Legal
Privacy Policy
Effective 1 June 2026
wealthscan.de ("we", "us") is an independent financial education service. This policy explains what personal data we collect, why, and your rights under the EU General Data Protection Regulation (GDPR).
1. Data controller
wealthscan.de
Germany
hello@wealthscan.de
2. What data we collect
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account creation / login | Account lifetime |
| Name (optional) | Google OAuth, used to personalise greetings | Account lifetime |
| Module progress | 8 boolean flags (completed Y/N per module) | Account lifetime |
| Booking details | Name + email pre-filled to Calendly if you book a call | Not stored by us |
| Chat messages | Sent to our AI backend during a session | Session only — not persisted |
We do not collect salary details, bank details, investment holdings, or any other personal financial data. We do not run analytics trackers or advertising pixels.
3. Legal basis
We process your data on the basis of contract performance (Art. 6(1)(b) GDPR) — providing the tutorial service you signed up for. Email is required to create an account; all other fields are optional.
4. Sub-processors
| Processor | Purpose | Location / note |
|---|---|---|
| Supabase Inc. | Authentication, user database, vector search | EU region (Frankfurt) |
| Anthropic PBC | AI chat responses (session messages only) | Not retained by Anthropic for training (API use) |
| Calendly | Optional booking of expert calls | Calendly's own privacy policy applies |
| Vercel Inc. | Frontend hosting | Edge CDN, no personal data stored |
5. Cookies
We use a single session cookie issued by Supabase Auth to keep you logged in. No advertising cookies, no third-party tracking cookies. You can clear it by logging out or clearing browser storage.
6. Your rights (GDPR)
- AccessRequest a copy of the data we hold about you.
- CorrectionAsk us to correct inaccurate data.
- ErasureDelete your account and all associated data — use the account settings page or email us.
- PortabilityReceive your data in a machine-readable format.
- RestrictionAsk us to stop processing your data in certain circumstances.
- ObjectionObject to processing based on legitimate interests.
- Withdraw consentWhere processing is consent-based, withdraw at any time.
To exercise any right, email hello@wealthscan.de. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in Germany: www.bfdi.bund.de).
7. Data transfers outside the EEA
Anthropic PBC is based in the United States. Chat session messages are transmitted to their API under Standard Contractual Clauses. We minimise what is sent: no email address, no name, no stored history — only the messages in the active session.
8. Changes to this policy
We will post material changes here and update the effective date. Continued use after a change constitutes acceptance.