This privacy policy is a launch draft for ClipROI. It will be reviewed and completed with final controller details, vendor list, and retention rules before public launch.

1. Controller

Controller within the meaning of GDPR:
Tobias / legal entity to be inserted
Address: TODO
Email: TODO

2. What ClipROI Does

ClipROI helps agencies and brands measure creator campaign traffic through tracked links, QR codes, and campaign reporting pages.

3. Categories of Processed Data

• Campaign data entered by customers (campaign name, brand, destination URL, tracking slug)
• Click-event metadata (timestamp, referrer, referrer domain, browser, operating system, device type)
• Pseudonymized or hashed network information where technically required for basic traffic measurement
• Contact and billing data if paid plans are activated later

4. Purposes and Legal Bases

Processing is carried out to provide the service, generate reports, ensure technical operation, and protect the platform against misuse. The primary legal bases are Art. 6(1)(b) GDPR (contract / pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interests in operating and securing the service).

5. Cookies and Tracking

ClipROI is designed to avoid non-essential marketing cookies. If this remains the case, no cookie consent banner is required for marketing or analytics purposes. This statement will be revisited if third-party analytics or marketing tags are added later.

6. Recipients / Processors

Hosting and technical service providers may receive access to data strictly as needed for operation of the service. A final processor and vendor list will be added before launch (e.g. VPS host, email provider, payment provider).

7. Storage Period

Data is stored only as long as necessary for service provision, reporting, legal obligations, and security. Specific retention rules will be defined before launch.

8. Data Subject Rights

Data subjects have the right to access, rectification, erasure, restriction, objection, and data portability, subject to statutory requirements. They also have the right to lodge a complaint with a competent supervisory authority.

9. International Transfers

International transfers are avoided where possible. If providers outside the EU/EEA are used, the final privacy policy will describe the relevant safeguards (e.g. adequacy decisions or standard contractual clauses).