Privacy Policy

1. Data Controller

The data controller for this website is:

Felix Franz Schulte
Ringstraße 49
59590 Geseke, Deutschland
E-Mail: info@claimeu261.com

2. Data We Collect

We collect the following data for complaint letter generation:

• First and last name
• Email address
• Flight data (airline, flight number, date, route)
• Booking reference (optional)
• Problem description
• Attribution data (UTM parameters, referrer, landing page)

3. Legal Basis

Your data is processed on the basis of Art. 6(1)(b) GDPR (contract performance). You enter your data to have a complaint letter generated — this is the purpose of the contract.

4. Use of Artificial Intelligence

Your complaint letters are primarily generated from legally reviewed templates. Only the individual case description (2–4 sentences) is personalised using AI. For this purpose, we use Mistral AI (Paris, France). Your entered problem data is transmitted to the Mistral API. Mistral processes this data exclusively for generating the case description and does not use it to train their models. Temporary storage for the purpose of answering the request may occur in accordance with Mistral's privacy terms. Since Mistral is based in the EU, no third-country data transfer takes place. Legal basis: Art. 6(1)(b) GDPR (contract performance).

Note: The generated letters do not constitute legal advice.

5. Payment Processing

Payment processing is handled by Digistore24 GmbH (St.-Godehard-Straße 32, 31139 Hildesheim, Germany). Digistore24 acts as Reseller/Merchant of Record and handles payments, taxes (VAT), and refunds. During payment, your email address and payment data are transmitted directly to Digistore24. We have no access to your credit card data. After a successful payment, Digistore24 transmits your email address and the order number to us for delivery of the complaint letter. This data is stored in our order database (see Section 6) and is subject to the retention period described in Section 10. Since Digistore24 is based in Germany, no third-country data transfer takes place. Legal basis: Art. 6(1)(b) GDPR (contract performance).

5b. Transactional Emails

For sending transactional emails (e.g., purchase confirmation, PDF delivery of the complaint letter), we use Resend Inc. Email delivery is processed on EU servers (Ireland, eu-west-1). Your email address and the generated complaint letter (as PDF attachment) are transmitted to Resend. Since processing takes place within the EU, no third-country data transfer occurs. Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Hosting & Infrastructure

This website is hosted by Vercel Inc. (San Francisco, USA). Third country transfer: USA, secured by EU-US Data Privacy Framework. The database is hosted by Neon Inc., with the database server located in the EU (Ireland, eu-west-1). All stored data is encrypted with AES-256 (encryption at rest), with encryption keys managed via AWS KMS. All database connections are secured with TLS 1.2/1.3 (encryption in transit). Neon is SOC 2 Type 2, ISO 27001, and ISO 27701 certified. Since the database is hosted in the EU, no third-country data transfer takes place for stored data.

7. Web Analytics

We use Umami Analytics, a cookieless, privacy-friendly analytics solution. Umami is self-hosted on a server in Germany; all data remains under our control. No cookies are set and no cross-website tracking is performed. To distinguish visitors, Umami generates a pseudonymous session identifier from a hash of your IP address, user agent, and a daily rotating salt. This identifier does not allow direct identification of you as a person and expires after 24 hours. We collect: pages visited, time on page, referrer, browser, operating system, device type, and country (derived from anonymised IP address). If you create a complaint letter, we link the analytics session to a pseudonymous case identifier ("complaint_id"). This is used exclusively for the internal attribution of payment events to individual cases for quality control and error analysis. The case identifier can only be linked to your person in combination with our separate order database. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach measurement, optimisation of our service, and technical quality control). You may object to this processing at any time (info@claimeu261.com). No third-country data transfer takes place.

7b. Error Tracking and System Stability

To ensure the technical functionality and stability of our website, we use Sentry (Functional Software Inc., San Francisco, USA). In the event of technical errors, the following data is automatically collected: error type and message, affected URL, browser type and version, operating system, and time of the error. IP addresses are anonymised (last octet removed). Personal data from form inputs is not collected. No session replays or screen recordings are performed. Data is automatically deleted after 30 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in error resolution and system stability). Third country transfer: USA, secured by EU-US Data Privacy Framework (DPF). You may object to this processing at any time (info@claimeu261.com). More information: sentry.io/privacy/

7c. Marketing Attribution

When you create a complaint, we also store information about how you reached our website: UTM parameters from the URL (e.g. source, medium, campaign), the referring website (referrer), and the first page you visited (landing page). This data is captured only at the moment your complaint is created — no data is stored on your device at any time (no cookies, no local storage, no session storage for this purpose). Purpose: analysis of the effectiveness of our marketing channels. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in channel analysis). You may object to this processing at any time (info@claimeu261.com) — the attribution data will then be deleted from your record without delay. Retention follows the general retention period (6 months, then anonymisation). When exercising your right to erasure (Art. 17), this data is completely removed.

8. Cookies

This website uses only technically necessary cookies (e.g., for language settings). No tracking or marketing cookies are used. Consent is therefore not required.

9. Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)

To exercise your rights, please use the self-service form below or contact us by email.

9b. Newsletter and Product Information

If you consent to receiving tips about passenger rights and product news during the order process, we store your email address separately for this purpose. Legal basis: Art. 6(1)(a) GDPR (consent). Emails are sent via Resend. You can revoke your consent at any time — via the unsubscribe link in each email or by contacting info@claimeu261.com. After revocation, your email address will be deleted from the distribution list immediately.

10. Storage Duration and Anonymisation

6 months after creation, your personal data (name, email address, booking reference, generated letter) is automatically anonymised. Anonymised flight data (airline, route, problem type, compensation amount) is retained without personal reference for statistical purposes and product improvement. You can request immediate complete deletion of all your data at any time.

11. Automated Decision-Making (Art. 22 GDPR)

No purely automated decision-making within the meaning of Art. 22 GDPR takes place. The AI-generated complaint letter is a draft that can be reviewed and modified by the user before sending. The final decision to send always rests with the user.

12. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf
www.ldi.nrw.de