Data protection declaration

1. General information

The protection of your personal data is particularly important to us. We therefore process your data exclusively on the basis of the legal provisions (GDPR, TMG).

2. Responsible body

Responsible for data processing on this website is:

Dario Bährle Ulmenstrasse 36 86899 Landsberg Email: info@obolusfinanz.de

3. Entry data

When visiting this website, technically necessary data is processed. This includes server logs and a pseudonymous visitor ID in the browser (localStorage) to count visits and reduce abuse. Requests may also process IP address and user-agent data in the database.

4. Server log files

The hosting provider of this site automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are, for example:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request

This data cannot be assigned to certain people and are not merged with other data sources.

5. Your rights

You basically have the following rights:

  • Information about your stored data
  • Correction of incorrect data
  • Deletion of your data
  • Restriction of processing
  • Data portability
  • Objection to processing

If you believe that the processing of your data violates data protection law, you can complain to the responsible supervisory authority.

6. Contact

If you have any questions about data protection, please contact the person responsible above.

7. Use of cookies to store display preferences

A technically necessary cookie is used on this website to save your choice of display design (e.g. dark mode). This cookie contains no personal data and is used solely for user convenience. Consent is not required for this as it is a functionally necessary setting.

8. Account system, database and cloud storage

If you create an account or use cloud features, this website processes authentication data and selected finance/scenario data via Supabase (authentication and database). This may include, for example, email address, profile data, saved scenarios, and technical metadata. Data is only stored for features you actively use (e.g., save/load in your account). Without an account, inputs generally remain local in your browser. For more details, please refer to Supabase's Privacy Policy:

https://supabase.com/privacy

9. API, MCP and ChatGPT app access logs

When you use the public API, the MCP endpoint, or the Obolus ChatGPT app, technically necessary access data may be processed to provide the services, protect against abuse, enforce rate limits, analyze errors, and maintain stability. The calculation tools process the salary, tax, and comparison inputs you submit in order to perform the requested calculation.

  • Route, HTTP method, tool name, status code, and response time
  • IP address, user-agent, and rate-limit information
  • whether an API key was provided, whether it was valid, and a hash of the API key; the raw API key is not stored in access logs
  • validation errors, technical error details, and limited technical metadata such as cache status
  • for API-key usage, technical usage data such as last use and route used

This data is not used for advertising and is not sold. It is retained only for as long as needed for security, troubleshooting, abuse prevention, auditability, and legal obligations. You can exercise access, correction, deletion, and objection rights through the contact address above.

10. Legal bases and purposes of processing

Depending on the feature, processing is based on the following legal bases and purposes:

  • Art. 6(1)(b) GDPR: providing requested calculator, API, MCP, ChatGPT app, account, and cloud features.
  • Art. 6(1)(f) GDPR: operation, security, abuse prevention, rate limiting, error analysis, technical stability, and service improvement. Our legitimate interest is a secure and reliable service.
  • Art. 6(1)(a) GDPR: newsletter signup and voluntary contact where consent is required. Consent can be withdrawn at any time with effect for the future.
  • Art. 6(1)(c) GDPR: compliance with statutory retention, evidence, and cooperation duties where such duties apply.

11. Newsletter, feedback, and voluntary contact

If you use newsletter, feedback, or contact features, we process the data you actively submit only for the respective purpose.

  • Newsletter: email address, language, consent status, and signup time. Data is retained until withdrawal, unsubscribe, or deletion request.
  • Feedback: message text, user-agent, and submission time. Data is retained for handling feedback, error analysis, and product improvement.
  • Email contact: message content, email address, and technical communication data. Data is retained to handle the request and only as long as needed for the matter or legal duties.

12. ChatGPT app and OpenAI context

If you use Obolus as a ChatGPT app, the information required for the tool call is transmitted from ChatGPT/OpenAI to the Obolus MCP or API endpoint. Obolus processes this information to perform the requested calculation or comparison and return the result to ChatGPT.

  • Processed information may include salary, tax, country, household, and comparison parameters.
  • Obolus receives only the data transmitted for the respective tool call and does not process it for advertising.
  • OpenAI's processing within ChatGPT is also governed by the applicable OpenAI terms and privacy notices.

13. Recipients, retention, international transfers, and automated decisions

Personal data may be transmitted to technical service providers where necessary for operation, hosting, authentication, database, security, or app execution.

  • Recipients or recipient categories include hosting and infrastructure providers, Supabase for authentication and database features, and OpenAI where you use the ChatGPT app.
  • International transfers cannot be excluded depending on provider, location, and infrastructure. Where required, transfers are based on appropriate safeguards or legal permissions.
  • Account and cloud data is retained for as long as the account or feature is used or until deletion is requested, unless legal duties require otherwise.
  • API, MCP, and security logs are retained only as long as needed for security, error analysis, abuse prevention, auditability, or legal obligations.
  • Voluntary newsletter, feedback, and contact data is retained until withdrawal, handling, or deletion request, unless legal duties require otherwise.

There is no automated decision-making with legal effect or similarly significant impact within the meaning of Art. 22 GDPR. Calculator results are for orientation and do not replace binding tax, financial, or investment advice.