Back to home

Legal

Privacy Policy

This Privacy Policy explains what information GermanCitizenship.tools collects, how it is used, when it may be shared, and what choices users have. This is a product-operational privacy notice, not legal advice.

Last updatedMay 6, 2026

What we collect

  • Account information provided through GitHub when you sign in, such as your name, email address, and profile image.
  • Wizard answers, saved pathway reports, generated letters, and related form inputs that you choose to submit.
  • Technical and security information such as IP address, browser metadata, timestamps, request logs, and rate-limit records.
  • Basic analytics and operational telemetry used to monitor performance, prevent abuse, and improve the service.

How we use information

  • To provide the eligibility wizard, personalized pathway reports, document-generation tools, and account features.
  • To store your saved pathways and generated documents so they remain available in your dashboard for the period described in the product.
  • To detect misuse, secure the platform, troubleshoot issues, and enforce rate limits and document retention windows.
  • To communicate with you about support requests, service changes, or policy updates.
  • To improve the product, templates, archive coverage, and UX based on aggregate usage and user feedback.

Analytics

We use Vercel Web Analytics to understand aggregate traffic patterns. Vercel Analytics does not use cookies, does not collect personally identifiable information, and does not track individual users across sessions. No consent banner is required for this analytics tool under the ePrivacy Directive.

When we share information

We do not sell personal information. We share information only when needed to operate the service, comply with law, or protect the platform.

  • Infrastructure and hosting providers that store or process app data on our behalf (including Vercel for hosting and Upstash for letter, roadmap, and rate-limit data storage).
  • GitHub for authentication when you sign in.
  • Authorities, courts, regulators, or counterparties where disclosure is legally required or reasonably necessary to protect rights, users, or the service.

Data retention and deletion

  • Generated letters are automatically deleted 30 days after creation. You can also delete individual letters at any time from your profile.
  • Saved pathway roadmaps are stored until you delete them. You can delete individual roadmaps or purge all your data at any time from your profile.
  • You can delete all your stored letters and roadmaps at once using the 'Delete all my data' option in your profile.
  • Security logs and support records may be retained for longer where reasonably necessary for fraud prevention, dispute handling, or legal compliance.

Legal basis for processing (GDPR)

For users in the European Economic Area, we process personal data on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): account data and wizard/letter data processed to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): security logs, rate-limiting, fraud prevention, and aggregate product analytics — balanced against your privacy rights.
  • Legal obligation (Art. 6(1)(c)): records required for applicable legal or regulatory compliance.

International data transfers

This service is operated from the United States and relies on US-based infrastructure providers (including Vercel for hosting, Upstash for data storage, and GitHub for authentication). Your data may be transferred to and processed in the United States.

These transfers are made under Standard Contractual Clauses (SCCs) adopted by the European Commission, or equivalent transfer mechanisms, where required by applicable law. By using this service, you acknowledge that your data may be transferred to countries that may not provide the same level of data protection as your home country.

Your choices and deletion rights

  • You may choose not to provide optional information, but some features will not work without the inputs required to generate reports or letters.
  • You can delete individual letters and roadmaps at any time from your profile dashboard.
  • You can delete all your stored data at once using the 'Delete all my data' option in your profile.
  • You can delete your account and all associated data using the 'Delete my account' option at the bottom of your profile. This purges all stored letters and roadmaps and signs you out immediately. To fully revoke access, also visit github.com/settings/connections/applications to revoke the GitHub OAuth connection.
  • For any remaining data access or erasure requests, contact hello@germancitizenship.tools. We will respond within 30 days.
  • If privacy laws such as the GDPR, CCPA/CPRA, or other applicable laws grant you additional rights (access, rectification, erasure, portability, restriction, objection), we will evaluate and respond to eligible requests as required.
  • If you are in the European Economic Area, you have the right to lodge a complaint with your national data protection supervisory authority if you believe your data has been processed in violation of the GDPR.

Children

This service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through this service.

Security

We use reasonable administrative, technical, and organizational measures to protect data. No internet service or storage system is completely secure, and we cannot guarantee absolute security.

Changes and contact

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, by additional notice in the product.

Questions or privacy requests can be sent to hello@germancitizenship.tools.

Please review this document carefully. If you have questions, contact us.