privacy policy

1. General information

The protection of your personal data is of utmost importance to us. We process your data exclusively in accordance with legal regulations (GDPR, TTDSG). In this privacy policy, we inform you about the most important aspects of data processing on our website.

Responsible person within the meaning of the GDPR:

Henry Böster
Vorsteher-Kirchhoff-Str. 8
28816 Stuhr

Email: hello@threatemy.com

2. Collection and processing of personal data

We collect and process personal data when you:

  • visit our website,
  • create a user account,
  • book a service and
  • communicate with us.

The following personal data is collected:

  • Last name, first name, email address, address, city, postal code and country in the context of a user account
  • IP addresses, web addresses as personal data if the addresses belong to a natural person
  • Booking IDs and configuration times in the context of conducting our analyses

3. Purpose and legal basis of data processing

We process your personal data for the following purposes:

  • Creation and management of your customer account (Art. 6 (1) (b) GDPR)
  • Carrying out the commissioned vulnerability scan including the creation of reports (Art. 6 (1) (b) GDPR)
  • Customer communication (e.g. email notifications) (Art. 6 (1) (b) and (f) GDPR)
  • Fulfillment of legal obligations, e.g., retention obligations (Art. 6 (1) (c) GDPR)

4. Storage period

We store your personal data for as long as necessary for the purposes of processing or as long as statutory retention periods apply.

5. User account and access protection

When you create a user account, we store the data you provide (e.g., name, email address) to allow you access to secure areas. Access to our services is only possible with activated two-factor authentication (2FA). We use the TOTP procedure, which is generated locally on your device (e.g., with authenticator apps). No personal data is transmitted to third parties in connection with authentication.

6. Storage and access to reports

Your booked reports and security-relevant analyses will only be made available for download after successful authentication and permission verification. The files are stored in an encrypted vault on a managed data storage device (IONOS, Germany) and transferred via WebDAV. Access is exclusively encrypted.

7. Contact forms and form processing

We use the ProfileGrid, RegistrationMagic, and Contact Form 7 plugins to create customer accounts and process orders. The data you provide (e.g., name, email address, and any other information) will be processed exclusively to process your request.

To protect our forms against unauthorized automated access (e.g., bots), we use "Google reCAPTCHA." The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA verifies whether the data is entered by a human or an automated program. The following data, among others, is transmitted to Google:

  • User’s IP address,
  • Information about the device used,
  • Mouse movements and interactions on the page,
  • any Google cookies that may have already been set.

Data processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in protecting our web forms from misuse and spam.

For more information, see Google's privacy policy and reCAPTCHA terms of use.

You can revoke your consent to the use of reCAPTCHA at any time via the cookie banner on our website.

8. Cookies

Our website uses cookies to enable basic functions and collect statistical data. You have the option to manage your cookie settings the first time you visit the site. You can adjust these settings at any time. You'll find a link to adjust your settings in the footer of every page.

9. Web analysis with Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to evaluate the use of our website and compile reports on website activity. This processing is based on your consent in accordance with Art. 6 (1) (a) GDPR, which you grant via our cookie banner.

Google Analytics uses cookies and similar technologies to collect information about the use of our website. Among other things, the following data is processed:

  • pages viewed, click paths and length of stay,
  • Your approximate location (region),
  • technical information about the browser and device,
  • IP address (truncated, IP anonymization active).

The collected data is generally transferred to Google LLC servers in the USA and stored there. An appropriate level of data protection is ensured by the EU Commission's standard contractual clauses.

You can revoke your consent at any time with future effect via the cookie banner on our website. Further information can be found in Google's privacy policy (https://policies.google.com/privacy) and in the Google Analytics Terms of Use (https://marketingplatform.google.com/about/analytics/terms/de/).

10. Use of Google Ads Conversion Tracking

On the confirmation page after a successful booking, we use a conversion tracking script from Google Ads. This enables us to measure the success of our advertising. Pseudonymized data (e.g., IP address, timestamp) is collected. Processing is based on your consent (Art. 6 (1) (a) GDPR) via the cookie banner.

You can revoke your consent at any time with future effect – via the corresponding link in the footer of each page.

11. Booking and payment processing via Digistore24

Our services are booked through the provider Digistore24 GmbH, St.-Godehard-Str. 32, 31139 Hildesheim, Germany. When you start the booking, you will be redirected to Digistore24. After the purchase is successfully completed, you will be returned to our website. Data processing is carried out there at your own responsibility. Please note the Digistore24 privacy policy at: https://www.digistore24.com/page/privacy

12. Data security & hosting

Our website is hosted on servers of IONOS SE, a data center in Frankfurt (Germany), and is ISO 27001-certified. Backups are created regularly, stored encrypted, and stored exclusively in a managed data storage facility within the EU.

13. Disclosure and recipients

We will only pass on your personal data if this is necessary to fulfil the contract or if we are legally obliged to do so.

Recipients can be, for example:

  • Hosting service provider
  • Email service provider
  • IT service providers for the maintenance of our systems

We have concluded data processing agreements with these service providers in accordance with Art. 28 GDPR.

14. Fonts (Google Fonts)

We only use locally embedded fonts to display the website. There is no connection to Google servers. No personal data is transmitted in connection with the display of fonts.

15. Your rights

According to the GDPR, you have the right to:

  • Information about your stored data
  • Correction of incorrect data
  • Deletion of your data (unless there are legal retention obligations)
  • Restriction of processing
  • Data portability
  • Objection to processing

Please send your request to: hello@threatemy.com

In order to process your request promptly, please state, if possible, which type of data processing your request relates to (e.g. user account, analysis report, form usage).

16. Online Dispute Resolution

The European Commission provides a platform for online dispute resolution (ODR): https://ec.europa.eu/consumers/odr

Consumers have the opportunity to use this platform to resolve their disputes. We are not legally obligated to participate in dispute resolution proceedings, but we are generally open to participating in individual cases.

17. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy as needed, for example in the event of changes to our services, legal requirements or technical developments.

As of: August 16, 2025