Lolax CustomsHome

Privacy Policy

As of July 2026 · Pursuant to GDPR and BDSG

Summary: We only collect data required for operating the workspace. No analytical cookies, no tracking. Your project data is securely stored in the EU (Supabase). We do not send emails without cause.

Controller

Lolax
Inhaber: Felix Kempf
Menckestr. 6a
04155 Leipzig
Deutschland

Principles of Data Processing

We process personal data strictly in accordance with the principle of data minimization and only to the extent necessary to run this service. No tracking or analysis tools (e.g. Google Analytics) are used.

Account Data and Workspace Content

When registering and using the workspace, we process the following data:

  • Email address (mandatory for authentication)
  • Display name and founder stage (optional, adjustable in profile)
  • Projects, research briefs, and chat histories created by you
  • Timestamps and usage metadata (creation/modification dates of entries)

All data is stored in a Postgres database provided via Supabase Inc. and located in data centers within the European Union.

Legal basis: Art. 6 Paragraph 1 lit. b GDPR (performance of a contract) and Art. 6 Paragraph 1 lit. f GDPR (legitimate interest in stable operation).

Respondent Interviews

Founders can send token-based interview links to target individuals. Respondents answer questions anonymously via a link; neither the name nor the email address of the respondent is stored. Answers are assigned to the respective project of the founder and used exclusively for validation analysis.

Legal basis: Art. 6 Paragraph 1 lit. f GDPR (legitimate interest in evidence-based product research).

Hosting (Netlify / Vercel)

This website is hosted via Netlify Inc. or Vercel Inc. As part of hosting, technical access data is processed (IP address, browser type, timestamp). Technically necessary cookies may be set for bot detection and DDoS protection (e.g. __cf_bm).

Privacy policies: netlify.com/privacy · vercel.com/legal/privacy-policy

Legal basis: Art. 6 Paragraph 1 lit. f GDPR.

Cookies and Browser Storage

We only set technically necessary cookies:

  • sb-access-token & sb-refresh-token – Supabase authentication session (technically required, no opt-out possible)
  • __cf_bm – Cloudflare bot detection (30 minutes, set by CDN)

No marketing, tracking, or statistics cookies are set.

Your Rights (Art. 15–21 GDPR)

  • Right of access to stored personal data (Art. 15)
  • Right to rectification of incorrect data (Art. 16)
  • Right to erasure (“Right to be forgotten”, Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)

Please send inquiries by email to: kontakt@lolax.de

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the provider is the Saxon Data Protection Commissioner (Sächsischer Datenschutzbeauftragter).