Last updated: March 19, 2026
1. Overview
We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your personal data when you visit our website and your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
2. Data Controller
Henry van de Vorming
c/o AutorenServices.de
Birkenallee 24
36037 Fulda, Germany
Email: hello@student-insurance.com
3. Data Collection on Our Website
3.1 Server Log Files
Our hosting provider automatically collects and stores information in server log files, which your browser transmits automatically:
- Browser type and version
- Operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address (anonymized)
This data cannot be attributed to specific persons. It is stored for security purposes and deleted after 14 days. Legal basis: Art. 6(1)(f) GDPR.
3.2 SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser.
4. Cookies
Our website uses cookies. These are small text files stored on your device. Some cookies are technically necessary (essential), while others help us improve your experience.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| cookie-consent | Stores your cookie preference | 1 year | Essential |
| theme | Stores your dark/light mode preference | 1 year | Essential |
You can configure your browser to inform you about the setting of cookies and to allow cookies only on a case-by-case basis. Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest for essential cookies).
5. Analytics
We use three privacy-focused analytics tools, all configured in cookieless and anonymized mode. No cookies are set, no personal data is collected, and no individual visitors can be identified.
5.1 Plausible Analytics
Plausible Analytics (Plausible Insights OÜ, Estonia) is a lightweight, open-source web analytics tool. It does not use cookies, does not collect personal data, and does not track individual visitors across sites. All data is aggregated. Plausible is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent. Data is processed within the EU.
5.2 Umami
Umami is a privacy-focused, open-source analytics platform. It operates in cookieless mode, collecting only anonymized, aggregated page view and event data. No personal data or IP addresses are stored. Umami does not track visitors across websites and does not create user profiles.
5.3 PostHog
PostHog (PostHog, Inc.) is used for product analytics in cookieless and anonymized mode. No cookies are set, IP addresses are not stored, and no personally identifiable information is collected. All data is aggregated and cannot be traced back to individual visitors.
Legal basis for all analytics tools: Art. 6(1)(f) GDPR (legitimate interest in understanding website usage). Since no personal data is processed and no cookies are set, no consent is required under the ePrivacy Directive.
6. Contact Form & Email
When you contact us via email or a contact form, the data you provide (name, email, message) will be stored for the purpose of processing your inquiry. We will not share this data without your consent. Legal basis: Art. 6(1)(b) GDPR.
Data is deleted once your inquiry has been fully resolved, unless statutory retention obligations apply.
7. Newsletter
If you subscribe to our newsletter, we collect your email address and, optionally, your name. We use double opt-in to confirm your subscription. You can unsubscribe at any time via the link in each email. Legal basis: Art. 6(1)(a) GDPR.
8. Insurance Applications
When you apply for insurance through our platform, we collect personal data necessary for the insurance contract (name, date of birth, address, university, etc.). This data is shared with the respective insurance provider for contract processing. Legal basis: Art. 6(1)(b) GDPR.
9. Netlify Forms & Hosting
Our website is hosted on Netlify (Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA). When you submit a form on our website (contact form, newsletter signup, insurance application), the data is processed and stored by Netlify Forms.
9.1 Data Processing by Netlify
Netlify processes form submissions on our behalf as a data processor. The following data is collected:
- Form field contents (name, email, message, etc.)
- Submission timestamp
- IP address (for spam prevention)
- User agent (browser information)
Form submissions are stored on Netlify's secure servers and are accessible to us via the Netlify dashboard. We have entered into a Data Processing Agreement (DPA) with Netlify to ensure GDPR compliance.
9.2 Data Retention
Form data is retained for as long as necessary to fulfill the purpose for which it was collected:
- Contact inquiries: Deleted after resolution of your inquiry (typically 30-90 days)
- Newsletter signups: Retained until you unsubscribe
- Insurance applications: Retained in accordance with legal retention requirements (typically 10 years)
9.3 Spam Protection
Netlify Forms includes built-in spam filtering. This processing is necessary to protect our legitimate interests in preventing abuse. Legal basis: Art. 6(1)(f) GDPR.
9.4 Data Transfers to the USA
Netlify is based in the USA. Data transfers to the USA are covered by the EU-US Data Privacy Framework and Netlify's compliance with Standard Contractual Clauses (SCCs). More information: Netlify Privacy Policy
10. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR) — Request information about your stored data
- Right to rectification (Art. 16 GDPR) — Correct inaccurate data
- Right to erasure (Art. 17 GDPR) — Request deletion of your data
- Right to restriction (Art. 18 GDPR) — Restrict processing of your data
- Right to data portability (Art. 20 GDPR) — Receive your data in a machine-readable format
- Right to object (Art. 21 GDPR) — Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3) GDPR) — Withdraw consent at any time
To exercise these rights, contact us at hello@student-insurance.com.
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority is the data protection authority of the state where our company is registered.
12. Changes to This Policy
We may update this privacy policy from time to time. The current version is always available on this page.