Privacy Policy

Privacy Policy

Privacy Policy for metaFox.online
Effective date: 23.03.2026

Your privacy matters to us. This Privacy Policy explains in clear and simple terms how we process your personal data when you use our web app.

Who is responsible?

metaFox GmbH
Carl-Spitzweg-Str. 61, 90768 Fürth, Germany

Register: Amtsgericht Fürth, HRB 19366
Managing Directors: Maximilian Friedle, Tobias Weghorn

Why do we process your data?

We use your data to provide the following services:

  • Provision and operation of our web app
    This includes standard features such as account management and features for successful online coaching as presented on our website: https://metaFox.online
  • Sending transactional emails
    We send important emails such as confirmations, password resets, and notifications about your account activity.
  • Billing and subscriptions (where applicable)
    We process the data needed to offer paid plans, manage subscriptions, and handle payments.
  • Usage analytics
    We track general usage patterns to improve usability, detect technical issues, and ensure smooth operations. Optional product analytics are provided through PostHog as described below and only run when you consent.

Cookies and consent

We use essential cookies and similar technologies to keep you signed in and remember your language preference. Optional product analytics (PostHog) are only activated after you accept in the cookie banner or enable analytics in your account privacy settings.

Tools and services we use

  • Supabase
    We use Supabase for secure processing and storage of all user and usage data.
    Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992
    Website: https://www.supabase.com
    Privacy Policy: https://www.supabase.com/privacy
    Note: Our Supabase project uses the eu-central-1 region (AWS Europe, Frankfurt, Germany), so your data is processed and stored within the EU.
  • Sendpulse
    We use SendPulse to send system-generated emails (for example account confirmations and password resets) when our mail provider is configured for production.
    Provider: SendPulse Inc., 101 Spear Street, 1st Floor, San Francisco, CA 94105, USA
    Website: https://sendpulse.com
    Privacy Policy: https://sendpulse.com/privacy-policy
    Note: EU Standard Contractual Clauses apply to ensure GDPR-compliant data transfers.
  • Stripe (payments)
    When you purchase or manage a paid subscription, payment data is processed by Stripe (Stripe, Inc., USA). We do not store full payment card numbers on our own servers; card data is handled by Stripe.
    Privacy: https://stripe.com/privacy
    Note: Transfers to Stripe in the USA and related safeguards are described in Stripe’s privacy policy and data processing terms (including EU Standard Contractual Clauses where applicable).
  • PostHog
    We use PostHog for product analytics: we process information such as in-app events (for example which screens or flows you use), approximate usage context, and technical data like browser and device type, so we can improve the product, debug issues, and understand usage.
    Provider: PostHog Inc.
    Website: https://posthog.com
    Privacy policy: https://posthog.com/privacy
    Processor terms and DPA information: https://posthog.com/dpa · https://posthog.com/terms
    Legal basis: This processing is optional and only takes place if you accept analytics cookies in our cookie banner or turn analytics on in your account privacy settings (Art. 6(1)(a) GDPR – consent). You may withdraw consent at any time with effect for the future (for example via the same settings or cookie controls).
    Region / hosting: When our app is configured for EU ingestion, event data is sent to PostHog’s EU endpoint (https://eu.i.posthog.com).
    Retention: Retention and further details follow our PostHog project settings and PostHog’s documentation.
  • Vercel (hosting and performance)
    We host and operate the web app on Vercel. Vercel processes technical data needed to deliver the application (for example HTTP requests and related metadata).
    Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
    Website: https://vercel.com
    Privacy Policy: https://vercel.com/legal/privacy-policy
    We also use Vercel Speed Insights for anonymous Web Vitals (page load performance, device types, approximate geographic region). Speed Insights does not track individual users and does not use persistent cookies for profiling; collection is limited to performance metrics. Data transfers are governed by EU Standard Contractual Clauses where applicable.

Legal basis for processing

  • Article 6(1)(b) GDPR – to provide services and manage your account
  • Article 6(1)(f) GDPR – based on our legitimate interests in improving and securing the app
  • Article 6(1)(a) GDPR – where you provide consent, e.g., for optional product analytics (PostHog) via the cookie banner or account privacy settings

How long do we store your data?

We store your personal data only as long as necessary for the purposes described or as required by law.
You can delete your account at any time, which also removes your personal data from our servers unless we are legally obligated to retain it.

Your rights under the GDPR

  • Request access to your stored data
  • Have incorrect or outdated data rectified
  • Request deletion or restriction of your data
  • Object to the processing of your data
  • Withdraw consent (effective for the future)
  • Receive your data in a portable format
  • Lodge a complaint with a data protection authority

Questions about privacy?

Email: tobias@metafox.eu