Language

Privacy Policy

Learn how we protect and use your data

Last updated: March 29, 2026

The German version of this policy is the only legally binding version.

Introduction

At InvisibleX, we take the protection of your personal data very seriously. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your data. By using our services, you consent to the collection and use of information in accordance with this policy.

What Data We Collect

We collect various types of information to provide and improve our services:

  • Personal identification data (name, address, birthdate, email address(es), phone number(s))
  • Payment information for transaction processing
  • Usage data and technical information about your use of our services
  • Communication data when you contact us

How We Use Your Data

We use your data to provide our services, manage your account, process transactions, communicate with you, and improve our services. We do not sell your personal data to third parties. We may share your data with trusted service providers who assist us in delivering our services.

How We Protect Your Data

We implement industry-standard security measures to protect your personal data. This includes encryption, secure servers, and regular security audits. Our servers are located within Germany. While we take reasonable steps to protect your data, no method of electronic transmission or storage can be 100% secure.

Third-Party Providers

To provide our services, we work with trusted third-party providers who process certain data on our behalf. All providers have been carefully selected and comply with applicable data protection regulations, particularly the GDPR. Below is an overview of the third-party providers we use:

Stripe (Payment Processing)

We use Stripe, Inc. to process payments. Stripe processes your payment information (credit card details, billing address) to execute transactions. Stripe is certified under the PCI-DSS standard and complies with GDPR. The data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance). Privacy Policy: https://stripe.com/privacy

DocuSeal.eu (Electronic Signatures)

We use DocuSeal.eu for the electronic signing of powers of attorney and consent forms. DocuSeal.eu processes your name, email address, date of birth, address, and signature data for this purpose. DocuSeal.eu complies with GDPR. The data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. a GDPR (consent). Privacy Policy: https://www.docuseal.com/privacy

Hetzner (Cloud Infrastructure)

We use Hetzner Online GmbH for our cloud infrastructure and hosting services. Hetzner operates our servers and databases within Germany. All data stored and processed through our services is hosted on Hetzner's servers. Hetzner is GDPR-compliant and certified according to ISO 27001. The data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance). Privacy Policy: https://www.hetzner.com/legal/privacy-policy

Cloudflare (DNS & Security)

We use Cloudflare, Inc. for DNS services and to protect our website against DDoS attacks and bots. Additionally, we use Cloudflare Turnstile as an alternative to traditional CAPTCHA systems to distinguish between human users and automated bots. Cloudflare may process IP addresses and other technical data for security purposes. Cloudflare is GDPR-compliant and has concluded Standard Contractual Clauses (SCCs) for data transfers. The data processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in website security). Privacy Policy: https://www.cloudflare.com/privacy/

AWS SES (Email Delivery)

We use Amazon Web Services Simple Email Service (AWS SES) for sending and receiving emails. AWS SES processes email addresses, message content, and metadata necessary for email delivery. We exclusively use the Frankfurt region (eu-central-1), which means all data is processed within Germany and the European Union. AWS is GDPR-compliant and has concluded Standard Contractual Clauses (SCCs). The data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. f GDPR (legitimate interest in communication). Privacy Policy: https://aws.amazon.com/privacy/

Meta-Pixel (Marketing)

If you consent to marketing cookies in our cookie banner, we use the Meta Pixel (Facebook Pixel) provided by Meta Platforms Ireland Ltd. to measure the effectiveness of our advertising, improve our website and to show you relevant offers (remarketing). The pixel may process data such as a browser identifier, device information, and which pages you visit. Meta may link this data to your Meta account if you use Meta services. Data may be transferred to the United States; Meta relies on appropriate safeguards such as the EU–U.S. Data Privacy Framework and Standard Contractual Clauses where applicable. You can withdraw consent at any time via Cookie settings in the footer. Legal basis: Art. 6 para. 1 lit. a GDPR (consent). Privacy Policy: https://www.facebook.com/privacy/policy/

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to access your stored data
  • Right to rectification of inaccurate data
  • Right to erasure of your data ("right to be forgotten")
  • Right to restriction of processing or object to processing

Cookies, Local Storage and Tracking

We use cookies and similar technologies to save your preferences and enable the proper functioning of our website. We also use Local Storage, a browser storage mechanism, to save your cookie consent settings and other non-sensitive user preferences locally on your device. This data remains on your device and is not transferred to our servers unless you explicitly perform an action that requires it. Optional marketing measurement using the Meta Pixel is only activated if you select the marketing option in the cookie banner or click “Accept all”. In this case, anonymized usage data is transmitted to Meta for analytics and advertising purposes. You can manage or disable cookies at any time in your browser settings. Local Storage data can be deleted via your browser’s developer tools or privacy settings. Please note that disabling cookies or deleting Local Storage may impair the functionality of our website and reset your saved preferences.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected] or use our contact form. InvisibleX (Simon Walz, Kevin Hahn, Richard Weißgerber & Nico Weißgerber GbR) Am Alten Sportplatz 20 35423 Lich Germany