Privacy Policy
Last updated: April 2026 · Applies to trump-meter.com
This Privacy Policy explains how [Company Name GmbH] (in Gründung), represented by Fabian Sandknop, In den Alboingärten 11, 12103 Berlin, Germany ("we", "us") collects, uses, and protects your personal data when you use Trump-Meter at trump-meter.com. We comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Questions or requests: info@trump-meter.com
1. Data We Collect and Why
1.1 Account Registration
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account identity, login, transactional emails | Art. 6(1)(b) GDPR — contract performance |
| Password (bcrypt hash) | Authentication — raw password never stored | Art. 6(1)(b) GDPR |
| Email confirmation token | Verify email ownership | Art. 6(1)(b) GDPR |
| Account creation timestamp | Security audit trail | Art. 6(1)(f) GDPR — legitimate interest |
1.2 Subscription & Payments
| Data | Purpose | Legal Basis |
|---|---|---|
| Stripe Customer ID | Link your account to your Stripe subscription | Art. 6(1)(b) GDPR |
| Stripe Subscription ID & status | Gate Pro features; billing management | Art. 6(1)(b) GDPR |
| Subscription tier & expiry | Determine feature access | Art. 6(1)(b) GDPR |
We never store card numbers, CVV, or bank details. All payment processing is handled entirely by Stripe, Inc. (see Third-Party Processors below).
1.3 Pro API Keys
If you generate a Pro API key, we store the hashed key and a usage counter (requests per day). Raw keys are shown once at creation and never stored in recoverable form.
1.4 Alert & Notification Preferences
| Data | Purpose | Legal Basis |
|---|---|---|
| Alert thresholds & frequency | Send score alerts by email or Telegram | Art. 6(1)(a) GDPR — consent |
| Telegram chat ID (if linked) | Send Telegram notifications | Art. 6(1)(a) GDPR — consent |
| Timezone preference | Schedule daily digest in your local time | Art. 6(1)(b) GDPR |
1.5 Usage & Security Logs
We record API request counts (no full URLs or query content) for rate-limit enforcement and security monitoring. Server access logs (IP address, timestamp, HTTP method, status code) are retained for up to 30 days for security purposes under Art. 6(1)(f) GDPR.
1.6 Analytics
This site uses Umami Analytics, a privacy-friendly, cookie-free analytics tool hosted on our own infrastructure at umami.trump-meter.com. Umami collects only aggregated, anonymised page view counts and referrer data. No cookies are set. No personal identifiers are transmitted or stored. This processing does not require consent under GDPR.
2. Third-Party Data Processors
We share data with the following processors under Data Processing Agreements (DPAs) or equivalent safeguards:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription management, billing portal | USA / EU | EU Standard Contractual Clauses (SCCs); Stripe is PCI-DSS certified |
| Anthropic, PBC | AI sentiment scoring of news headlines (no user data is sent) | USA | SCCs; only public headline text is processed — no personal data |
| Finnhub.io | Market data and news headline feed | USA | No personal data transmitted |
| Telegram Messenger | Optional alert delivery to Telegram | UAE/EU | Only if you explicitly link Telegram; consent basis |
| VPS hosting provider (Hetzner Online GmbH) | Server infrastructure | Germany | GDPR-compliant; data remains in Germany |
We do not sell, rent, or share your personal data with any other third parties for marketing purposes.
3. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (email, settings) | Until account deletion + 30-day safety window |
| Payment & billing records | 10 years (§ 147 AO — German tax law obligation) |
| Server access logs | 30 days |
| API usage counters | Rolling 24-hour window; reset daily |
| Alert log entries | Last 50 entries per user (overwritten on a rolling basis) |
| Email confirmation tokens | 72 hours, then deleted regardless of use |
4. Cookies & Local Storage
Trump-Meter uses no advertising or tracking cookies. We use browser localStorage solely to store your JWT authentication token locally on your device so you remain logged in. This data never leaves your browser except as a Bearer token in API requests. No third-party cookies are set.
5. Children's Privacy
Trump-Meter is intended for users aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will delete the account and associated data promptly.
6. Your Rights Under GDPR
As a data subject you have the following rights. To exercise any of them, email info@trump-meter.com. We will respond within 30 days.
Supervisory Authority
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
7. International Data Transfers
Some processors (Stripe, Anthropic) are based in the United States. All such transfers are governed by EU Standard Contractual Clauses (SCCs) adopted pursuant to Art. 46 GDPR, ensuring an equivalent level of data protection.
8. Data Security
We use industry-standard measures to protect your data: HTTPS/TLS encryption in transit, bcrypt password hashing, JWT tokens with short expiry, server-side rate limiting, and restricted database access. No system is 100% secure; in the event of a breach affecting your rights, we will notify you and the relevant supervisory authority as required by Art. 33–34 GDPR.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated by email and/or a prominent notice on the site at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.
Last updated: April 2026 · Contact: info@trump-meter.com