$1
TDYSKY
Privacy

Privacy Policy

How we handle your data – transparent and GDPR compliant.

The protection of your data has the highest priority for us. On this page you will learn how we process personal data - transparent, secure and of course GDPR compliant.

1. Responsible Entity (Verantwortlicher)

TDYSKY
Die Halde 2
64853 Otzberg
Deutschland
E-Mail: [email protected]

2. Legal Basis for Processing (Art. 6 DSGVO)

We process personal data only on the following legal bases:

  • Art. 6(1)(a) DSGVO – Consent: For loading optional external services (Discord widgets, YouTube content, Brevo newsletter). These are only activated after your explicit consent via our privacy banner.
  • Art. 6(1)(b) DSGVO – Contract Performance: For processing affiliate applications submitted through our form.
  • Art. 6(1)(f) DSGVO – Legitimate Interest: For server log files required for website security, stability, and error diagnosis. Our legitimate interest is the secure and reliable operation of this website.

3. Access Data & Hosting

When accessing our website, technically necessary server log data is processed temporarily by our hosting provider. This includes: IP address (anonymized), date and time of access, requested URL, referring URL, browser type and version, and operating system. This data is used exclusively to ensure secure delivery, operational stability, and abuse prevention.

Hosting Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as a data processor on our behalf and processes data in accordance with the EU-US Data Privacy Framework. For details, see Cloudflare's Privacy Policy.

4. Data Retention Periods

We retain personal data only as long as necessary for the respective purpose:

  • Server log files: Automatically deleted after 30 days.
  • Consent preferences: Stored in your browser's local storage until you clear it or withdraw consent.
  • Affiliate applications: Stored on Discord for the duration of the partner relationship. Deleted upon request.
  • Newsletter subscriptions: Stored by Brevo until you unsubscribe.

5. Cookies & Local Storage

We use local storage (browser storage) and one first-party cookie only for technically necessary preferences:

  • Local Storage: language selection, theme preference (dark/light), exit popup display status.
  • First-party cookie agency_privacy_consent_v1 (scope: .agencyg.de, lifetime: 1 year): stores your privacy consent decision so you only have to decide once across our subdomains (agencyg.de, docs.agencyg.de, shop.agencyg.de). Contains a single boolean flag plus timestamp — no personal identifiers.

Before you grant consent, no tracking or marketing cookies are set. If you accept external services, Google Analytics 4 sets additional cookies (_ga, _ga_*) with domain scope .agencyg.de for cross-subdomain session stitching (so one user journey between agencyg.de, docs.agencyg.de, and shop.agencyg.de is counted as a single session, not fragmented). IP anonymisation is enabled.

6. External Services (only after consent)

The following external services are only loaded after your explicit consent via our privacy banner. Without your consent, none of these services are called and no data is transmitted to them:

  • Discord (Discord Inc., USA): Embedded community widgets. Discord may process your IP address when loaded. Discord Privacy Policy.
  • YouTube (Google LLC, USA): Video feed from our YouTube channel. Google may set cookies and process your IP address. Google Privacy Policy.
  • Brevo (Sendinblue GmbH, Germany): Newsletter form processing. Brevo Privacy Policy.
  • Cloudflare Turnstile: Spam protection for the newsletter form. Cloudflare Privacy Policy.
  • Google Analytics 4 (Google LLC, USA): Anonymised visitor statistics (IP anonymisation enabled) used to understand how the site is used. Google may set cookies and process your anonymised IP. Loaded only after explicit consent. Google Privacy Policy.

7. Data Processors (Auftragsverarbeiter)

We use the following data processors:

  • Cloudflare, Inc. – CDN and hosting (EU-US Data Privacy Framework)
  • Brevo (Sendinblue GmbH) – Newsletter delivery (servers in EU)
  • Tebex Limited, UK – Payment processing for script sales (independent data controller for purchases). Tebex Privacy Policy.

Note: Purchases are handled entirely by Tebex. We do not process payment data or personal purchase information on our website.

8. Fonts (Self-Hosted)

We use the fonts "Inter" and "Orbitron" which are hosted locally on our own server. No connection to Google or other external font servers is established. No data is transmitted to third parties for font delivery.

9. Affiliate Applications

If you submit the affiliate application form, the data you enter (name, Discord name, email, social media) is transferred to Discord via webhook so we can review and process your application. This only happens after your active submission and consent confirmation inside the form. Legal basis: Art. 6(1)(b) DSGVO.

9b. Social-Proof Display (shop.agencyg.de)

On shop.agencyg.de a subtle toast in the lower-left corner shows recent purchases ("Someone bought Agency-Phone 2 hours ago"). The data is fetched server-side from our Tebex account and strictly stripped of all personal data before reaching your browser: customer names, emails, UUIDs, gateway identifiers and payment amounts are removed on the server. Only the purchased product name, an ISO timestamp and a product thumbnail reach the browser. Legal basis: Art. 6(1)(f) DSGVO (legitimate interest in social proof for the storefront; no identifiable third-party data processed).

9c. Newsletter Opt-in (shop.agencyg.de)

Via the exit-intent coupon popup on shop.agencyg.de you can optionally submit your e-mail address to receive launch alerts and early-access deals. If you do, the following processor is used:

  • Sendinblue / Brevo (Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) — receives your e-mail address and a source tag ("exit-popup"). Double-opt-in is used: you receive a confirmation mail and only become an active subscriber after you confirm the link. You can unsubscribe any time with a one-click link in every e-mail. Brevo's privacy policy applies in parallel to this notice.

Legal basis: Art. 6(1)(a) DSGVO — explicit consent (the opt-in checkbox + your active form submission).

9a. AgencyAI Chat Assistant (docs.agencyg.de)

On docs.agencyg.de we offer an AI-powered support chat ("AgencyAI"). When you send a message:

  • Your message text plus the previous messages of the current conversation (max. 12 turns) are transmitted to our server and from there to the AI providers Groq, Inc. (primary) and/or OpenAI, Ireland Ltd. (fallback), which generate the reply. Standard Contractual Clauses are in place for third-country transfers (USA).
  • Your conversation is stored only in your browser's sessionStorage and is deleted when you close the tab. We do not persist chat contents on our servers.
  • For abuse protection we count the number of requests per IP. We do not store the raw IP: it is immediately hashed (HMAC-SHA256) with a salt that rotates every 24 hours. Only these non-reversible hashes plus timestamps are held in memory for max. 24h to enforce a limit of 10 questions per IP per day.
  • A short, pseudonymous log line (8-character hash prefix, provider, language, number of turns) is written to our operational log for diagnostic purposes and rotated as per section 4.

Legal basis: Art. 6(1)(f) DSGVO — legitimate interest in providing AI support and preventing abuse/cost overruns (Recital 49 explicitly names network abuse prevention as a legitimate interest). You can always use the chat without identifying yourself; if you do not wish to use it, simply do not open the widget.

10. Your Rights (Art. 15-21 DSGVO)

You have the following rights regarding your personal data:

  • Right of access (Art. 15 DSGVO)
  • Right to rectification (Art. 16 DSGVO)
  • Right to erasure (Art. 17 DSGVO)
  • Right to restriction of processing (Art. 18 DSGVO)
  • Right to data portability (Art. 20 DSGVO)
  • Right to object (Art. 21 DSGVO)
  • Right to withdraw consent at any time without affecting the lawfulness of prior processing

11. Right to Lodge a Complaint (Art. 77 DSGVO)

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the DSGVO. The competent supervisory authority for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
https://datenschutz.hessen.de

12. Privacy Contact

If you have any questions about data protection, you can contact us at any time at [email protected].

Last updated: April 2026