| theme-preference | localStorage | indefinite | Selected theme (Light/Dark/System) |
| sidebar-nav-preferences | localStorage | indefinite | Sidebar configuration |
| Stripe cookies | Cookie | up to 12 months | Fraud prevention for payments (payment pages only) |
Issuer: Orangize Digital (self-hosted instance of Umami, operated at stat.dversum.com on servers of Hetzner Online GmbH in Germany)
Description: Umami is a privacy-friendly, self-hosted web analytics solution. No data is transferred to third parties; all measurement happens on our own servers.
Data collected: visited pages, time on page, click path, referrer URL, browser type, browser language, screen resolution, device type, approximate location (country); IP addresses are not stored.
Purpose: reach measurement and optimization of the website.
Legal basis: § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent).
Third-country transfer: none. Data is stored exclusively in Germany.
| Name | Lifetime | Description |
|---|---|---|
| umami.session | Session | Session ID for recognizing repeated page views within a session. No cross-site tracking. |
Issuer: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (parent: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA)
Description: The Meta Pixel (Facebook Pixel) is a tracking tool for conversion measurement and remarketing on Facebook and Instagram. With your consent, the pixel is loaded when you visit our website and logs page views and defined events (e.g. registration page view, completed registration).
Data collected: IP address, browser and device information, referrer URL, visited pages, triggered events, Facebook user ID (if logged into Facebook), hashed contact data for conversion attribution.
Purpose: conversion measurement for ads, creation of Custom Audiences and Lookalike Audiences, retargeting.
Legal basis: § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent).
Third-country transfer: Data is transferred to the USA. The transfer is safeguarded by Standard Contractual Clauses pursuant to Art. 46 GDPR and Meta's certification under the EU-US Data Privacy Framework. Following the Schrems II ruling, access by US authorities cannot be entirely excluded.
Joint controllership: For data collection through the pixel and transfer to Meta, we and Meta are joint controllers within the meaning of Art. 26 GDPR. The agreement is available at facebook.com/legal/controller_addendum.
Meta's privacy policy: facebook.com/privacy/policy
| Name | Lifetime | Description |
|---|---|---|
| _fbp | 90 days | Identifies the browser for conversion measurement and ad delivery. |
| _fbc | 90 days | Stores the last click source (Facebook click ID) for conversion attribution. |
| fr | 90 days | Set by Meta when you are logged into Facebook, for ad delivery. |
On this website we use a server-side tracking service to capture contact enquiries and attribute them to advertising campaigns. The service is operated by dVersum. Processing takes place on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in measuring the effectiveness of our advertising.
In addition, certain interactions are recorded where relevant for campaign optimisation:
No form-field input and no biometric data is collected.
The data is used exclusively to attribute contact enquiries to the relevant advertising campaigns (offline conversion tracking) and to optimise advertising campaigns. No profiling, no cross-site tracking and no transfer to third parties for advertising purposes takes place.
Conversion data from form submissions and from configured interaction events is, after review, transmitted server-side to Google Ads and Meta. Only the identifiers and values described under "What data is collected" are transferred. For transmission to Meta, contact data such as email address and phone number is hashed using SHA-256 before sending; this information never leaves our servers in plain text.
The visitor ID and the associated tracking data are automatically deleted after 90 days. Processing takes place on servers within the European Union (location: Germany).
A data processing agreement pursuant to Art. 28 GDPR is in place with the technical service provider operating the tracking service.
You may object to this processing at any time by deleting the "_tid" cookie in your browser or by contacting us using the contact details listed in the legal notice. You have the right to information, rectification, erasure and restriction of processing as well as the right to lodge a complaint with the competent supervisory authority.
stat.dversum.com
Personal data is retained:
After account deletion, personal data is deleted unless legal retention obligations apply.
The following technical and organizational measures are in place to protect personal data:
No automated decision-making within the meaning of Art. 22 GDPR takes place. In particular, the AI features of the application (AI assistant, content generation, proactive insights) provide suggestions and assistance; all legally or economically significant decisions (e.g. sending invoices or reminders, signing contracts) are triggered exclusively by the user.
Users have the right to:
To exercise these rights, please contact: hello@dversum.com
You also have the right to lodge a complaint with the competent supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4, 40213 Düsseldorf, Germany
www.ldi.nrw.de
As of: June 2026
This privacy policy is updated as needed to reflect changes in data processing or legal requirements.