Koffinated legal
Koffinated Privacy Policy
Last updated: July 15, 2026
1. Scope
This Privacy Policy explains how Koffinated processes personal data when you use the platform.
2. Data Controller
The legal entity responsible for Koffinated and its contact information will be added before public launch.
3. Data Processed in the Current Prototype
The current local prototype may process:
- searches entered by the user during the active browser session
- locally entered illustrative investment budgets
- local legal-consent status stored in the browser
- standard technical data automatically handled by hosting and infrastructure providers when the service is deployed
The prototype must not claim that no personal data is processed once deployed online.
4. Local Browser Storage
Koffinated uses localStorage to remember whether the user accepted the legal notice. Stored fields are accepted, legalVersion and acceptedAt. This information remains in the user's browser unless removed by the user or the application.
5. Investment Budget Input
Illustrative budget values are processed locally in the browser, must not be sent to the backend, must not be stored and must not be linked to an identity.
6. Purposes
Personal data may be processed to provide and secure the service, remember user preferences, diagnose faults, prevent misuse, comply with legal obligations and improve the platform where a valid legal basis exists.
7. Legal Bases
Before public launch, specify the correct legal basis for each processing activity, such as performance of a contract, legitimate interests, consent or compliance with a legal obligation. Do not state that consent is the legal basis for every activity.
8. Third-Party Providers
Before public launch, list all relevant providers, which may include hosting, analytics, error-monitoring, market-data, AI-service and chart providers. Describe what data is shared and where it is processed.
9. International Transfers
Before public launch, document any transfers of personal data outside the EU/EEA and the safeguards used.
10. Retention
Personal data must not be retained longer than necessary. Before public launch, define retention periods for logs, accounts, analytics and support communications.
11. User Rights
Subject to applicable law, users may have rights to:
- access
- correction
- erasure
- restriction
- objection
- data portability
- withdraw consent where processing relies on consent
- complain to a supervisory authority
12. Cookies and Similar Technologies
The current consent record uses localStorage. Before adding non-essential analytics, advertising or tracking technologies, implement an appropriate consent mechanism and document each technology.
13. Security
Koffinated should use appropriate technical and organisational security measures. No internet service can guarantee absolute security.
14. Children
Koffinated is not intended for children. Define an appropriate minimum age before public launch.
15. Changes
This Privacy Policy may be updated. Material changes should be communicated appropriately.
16. Contact
Contact details will be added before public launch.