Student Insurance
EN DE FR ES ZH RU TR AR KO HI
Find My Plan
Legal

Privacy Policy

Last updated: June 5, 2026

1. Overview

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your personal data when you visit our website and your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

Henry van de Vorming
c/o AutorenServices.de
Birkenallee 24
36037 Fulda, Germany
Email: hello@student-insurance.com

3. Data Collection on Our Website

3.1 Server Log Files

Our hosting provider automatically collects and stores information in server log files, which your browser transmits automatically:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (anonymized)

This data cannot be attributed to specific persons. It is stored for security purposes and deleted after 14 days. Legal basis: Art. 6(1)(f) GDPR.

3.2 SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser.

4. Cookies & Local Storage

We set no cookies of our own. Your theme preference (light/dark) is stored in your browser's localStorage, which is not a cookie and is never transmitted to our servers.

The third-party audience-engagement widget Mediavine Grow (see Section 5.5) may set first-party cookies and local storage entries on your device and process device identifiers when it loads or when you interact with it. Where these are not strictly necessary, they are used on the basis of your consent, which you can withdraw at any time via your browser settings.

Storage KeyPurposeStorage Type
themeStores your dark/light mode preferencelocalStorage (not a cookie)

localStorage entries are kept locally in your browser only. You can clear them at any time via your browser's site data settings.

5. Analytics & Audience Tools

Our analytics tools (Sections 5.1–5.4) are configured in cookieless and anonymized mode: they set no cookies, collect no personal data, and cannot identify individual visitors. In addition, we use the audience-engagement tool Mediavine Grow (Section 5.5), which works differently and is described separately below.

5.1 Plausible Analytics

Plausible Analytics (Plausible Insights OÜ, Estonia) is a lightweight, open-source web analytics tool. It does not use cookies, does not collect personal data, and does not track individual visitors across sites. All data is aggregated. Plausible is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent. Data is processed within the EU.

5.2 Umami

Umami is a privacy-focused, open-source analytics platform. It operates in cookieless mode, collecting only anonymized, aggregated page view and event data. No personal data or IP addresses are stored. Umami does not track visitors across websites and does not create user profiles.

5.3 PostHog

PostHog (PostHog, Inc.) is used for product analytics in cookieless and anonymized mode. No cookies are set, IP addresses are not stored, and no personally identifiable information is collected. All data is aggregated and cannot be traced back to individual visitors.

5.4 Cloudflare Zaraz & Google Analytics 4 (Server-Side)

We use Cloudflare Zaraz (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA) for server-side tag management. Event data is forwarded to Google Analytics 4 server-side. No client-side cookies are set by this pipeline; only IP-based country detection is performed at the Cloudflare edge for aggregated reporting.

Because GA4 receives events server-side, the standard GA4 client-side identifiers and cookies are not stored in your browser. The processing may involve EU↔US data transfers; these are covered by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs).

More information: Cloudflare Privacy Policy.

Legal basis for the analytics tools in Sections 5.1–5.4: Art. 6(1)(f) GDPR (legitimate interest in understanding website usage). Since no personal data is processed and no cookies are set, no consent is required under the ePrivacy Directive.

5.5 Mediavine Grow (Audience Engagement)

We use Mediavine Grow (the "Grow" / "Faves" widget), a service provided by Mediavine, Inc., 30 Wall Street, 8th Floor, New York, NY 10005, USA, to offer audience-engagement features (such as saving and bookmarking articles) and to support the operation and future monetization of our content.

When the Grow script loads, it may set first-party cookies and local storage entries, generate a device or visitor identifier, and process usage data (such as pages viewed and interactions with the widget). If you create a Grow profile or sign in to the Faves feature, Mediavine additionally processes your account data, such as your email address and profile information.

Legal basis: your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (formerly TTDSG) for the storage of and access to information on your device; and Art. 6(1)(f) GDPR (legitimate interest in audience engagement and content monetization) for the subsequent processing. You can withdraw your consent at any time with effect for the future and can block or delete cookies and local storage via your browser settings.

Mediavine is based in the USA. Any associated data transfers are safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs). More information: Mediavine Privacy Policy.

6. Contact Form & Email

When you contact us via email or a contact form, the data you provide (name, email, message) will be stored for the purpose of processing your inquiry. We will not share this data without your consent. Legal basis: Art. 6(1)(b) GDPR.

Data is deleted once your inquiry has been fully resolved, unless statutory retention obligations apply.

7. Newsletter

If you subscribe to our newsletter, we collect your email address and, optionally, your name. We use double opt-in to confirm your subscription. You can unsubscribe at any time via the link in each email. Legal basis: Art. 6(1)(a) GDPR.

8. Insurance Applications

When you apply for insurance through our platform, we collect personal data necessary for the insurance contract (name, date of birth, address, university, etc.). This data is shared with the respective insurance provider for contract processing. Legal basis: Art. 6(1)(b) GDPR.

9. Netlify Forms & Hosting

Our website is hosted on Netlify (Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA). When you submit a form on our website (contact form, newsletter signup, insurance application), the data is processed and stored by Netlify Forms.

9.1 Data Processing by Netlify

Netlify processes form submissions on our behalf as a data processor. The following data is collected:

  • Form field contents (name, email, message, etc.)
  • Submission timestamp
  • IP address (for spam prevention)
  • User agent (browser information)

Form submissions are stored on Netlify's secure servers and are accessible to us via the Netlify dashboard. We have entered into a Data Processing Agreement (DPA) with Netlify to ensure GDPR compliance.

9.2 Data Retention

Form data is retained for as long as necessary to fulfill the purpose for which it was collected:

  • Contact inquiries: Deleted after resolution of your inquiry (typically 30-90 days)
  • Newsletter signups: Retained until you unsubscribe
  • Insurance applications: Retained in accordance with legal retention requirements (typically 10 years)

9.3 Spam Protection

Netlify Forms includes built-in spam filtering. This processing is necessary to protect our legitimate interests in preventing abuse. Legal basis: Art. 6(1)(f) GDPR.

9.4 Data Transfers to the USA

Netlify is based in the USA. Data transfers to the USA are covered by the EU-US Data Privacy Framework and Netlify's compliance with Standard Contractual Clauses (SCCs). More information: Netlify Privacy Policy

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — Request information about your stored data
  • Right to rectification (Art. 16 GDPR) — Correct inaccurate data
  • Right to erasure (Art. 17 GDPR) — Request deletion of your data
  • Right to restriction (Art. 18 GDPR) — Restrict processing of your data
  • Right to data portability (Art. 20 GDPR) — Receive your data in a machine-readable format
  • Right to object (Art. 21 GDPR) — Object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3) GDPR) — Withdraw consent at any time

To exercise these rights, contact us at hello@student-insurance.com.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority is the data protection authority of the state where our company is registered.

12. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available on this page.