Privacy Policy

Below you will find all the information about the processing of your personal data by Planaberry, a registered trademark of Lavndr GmbH (hereinafter referred to as "Planaberry") and the rights to which you are entitled under data protection law.

Data Protection at Planaberry

Data protection is a top priority for us. Planning your financial future is a very private matter. For this reason, we develop Planaberry according to the principle of "privacy by design". The basic idea here is that only as much personal data is collected during data processing as is absolutely necessary for the respective application.

With Planaberry, we want to offer you an independent solution for planning your financial future. In order to finance Planaberry, we plan to introduce various subscription models. Neither today nor in the future will we sell your personal data or pass it on to third parties without your consent.

To give you a better orientation, we have provided you with an overview of the chapters:

  1. Controller & Data Protection Officer
  2. Data Processing
  3. Data Security
  4. Cookies & Tracking Technologies
  5. Notes on Data Transfer
  6. Use of service providers
  7. Data Retention Periods
  8. Your Rights as a Data Subject
  9. Right to Object to Data Processing
  10. Right to Lodge a Complaint
  11. Obligation to Provide Data
  12. Changes to the Privacy Policy

1. Controller & Data Protection Officer

1.1 Controller

The controller responsible for the processing of your personal data is:
Lavndr GmbH
An der Ölmühle 11
65795 Hattersheim am Main
info@planaberry.de
represented by: Kevin Keppler

1.2 Data protection officer

The data protection officer of the controller can be contacted as follows: datenschutz@planaberry.de

2. Data Processing

2.1 Technical Data

When you visit our website, we collect technical data that is automatically transmitted by your browser to our server. This data ensures the security and stability of our application and includes:
  • Network & server data: IP address, date & time of request, time zone difference from GMT, access status/HTTP status code, requested content
  • Device & browser settings: Browser type & version, operating system & interface, browser language settings
Legal Basis: Article 6(1)(f) GDPR (legitimate interest).

2.2 Registration

In order to use Planaberry, you must sign up and create a user account. The following options are available for sign-up:
  • Email address and password
  • Google login (OAuth authentication)
Legal Basis: Article 6(1)(b) GDPR (contractual relationship).

2.3 Account Deletion

If you wish to delete your account, you can do so at any time in your profile settings. All associated data will be deleted, unless legal retention requirements apply.
Legal Basis: Article 6(1)(b) GDPR (contractual relationship) and Article 6(1)(c) GDPR (legal retention obligations, e.g. tax-related requirements).

2.4 Processing of Personal Data

When using Planaberry, we collect and store personal data necessary for providing our services, conducting personalized calculations, and improving the user experience. This includes:
  • Demographic information (e.g., birth year for retirement planning, federal state for tax calculations)
  • Insurance information (e.g., details about health and pension insurance, as well as relevant retirement data)
  • Tax-related information (e.g., tax class, church tax, etc.)
  • Family situation (e.g., number of children)
  • Housing situation (e.g., rental costs, real estate ownership, etc.)
  • Financial situation (e.g., income, expenses, assets, liabilities, etc.)
  • Personal goals (e.g., planned retirement age, desired retirement income, etc.)
These data are stored in out database and used exclusively to provide and optimize our services.
Note:
We do not process special categories of personal data as defined in Article 9 GDPR (e.g., health data). If this becomes necessary in the future, we will first obtain your explicit consent.
Legal Basis: Article 6(1)(b) GDPR (contractual relationship).

2.5 Purpose of Data Processing

We process your personal data to enable you to use Planaberry. This includes:
  • Providing the web application and calculating your retirement needs and retirement gap.
  • Entering & managing your assets/income sources (e.g., statutory pension, company pension scheme, investments, real estate, cash, etc.).
  • Generating financial analyses & tips for your future.
  • Handling inquiries related to Planaberry.
Legal Basis: Article 6(1)(b) GDPR (contractual relationship), Article 6(1)(c) GDPR (legal retention obligations, e.g., tax-related requirements), and Article 6(1)(f) GDPR (legitimate interest).

3. Data Security

We implement technical and organizational measures to ensure the security of your data:
  • SSL/TLS encryption – All data transmissions are encrypted.
  • Database encryption – Stored data is protected through encryption.
  • Web Application Firewall (WAF) – Protects our systems from unauthorized access and attacks.
  • Access management – Only authorized personnel have access to your data.
  • Data processors – Our service providers are contractually bound to comply with data protection regulations.
  • Internal security audits – We regularly review and update our security measures as needed.

4. Cookies & Tracking Technologies

When you visit our website, you will be informed about the use of cookies. To process any personal data collected in this context, we obtain your consent.
Cookies are small text files stored on your hard drive and assigned to your browser. They allow us to collect certain information to enhance our website. Cookies do not run programs or transmit viruses. Their purpose is to make our online services more user-friendly and efficient.
We use the following types of cookies and tracking technologies on our website:
  • Essential cookies enable basic functions such as navigation and access to secure areas of the website. Without them, the website cannot function properly.
  • Analytics cookies help us improve our website's performance and enhance your online experience.
  • Performance cookies are used for advertising purposes, helping us optimize marketing efforts, limit ad repetitions, and measure the effectiveness of our campaigns. If you consent to the use of performance/marketing cookies, we also use server-side tracking technologies to gain more accurate insights into the performance of our marketing campaigns and optimize our advertising strategies.
Legal Basis:
  • The storage of essential cookies is based on § 25(2) No. 2 TTDSG.
  • The processing of personal data related to essential cookies is based on Article 6(1)(f) GDPR (legitimate interest).
  • If you have consented to the use of analytics and performance/marketing cookies, processing is based on Article 6(1)(a) GDPR (consent).
You can delete stored cookies at any time or enable automatic deletion. Additionally, you can block cookies in your browser settings. However, this may limit the functionality of our website.
Manage Cookie Settings

4.1 Essential Cookies

Cookie Domain Purpose Duration
sessionid planaberry.de
(1st Party)		 Maintains the user's session state across page requests. Session
planaberry_language planaberry.de
(1st Party)		 Stores the user's preferred language on the website. Session
cookie_consent planaberry.de
(1st Party)		 Saves the user's cookie consent preferences. 1 year

4.2 Analytics Cookies

Cookie Domain Purpose Duration
ph_* planaberry.de
(1st Party)		 Contains information about the user and their browser for statistical analysis of website usage through PostHog. 1 year

4.3 Performance Cookies

Cookie Domain Purpose Duration
_gcl_au planaberry.de
(1st Party)		 Contains a randomly generated user ID used by Google Ads to track conversions. 90 days
_fbp planaberry.de
(1st Party)		 Contains a randomly generated user ID used by Facebook to track conversions. 90 days
_fbc planaberry.de
(1st Party)		 Contains information about the ad click that brought a user to our website when clicking on a Facebook ad. It is used to track ad clicks and conversions for Meta Ads. 90 days
event_data planaberry.de
(1st Party)		 Temporarily stores interaction data to ensure accurate tracking of key events. 30 seconds

5. Notes on Data Transfer

We only transfer personal data under the following conditions:
  • With your consent (Article 6(1)(a) GDPR).
  • If required for contract fulfillment (Article 6(1)(b) GDPR).
  • In case of a legal obligation (Article 6(1)(c) GDPR).
  • If there is a legitimate interest (Article 6(1)(f) GDPR).
Data Transfer to Third Countries:
If personal data is transferred to third countries (outside the EEA), particularly the USA, this is done based on the EU Commission's Standard Contractual Clauses (SCCs) in accordance with Article 46 GDPR.

6. Use of service providers

6.1 General information

We would like to point out that when processing your data, we may use service providers with whom we have concluded data processing agreements (e.g. hosting providers, email providers, etc.). If processors in third countries carry out data processing, we ensure that the level of data protection guaranteed by the GDPR is not undermined (Article 44 et seq. GDPR).
Our service providers are used for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of providing our services quickly, efficiently and in a secure manner (Article 6(1)(f) GDPR).

6.2 External service providers

a) Render (web hosting)

Planaberry uses Render, a cloud platform for hosting web applications, which is operated by Render Services, Inc., 525 Brannan St Suite 300, San Francisco, California 94107, United States. Render is used to host the Planaberry web application and to provide the necessary infrastructure for the operation of the application. For this, a data center in Frankfurt am Main, Germany is used.
This means that the personal data collected by Planaberry is stored on servers located within the European Union (EU). This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access and other data generated by a website.
Legal Basis
Render is used for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of providing our services quickly, efficiently and in a secure manner by a professional provider (Article 6(1)(f) GDPR).
Further Information
Further information on data processing by Render can be found in the Render Privacy Policy.

b) Postmark (necessary emails)

To send necessary emails (e.g. account activation, password reset, etc.), Planaberry uses Postmark, a transactional email service provided by ActiveCampaign, LLC, 1 North Dearborn St 5th Floor, Chicago, Illinois 60602, United States. Postmark is used to send necessary emails to users of the Planaberry web application. The data for this purpose is stored on Postmark servers located in the United States.
Legal Basis
The use of Postmark is based on the legitimate interest of Planaberry in providing a secure and reliable email service for the operation of the web application (Article 6(1)(f) GDPR).
Further Information
Further information on data processing by Postmark can be found in the Postmark Privacy Policy.

c) Sentry (error monitoring)

Planaberry uses Sentry, an error monitoring and analysis service provided by Functional Software, Inc., 45 Fremont St, 8th Floor, San Francisco, California 94105, United States, to ensure the stability and security of our web application. Sentry is used to detect and fix errors and performance issues in the Planaberry web application at an early stage to ensure a smooth user experience. Technical data, such as error messages, timestamps and device and browser information, is collected and analyzed for this purpose.
Legal Basis
As the usage of Sentry is necessary for the operation and security of the Planaberry web application, there is no possibility to object to the data processing. The legal basis for the use of Sentry is Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the functionality and security of our service.
Further Information
The transfer of data to the United States is based on the standard contractual clauses of the European Commission in accordance with Article 46 GDPR, which ensure an adequate level of data protection. Further information about these clauses can be found here.
Details on data processing by Sentry can be found in the Sentry Privacy Policy.

d) Cloudflare Turnstile (bot detection)

Planaberry uses Cloudflare Turnstile, a service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, California 94107, United States, to detect and block bots in our login and sign-up process, increasing the security of our web application. Cloudflare Turnstile helps us to prevent automated attacks and to protect your data from unauthorized access. Technical data, such as IP addresses, browser data or system configuration information, may be collected. This data is used exclusively to analyze and prevent bots.
Legal Basis
The use of Cloudflare Turnstile is based on our legitimate interest in ensuring the security and integrity of our web application (Article 6(1)(f) GDPR).
Further Information
The transfer of data to the United States is based on the standard contractual clauses of the European Commission in accordance with Article 46 GDPR, which ensure an adequate level of data protection.
Further information on data processing by Cloudflare can be found in the Cloudflare Privacy Policy.

e) Amazon Web Services (CDN and firewall)

Planaberry uses services provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg, to ensure the availability and security of our web application. The usage of AWS CloudFront, a content delivery network (CDN), in combination with AWS WAF, a web application firewall, helps to deliver content faster and more securely to users and to protect our web application from malicious traffic and attacks. Technical data collected by AWS, such as access logs, IP addresses, browser data or system configuration information, is used exclusively for the operation and security of our services and to prevent unauthorized access. This data is stored on servers located in Frankfurt am Main, Germany.
Legal Basis
The use of AWS services is based on our legitimate interest in providing you with a fast, secure and reliable web application (Article 6(1)(f) GDPR).
Further Information
Further information on data processing by AWS can be found in AWS's Privacy Policy.

f) Google Tag Manager (Tag Management)

Planaberry uses Google Tag Manager, a tag management system provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager helps us to manage various tracking and analysis tools on our website. The tool itself does not create any user profiles, does not set cookies and does not carry out any analyses or tracking – it only manages the integration of other tools. However, your IP address may be transmitted to Google servers in the United States.
Legal Basis
The use of Google Tag Manager is based on our legitimate interest in managing and optimizing our website efficiently (Article 6(1)(f) GDPR).
Further Information
For more details on how Google processes data, refer to the Google Privacy Policy.

g) Google Ads Conversion Tracking (Advertising via Google Network)

Planaberry uses Google Ads Conversion Tracking, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to measure the effectiveness of our advertising campaigns within the Google Network. It allows us to receive statistical insights on ad performance, but we do not receive any personal data from Google.
How Google Ads Conversion Tracking Works
If you visit our website via a Google ad, Google Ads sets a first-party cookie on your device. This cookie expires after 90 days and does not contain any personal data. It allows Google to track ad clicks, impressions and conversions but does not enable personal identification. Google can detect when someone clicks on an ad and is redirected to our website.
Since we use Google marketing services, your browser automatically connects to Google's servers. If you are logged into your Google account, Google can associate the visit with your account. Even if you are not logged in, Google may store you IP address and other technical identifiers.
How to Disable Tracking
You can opt out of Google Ads tracking through various methods:
  • Planaberry cookie settings: Deactivate "Performance Cookies".
  • Delete existing cookies: Delete cookies in your browser settings (you need to give consent again).
  • Google Ads settings: Manage your ad preferences under Google Ads settings.
  • Self-regulation campaign: Opt out under YourAdsChoices.
Legal Basis
The use of Google Ads Conversion Tracking is based on your explicit consent in accordance with Article 6(1)(a) GDPR. Google Ads Conversion Tracking is only activated if you consent to the use of performance cookies in our cookie settings.
Further Information
For more details on how Google processes data, refer to the Google Privacy Policy.

h) Meta Pixel and Custom Audiences (Advertising via Facebook & Instagram)

Planaberry uses Meta Pixel (formerly Facebook Pixel), a service provided by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, United States, to measure the effectiveness of our advertising campaigns on Facebook and Instagram. It enables us to track conversions, optimize ad performance and create targeted advertising audiences.
How Meta Pixel and Conversion Tracking Work
When you visit out website, Meta Pixel sets first-party cookies on your device and collects technical and behavioral data about your interactions. This includes information such as pages visited, time spent on pages, and interactions with specific elements. These cookies allow Meta to track ad clicks, impressions and conversions, helping us to measure the success of our advertising campaigns.
If you are logged into Facebook or Instagram, Meta can associate your this data with your account and use it to display personalized ads. Even if you are not logged in, Meta may still process your IP address and browser information for ad attribution and retargeting.
Additionally, we use Meta Custom Audiences (without the "Advanced Matching" feature) to show targeted ads to users who have previously visited our website. Meta ensures that the collected data is only used for our advertising campaigns and is not shared with third parties.
How to Disable Tracking
You can opt out of Meta Pixel tracking in the following ways:
  • Planaberry cookie settings: Deactivate "Performance Cookies".
  • Delete existing cookies: Delete cookies in your browser settings (you need to give consent again).
  • Meta Ad settings: Manage you ad preferences under Meta Ad Preferences.
  • Self-regulation campaign: Opt out under YourAdsChoices.
Legal Basis
The use of Meta Pixel and Custom Audiences is based on your explicit consent in accordance with Article 6(1)(a) GDPR. Meta Pixel and Custom Audiences are only activated if you consent to the use of performance cookies in our cookie settings.
Further Information
For more details on how Meta processes data, refer to the Meta Privacy Policy.

i) PostHog (Web & Product Analysis)

Planaberry uses PostHog, a service provided by PostHog Inc., 2261 Market St #4008, San Francisco, California 94114, United States, to analyze how users interact with our web application. This helps us better understand user behavior, improve usability, and detect technical issues early on.
How PostHog Tracking Works
PostHog collects data on page views, clicks, scrolling behavior, and interactions to provide insights into application usage. For this purpose, PostHog sets a first-party cookie on your device that stores a unique ID and expires after 1 year. This cookie does not contain any personal data and is used exclusively for statistical analysis. PostHog transmits and stores data on servers located in the EU, ensuring compliance with European data protection standards.
How to Disable Tracking
You can opt out of PostHog tracking in the following ways:
  • Planaberry cookie settings: Deactivate "Analytics Cookies".
  • Delete existing cookies: Delete cookies in your browser settings (you need to give consent again).
Legal Basis
The use of PostHog is based on your explicit consent in accordance with Article 6(1)(a) GDPR. PostHog tracking is only activated if you consent to the use of analytics cookies in our cookie settings.
Further Information
For more details on how PostHog processes data, refer to the PostHog Privacy Policy.

7. Data Retention Periods

We store your personal data only for as long as necessary for the following purposes:
  • Provision of services & contract fulfillment: Your data is stored while you use Planaberry and is deleted upon termination of your account – unless legal obligations require further retention.
  • Legal retention periods: Certain data must be retained for tax, commercial, and other legal reasons. These retention periods typically range from 6 to 10 years.
  • Legal claims & disputes: In some cases, data may be retained to assert or defend against legal claims. The standard limitation period is 3 years, but in exceptional cases, retention may be required for up to 30 years.

8. Your Rights as a Data Subject

As a data subject, you have the following rights under the GDPR:
  • Right of Access (Article 15 GDPR): You can request information about whether and which personal data we process about you.
  • Right to Rectification (Article 16 GDPR): You can request the correction of inaccurate personal data or the completion of incomplete personal data.
  • Right to Erasure (Article 17 GDPR): You can request the deletion of personal data, provided the conditions outlined in Article 17 GDPR are met.
  • Right to Restriction of Processing (Article 18 GDPR): Under certain conditions, you may request the restriction of the processing of your personal data.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format as specified in Article 20(1) GDPR.

9. Right to Object to Data Processing

If we process your personal data based on legitimate interests or your explicit consent, you have the right to object to this processing at any time for reasons arising from your particular situation. To exercise this right, simply send an email to datenschutz@planaberry.de.
You can also permanently and irreversibly delete your user account within Planaberry at any time to stop further data processing.

10. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, or if we are otherwise in breach of data protection regulations, you have the right to file a complaint with the relevant supervisory authority:
Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden

11. Obligation to Provide Data

To use our application and services, you must provide the personal data necessary to establish, execute, and terminate the contractual relationship and and fulfill related obligations. Without this data, we will be unable to provide our services to you.

12. Changes to the Privacy Policy

We reserve the right to update parts of this privacy policy to reflect current legal requirements or changes to our services, such as the introduction of new features. If these changes require your consent, we will inform you accordingly and obtain your consent.
As of: March 2025