AnfangAnfang.
Back to home

Privacy Policy

Last updated: 3 June 2026

This policy explains how personal data is processed when you use Anfang (the “Service”) and this website. We take the protection of your personal data seriously and process it only in accordance with the General Data Protection Regulation (GDPR / DSGVO) and applicable national law.

1. Controller

The controller responsible for data processing on this website is:
Philip Käfer (private individual)
Schweizer Str. 28
78073 Bad Dürrheim
Germany
Email: hello@kaeferventure.com

2. Data Protection Officer

We are not legally required to appoint a Data Protection Officer and have not designated one. For any privacy questions, contact us at hello@kaeferventure.com.

3. Legal bases for processing

We process personal data on the following legal bases under Art. 6 (1) GDPR:

  • Art. 6 (1)(b) — performance of a contract (providing your account and the Service);
  • Art. 6 (1)(f) — our legitimate interests (operating, securing and improving the Service), where these are not overridden by your interests;
  • Art. 6 (1)(c) — compliance with a legal obligation (e.g. retention under tax and commercial law);
  • Art. 6 (1)(a) — your consent, where requested (you may withdraw it at any time with effect for the future).

4. Hosting and server log files

The Service is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA) and uses a managed Postgres database provided by Neon, Inc. When you access the Service, the infrastructure automatically collects and stores technical data (server log files), in particular:

  • IP address (typically shortened/anonymised where possible);
  • date and time of the request;
  • the page or resource requested and HTTP status code;
  • referrer URL, browser type and operating system.

This data is required to deliver the Service securely and reliably and is processed on the basis of Art. 6 (1)(f) GDPR. Where infrastructure providers act on our behalf, we conclude data processing agreements pursuant to Art. 28 GDPR.

5. Cookies and local storage

We use a minimal set of strictly necessary cookies and browser storage:

  • Theme preference (e.g. anfang-theme) — stores your light/dark mode choice. No tracking; legitimate interest, Art. 6 (1)(f) GDPR.
  • Authentication / session — set when you sign in, to keep you logged in and to protect your session. Necessary for the contract, Art. 6 (1)(b) GDPR.

We do not use advertising cookies, and currently no analytics or tracking tools.

6. Account and authentication data

To create and secure accounts we use the authentication provider WorkOS, Inc. When you register or sign in, we process your name, email address, organisation membership and authentication metadata. This is necessary to provide the Service (Art. 6 (1)(b) GDPR).

7. Workspace content (customer data)

Anfang lets organisations create a company homepage with links, apps, departments and user assignments. Where we process personal data contained in a customer’s workspace on that customer’s behalf, we act as a processor under Art. 28 GDPR, and the customer is the controller. In those cases, a Data Processing Agreement (DPA) governs the processing. The customer is responsible for the lawful use of any personal data they add to their workspace.

8. Email communication

We send transactional emails (e.g. invitations, sign-in links and service notifications) using Resend (Resend, Inc.). We process your email address and message content for this purpose on the basis of Art. 6 (1)(b) and (f) GDPR.

9. Sub-processors and recipients

We share personal data only with service providers who process it on our behalf under Art. 28 GDPR, or where we are legally required to do so. Current sub-processors include:

  • Vercel Inc. — hosting and content delivery;
  • Neon, Inc. — data storage (managed Postgres database);
  • WorkOS, Inc. — account authentication;
  • Resend, Inc. — transactional email;
  • Stripe Payments Europe, Ltd. — billing and payments (paid plans only).

Where a recipient is located outside the EU/EEA, we ensure an adequate level of protection, for example through EU Standard Contractual Clauses (Art. 46 GDPR) or an adequacy decision.

10. Retention

We retain personal data only for as long as necessary for the purposes described above or as required by statutory retention periods (e.g. under tax and commercial law). When data is no longer required and no retention obligation applies, it is deleted or anonymised. Workspace data is deleted following account termination as described in our Terms of Service, subject to any legal retention obligations.

11. Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectification of inaccurate data (Art. 16);
  • erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21); and
  • withdraw consent at any time with effect for the future (Art. 7 (3)).

To exercise any of these rights, contact us at hello@kaeferventure.com.

12. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement. The competent authority for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (LfDI), Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

13. Changes to this policy

We may update this policy to reflect changes to the Service or legal requirements. The current version is always available on this page, with the “last updated” date above.