Privacy Policy

Privacy Policy for metaFox.online
Effective date: 25.04.2026

Your privacy matters to us. This Privacy Policy explains in clear and simple terms how we process your personal data when you use our web app.

Who is responsible?

metaFox GmbH
Carl-Spitzweg-Str. 61, 90768 Fürth, Germany
Register: Amtsgericht Fürth, HRB 19366
Managing Directors: Maximilian Friedle, Tobias Weghorn

Why do we process your data?

We use your data to provide the following services:

Provision and operation of our web app

This includes standard features such as account management and features for successful online coaching as presented on our website: https://metaFox.online

Sending transactional emails

We send important emails such as confirmations, password resets, and notifications about your account activity.

Billing and subscriptions (where applicable)

We process the data needed to offer paid plans, manage subscriptions, and handle payments.

Usage analytics

We track general usage patterns to improve usability, detect technical issues, and ensure smooth operations. Optional product analytics are provided through PostHog as described below and only run when you consent.

Cookies and consent

We use essential cookies and similar technologies to keep you signed in and remember your language preference. Optional product analytics (PostHog) and the browser-side Meta Pixel on our marketing pages are only activated after you accept in the cookie banner or enable analytics in your account privacy settings. The server-side Meta Conversions API runs on our servers — independent of any cookie — for the two specific conversion events described below (sign-up and paid subscription activation), on the legal basis of our legitimate interest. Vercel Web Analytics and Vercel Speed Insights are cookie-less and do not require consent. Sentry error monitoring runs without cookies on the basis of our legitimate interest, with text, input fields, and media masked by default.

Tools and services we use

Supabase

We use Supabase for secure processing and storage of all user and usage data.
Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992
Website: https://www.supabase.com
Privacy Policy: https://www.supabase.com/privacy
Note: Our Supabase project uses the eu-central-1 region (AWS Europe, Frankfurt, Germany), so your data is processed and stored within the EU.

Sendpulse

We use SendPulse to send system-generated emails (for example account confirmations and password resets).
Provider: SendPulse Inc., 101 Spear Street, 1st Floor, San Francisco, CA 94105, USA
Website: https://sendpulse.com
Privacy Policy: https://sendpulse.com/privacy-policy
Note: EU Standard Contractual Clauses apply to ensure GDPR-compliant data transfers.

Stripe (payments)

When you purchase or manage a paid subscription, payment data is processed by Stripe (Stripe, Inc., USA). We do not store full payment card numbers on our own servers; card data is handled by Stripe.
Privacy: https://stripe.com/privacy
Note: Transfers to Stripe in the USA and related safeguards are described in Stripe’s privacy policy and data processing terms (including EU Standard Contractual Clauses where applicable).

PostHog

We use PostHog for product analytics: we process information such as in-app events, approximate usage context, and technical data like browser and device type, so we can improve the product, debug issues, and understand usage. We do not use PostHog session replay.
Provider: PostHog Inc.
Website: https://posthog.com
Privacy policy: https://posthog.com/privacy
Legal basis: This processing is optional and only takes place if you accept analytics cookies in our cookie banner or turn analytics on in your account privacy settings (Art. 6(1)(a) GDPR – consent). You may withdraw consent at any time.
Region: Event data is sent to PostHog Cloud EU only, via the EU ingestion endpoint (https://eu.i.posthog.com).

Vercel (hosting, performance, and web analytics)

We host and operate the web app on Vercel.
Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Website: https://vercel.com
Privacy Policy: https://vercel.com/legal/privacy-policy
We also use Vercel Speed Insights for anonymous Web Vitals and Vercel Web Analytics for aggregated, cookie-less page-view counts. Both products operate without persistent identifiers and do not track individual users across sessions.

Sentry (error monitoring)

We use Sentry for error monitoring and sampled performance traces. Sentry processes technical data such as error stack traces, HTTP request and response metadata, browser and device information, and performance trace data. We do not record session replays.
Provider: Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
Website: https://sentry.io
Privacy Policy: https://sentry.io/privacy/
Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in operating a stable, secure, and bug-free service.
Region: Data is sent to Sentry’s processing infrastructure (US). Transfers are governed by EU Standard Contractual Clauses.

Meta Pixel and Meta Conversions API

(a) Browser-side Meta Pixel — consent-based.
On our public marketing pages we load the Meta Pixel to measure the effectiveness of our advertising on Meta platforms (Facebook, Instagram). The Pixel covers conversion events including page view, sign-up started, sign-up completed, first session created, and marketing CTA clicked.
Legal basis: Art. 6(1)(a) GDPR — consent. The browser-side Pixel only fires after you accept marketing/analytics cookies in our cookie banner.

(b) Server-side Meta Conversions API — legitimate interest.
When you complete a sign-up or activate a paid subscription, our server transmits a server-side conversion event to the Meta Conversions API. The data transmitted is limited to the SHA-256 hash of your email address, the request IP address, the request user-agent, and a randomly generated event ID.
Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in measuring the effectiveness of our advertising.

Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Privacy Policy: https://www.facebook.com/privacy/policy/

Legal basis for processing

• Article 6(1)(b) GDPR – to provide services and manage your account
• Article 6(1)(f) GDPR – based on our legitimate interests in improving and securing the app, including error monitoring (Sentry), anonymous performance and traffic measurement (Vercel Speed Insights and Vercel Web Analytics), and server-side ad-attribution measurement via the Meta Conversions API
• Article 6(1)(a) GDPR – where you provide consent, e.g., for optional product analytics (PostHog) and the browser-side Meta Pixel via the cookie banner

How long do we store your data?

We store your personal data only as long as necessary for the purposes described or as required by law. You can delete your account at any time, which also removes your personal data from our servers unless we are legally obligated to retain it.

Your rights under the GDPR

• Request access to your stored data
• Have incorrect or outdated data rectified
• Request deletion or restriction of your data
• Object to the processing of your data
• Withdraw consent (effective for the future)
• Receive your data in a portable format
• Lodge a complaint with a data protection authority

Questions about privacy?

Email: tobias@metafox.eu