Privacy Policy

Last updated: February 2026

1. Responsible Party

Roland Rötzer e.U.
Ing. Roland Rötzer
Breitenfurterstraße 376, 1230 Wien, Österreich
Email: roland.roetzer@itwt.at
Phone: +43 676 3954894

2. Overview

This privacy policy applies to the website getfinancer.com and the Financer application. Protecting your personal data is important to us. We process your data exclusively in accordance with the legal requirements (DSGVO/GDPR, TKG 2003).

3. Cloud-Hosted Version

When using the cloud-hosted version of Financer at getfinancer.com, the following data may be processed:

  • Account data: A password (stored as a bcrypt hash) is required to access your instance. No email address or personal identification is collected during registration.
  • Financial data: All transaction data, account names, categories, and other financial information you enter is stored on our servers. This data is only accessible by you through your authenticated session.
  • Server logs: For security and operational purposes, our servers may temporarily log IP addresses, access times, and user agents. These logs are automatically deleted after 14 days.
  • Session data: A session cookie is used to maintain your login state. This is a functional cookie essential for the application to work.

4. Self-Hosted Version

If you self-host Financer on your own infrastructure, all data remains exclusively on your server. We have no access to any data in self-hosted instances. You are solely responsible for data protection in your self-hosted environment.

5. This Website (Landing Page)

This landing page (getfinancer.com informational pages) does not use cookies, tracking scripts, or analytics tools. No personal data is collected when simply visiting this website. Your theme and language preferences are stored only in your browser's local storage and are never transmitted to our servers.

6. Payment Processing (Stripe)

For payment processing of the cloud-hosted version, we use Stripe (Stripe Technology Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). When you subscribe to a paid plan, the following data may be transmitted to Stripe:

  • Payment data: Credit card number, expiry date, CVC (entered directly in Stripe's secure form — we never store your full card details on our servers).
  • Transaction data: Amount, currency, timestamp, and subscription status.
  • Technical data: IP address, browser type, and device information for fraud prevention.
  • Contact data: Email address (if provided for invoicing purposes).

The legal basis for processing is Art. 6(1)(b) GDPR (performance of a contract). Stripe acts as an independent data controller for payment data. Stripe is certified under the EU-US Data Privacy Framework. For more information, see Stripe's Privacy Policy.

7. Data Storage & Security

Your data is stored on servers located in the European Union. We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS)
  • Password hashing with bcrypt
  • Optional two-factor authentication (2FA)
  • Rate limiting to prevent brute-force attacks
  • Security headers (via Helmet.js)

8. Data Sharing

We do not sell, trade, or otherwise share your personal data with third parties, except as described in Section 6 (Payment Processing via Stripe). Your financial data is never accessed, analyzed, or used for any purpose other than providing the Financer service to you.

9. Your Rights (DSGVO/GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15 DSGVO): You can request information about what data we store about you.
  • Right to rectification (Art. 16 DSGVO): You can request correction of inaccurate data.
  • Right to erasure (Art. 17 DSGVO): You can request deletion of your data. In the cloud version, your entire instance and all associated data can be deleted upon request.
  • Right to data portability (Art. 20 DSGVO): You can request your data in a machine-readable format.
  • Right to restriction (Art. 18 DSGVO): You can request the restriction of processing of your data.
  • Right to object (Art. 21 DSGVO): You can object to the processing of your data.

To exercise any of these rights, contact us at admin@getfinancer.com or roland.roetzer@itwt.at.

10. Supervisory Authority

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can file a complaint with the supervisory authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
www.dsb.gv.at

11. Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. The date at the top of this page indicates when this policy was last revised.