KIKIneAhnung

Privacy Policy

This is a convenience translation. The legally binding version of this privacy policy is the German original.

Version 1.3 — effective from May 19, 2026

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Thorsten Ahrens Zillestr. 75 51067 Cologne Email: contact@kineahnung.de

No data protection officer has been appointed pursuant to Art. 37 GDPR; the thresholds requiring such an appointment are not met.

2. Data Collection on This Website

a) Contact Requests via Email

When you contact us by email, the data you provide (your email address, possibly your name and your message) will be stored to process your inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

b) User Account

Upon registration, your name and email address are stored. Authentication is handled via Supabase (password or magic link). Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

c) Experience Points (XP System)

For logged-in users, interactions (articles read, tests completed, content shared) are recorded in a points system. Purpose: gamification and progress tracking. Data stored: user_id, action, reference, timestamp. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). XP data is used solely for progress display within the user's own account — no profiling, no advertising, no transfer to third parties.

d) Course Progress

For logged-in users, progress in the AI course is stored (completed chapters, timestamp). Purpose: resuming the course at the last completed point. Data stored: user_id, chapter reference, completion timestamp. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

e) Quiz Results

Upon completion of a quiz, the result (score), pass status, and optionally the name for the certificate are stored. Data stored: user_id, quiz reference, score, passed, certificate name, timestamp. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

f) Anonymous Test Statistics

Upon completion of the AI Knowledge Check, dimension scores are saved without any user reference and without IP address. Purpose: anonymous community comparison (only displayed once at least 10 participants). This data cannot be traced back to individual persons. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

3. Legal Basis

The processing of personal data is carried out on the basis of Art. 6(1) GDPR:

  • Point (a) (Consent): For newsletter subscription.
  • Point (b) (Performance of a contract): For user accounts, course progress, quiz results, XP system, contact requests.
  • Point (c) (Legal obligation): For disclosure to law enforcement authorities.
  • Point (f) (Legitimate interest): For anonymous test statistics, hosting logs, and web analytics.

4. Data Retention

  • Contact requests: Deleted as soon as they are no longer necessary for the purpose for which they were collected and no statutory retention obligations apply.
  • Account data (name, email): Until deletion of the user account. Accounts inactive for more than 24 months are deleted together with the associated data after a prior notification e-mail.
  • Course progress and quiz results: Until deletion of the user account.
  • XP data: Until deletion of the user account.
  • Anonymous test statistics: Indefinitely, as they are not personal data.
  • Newsletter consent: Until revocation; after revocation the e-mail address is deleted from the distribution list (no suppression list is maintained).
  • Server log files: Automatically deleted after 30 days at the latest.

5. Hosting

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA).

When you visit, technical data (IP, browser type, operating system, referrer, access time) is automatically recorded in server logs. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of the website and in defending against attacks). In the balancing of interests, the controller's interests prevail because the processing is limited to what is technically necessary, no profiles are created, and logs are automatically deleted after 30 days. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF); additionally, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed upon.

Further information on data protection at Vercel can be found at: https://vercel.com/legal/privacy-policy

6. Database

Supabase (Supabase Inc., USA) is used to store user accounts, course progress, quiz results, and XP data. The database is operated in the EU region (Frankfurt). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Supabase Inc. Where the provider (corporate seat USA) carries out access from the USA, the transfer is secured via EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and the EU-US Data Privacy Framework (Art. 45 GDPR, adequacy decision of 10 July 2023). More information: supabase.com/privacy.

7. Email Service

Resend (Resend Inc., USA) is used for authentication emails (magic links, password reset) and in the future for newsletters. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Resend Inc. Data transfer to the USA is based on the EU-US Data Privacy Framework (Art. 45 GDPR).

8. Cookies and Tracking

This website does not use tracking cookies or advertising trackers.

Technically Necessary Cookies

Supabase Auth session cookie: Set for logged-in users to maintain the session. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). No cookie banner is required for this.

9. Vercel Analytics (cookie-free)

This website uses Vercel Analytics, a cookie-free analytics service by Vercel Inc. (USA). Data collected: anonymised IP address (hashed + rotated daily, no traceability to the end user), requested page, referrer, user-agent, access time. No cookies are set, no fingerprinting techniques used, no user profiles built. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach analytics for product development). Third-country transfer: USA (EU-U.S. Data Privacy Framework + SCCs pursuant to Art. 46(2)(c) GDPR). More info: vercel.com/legal/privacy-policy.

10. Newsletter

During registration, you may opt in to receive newsletters. Data stored: user_id, consent timestamp, and source. Legal basis: Art. 6(1)(a) GDPR (consent). You may revoke your consent at any time by unsubscribing via the link in the email or by emailing contact@kineahnung.de.

11. Social Sharing

The website offers sharing buttons for X, LinkedIn, Facebook, WhatsApp, Telegram, Reddit, and Threads. No data is transmitted to these platforms unless you actively click a button. Clicking opens a new browser window to the respective platform. The privacy policies of the respective platform then apply.

12. Disclosure to Law Enforcement

We may be legally obligated to disclose stored data to law enforcement authorities on the basis of a European Production Order or Preservation Order pursuant to Regulation (EU) 2023/1543. Such disclosure is made exclusively on the basis of a lawful order and to the extent required by law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

13. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15 GDPR) to the data processed by us.
  • Rectification (Art. 16 GDPR) of inaccurate data.
  • Erasure (Art. 17 GDPR) of your data, provided no statutory retention obligations apply.
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Objection (Art. 21 GDPR) to processing based on legitimate interests.
  • Withdrawal of consent (Art. 7(3) GDPR) — for the newsletter at any time with effect for the future.

To exercise your rights, please contact: contact@kineahnung.de

14. Account Deletion

Users may request deletion of their account and all associated data (profile, XP, course progress, quiz results, test data, newsletter consent) at any time by emailing contact@kineahnung.de.

15. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW) Postfach 20 04 44 40102 Düsseldorf https://www.ldi.nrw.de

16. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy as needed to keep it in line with current legal requirements or to implement changes to our services. The current version can always be found on this page.