Privacy Policy

1. Data Controller

The data controller for this website is:

Felix Franz Schulte
Ringstraße 49
59590 Geseke, Deutschland
E-Mail: info@claimeu261.com

2. Data We Collect

We collect the following data for complaint letter generation:

  • First and last name
  • Email address
  • Flight data (airline, flight number, date, route)
  • Booking reference (optional)
  • Problem description

3. Legal Basis

Your data is processed on the basis of Art. 6(1)(b) GDPR (contract performance). You enter your data to have a complaint letter generated — this is the purpose of the contract.

4. Use of Artificial Intelligence

Your complaint letters are primarily generated from legally reviewed templates. Only the individual case description (2–4 sentences) is personalised using AI. For this purpose, we use Mistral AI (Paris, France) as our primary AI provider. Your entered problem data is transmitted to the Mistral API. Mistral processes this data exclusively for generating the case description and does not permanently store personal data. Since Mistral is based in the EU, no third-country data transfer takes place. As a technical fallback, Anthropic's Claude API (San Francisco, USA) may be used, secured by the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(b) GDPR (contract performance).

Note: The generated letters do not constitute legal advice.

5. Payment Processing

Payment processing is handled by polar.sh (Polar Software Inc.). polar.sh acts as Merchant of Record and handles payments, taxes, and refunds. During payment, your email address and payment data are transmitted directly to polar.sh. We have no access to your credit card data.

5b. Transactional Emails

For sending transactional emails (e.g., purchase confirmation, PDF delivery of the complaint letter), we use Resend Inc. Email delivery is processed on EU servers (Ireland, eu-west-1). Your email address and the generated complaint letter (as PDF attachment) are transmitted to Resend. Since processing takes place within the EU, no third-country data transfer occurs. Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Hosting & Infrastructure

This website is hosted by Vercel Inc. (San Francisco, USA). The database is hosted by Neon Inc. (San Francisco, USA). All stored data is encrypted with AES-256 (encryption at rest), with encryption keys managed via AWS KMS. All database connections are secured with TLS 1.2/1.3 (encryption in transit). Neon is SOC 2 Type 2, ISO 27001, and ISO 27701 certified. Third country transfer: USA, secured by EU-US Data Privacy Framework.

7. Web Analytics

We use Umami Analytics, a privacy-friendly, cookieless analytics solution. No personal data is collected, no cookies are set, and no cross-website tracking is performed. Umami is self-hosted and all data remains under our control.

8. Cookies

This website uses only technically necessary cookies (e.g., for language settings). No tracking or marketing cookies are used. Consent is therefore not required.

9. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection (Art. 21)

To exercise your rights, please contact us by email.

9b. Newsletter and Product Information

If you consent to receiving tips about passenger rights and product news during the order process, we store your email address separately for this purpose. Legal basis: Art. 6(1)(a) GDPR (consent). Emails are sent via Resend. You can revoke your consent at any time — via the unsubscribe link in each email or by contacting info@claimeu261.com. After revocation, your email address will be deleted from the distribution list immediately.

10. Storage Duration and Anonymisation

6 months after creation, your personal data (name, email address, booking reference, generated letter) is automatically anonymised. Anonymised flight data (airline, route, problem type, compensation amount) is retained without personal reference for statistical purposes and product improvement. You can request immediate complete deletion of all your data at any time.

11. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).