Privacy Policy

This Privacy Policy explains how Daniel Samer ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our website and services.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

Data Controller:
Daniel Samer
Am Alefskamp 50
47198 Duisburg
Germany
Email: hester@yixn.io
Phone: +49 15225669203

By using our platform, you acknowledge that you have read and understood this Privacy Policy.

We collect the following categories of personal data:

Account Data:
- Name and username
- Email address
- Password (encrypted)
- Profile information you provide

Profile Data:
- Profile picture (if uploaded)
- Biography and description
- Preferences and settings

Technical Data:
- IP address
- Browser type and version
- Device information
- Operating system
- Time zone and location data
- Cookies and similar technologies (see our Cookie Policy)

Usage Data:
- Pages visited and features used
- Time spent on the platform
- Actions taken (clicks, interactions)
- Referral source

Communication Data:
- Messages and correspondence with us
- Feedback and support requests
- Survey responses

We collect data directly from you, automatically through your use of the platform, and occasionally from third parties (such as social login providers, if applicable).

We use your personal data for the following purposes:

Service Delivery:
- To create and manage your account
- To provide and maintain our services
- To process transactions and send related information

Communication:
- To respond to your inquiries and support requests
- To send service-related notifications
- To send marketing communications (with your consent)

Improvement and Development:
- To analyze usage patterns and improve our services
- To develop new features and functionality
- To conduct research and analytics

Security and Compliance:
- To protect against fraud and unauthorized access
- To comply with legal obligations
- To enforce our Terms of Service

Legal Bases for Processing (GDPR):
- Contract Performance: Processing necessary to provide our services
- Consent: Processing based on your explicit consent
- Legitimate Interests: Processing for our legitimate business interests
- Legal Obligation: Processing required by law

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers:
We work with third-party companies that help us operate our platform, such as:
- Hosting and cloud infrastructure providers
- Payment processors
- Analytics services
- Email service providers

These providers are contractually bound to protect your data and use it only for specified purposes.

Legal Requirements:
We may disclose your data if required to:
- Comply with legal obligations or valid legal process
- Protect our rights, property, or safety
- Investigate potential violations of our Terms
- Protect against legal liability

Business Transfers:
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change.

With Your Consent:
We may share your data for other purposes with your explicit consent.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Active Accounts:
- Account data is retained while your account is active
- You can request deletion at any time

After Account Deletion:
- Most data is deleted within 30 days
- Some data may be retained longer for legal compliance (e.g., transaction records for tax purposes)
- Anonymized data may be retained for analytics

Specific Retention Periods:
- Account information: Duration of account plus 30 days
- Transaction records: 10 years (legal requirement)
- Support correspondence: 3 years
- Server logs: 90 days

We regularly review our retention practices to ensure we don't keep data longer than necessary.

Under the General Data Protection Regulation (GDPR), you have the following rights:

1. Right of Access: You can request a copy of your personal data and information about how it's processed.

2. Right to Rectification: You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data under certain circumstances.

4. Right to Restrict Processing: You can request that we limit how we use your data.

5. Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.

6. Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

7. Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

8. Right to Lodge a Complaint: You can file a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at hester@yixn.io. We will respond to your request within 30 days.

Supervisory Authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
https://www.ldi.nrw.de

We use cookies and similar technologies to collect information and improve your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Types of Cookies:
- Essential Cookies: Required for the platform to function
- Analytics Cookies: Help us understand how visitors use our site

You can control cookies through:
- Our cookie consent banner
- Your browser settings
- The cookie settings page

We implement appropriate technical and organizational security measures to protect your personal data, including:

Technical Measures:
- Encryption of data in transit (TLS/SSL)
- Encryption of sensitive data at rest
- Secure password hashing
- Regular security updates and patches
- Firewall and intrusion detection systems

Organizational Measures:
- Limited access to personal data on a need-to-know basis
- Regular security training
- Incident response procedures
- Regular security assessments

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to taking all reasonable steps to protect your information.

If you suspect a security breach, please contact us immediately.

Our platform is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will take steps to delete such information from our systems.

If we become aware that we have collected personal data from a child under 18, we will delete that information as quickly as possible.

Your data is primarily processed within the European Union. If we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place:

- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms

By using our platform, you understand that your information may be transferred to, stored, and processed in countries outside your country of residence.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:
- We will update the "Last Updated" date at the top
- For material changes, we will provide prominent notice (e.g., email notification or banner on the platform)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Your continued use of the platform after changes become effective constitutes acceptance of the revised Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

Daniel Samer
Am Alefskamp 50
47198 Duisburg
Germany

Email: hester@yixn.io
Phone: +49 15225669203

For GDPR-related inquiries, you may also contact the supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2-4
40213 Düsseldorf
Germany
https://www.ldi.nrw.de