Finqube GmbH
Kolonnenstr. 8
10827 Berlin
Germany
Email: contact@finqube.de

Last updated: November 2025

1. Introduction

This Privacy Policy explains how Finqube GmbH (“Finqube”, “we”, “us”, “our”) collects, processes and protects personal data when you visit finqube.io or use our services.

We process personal data exclusively in accordance with:

• the General Data Protection Regulation (GDPR) (EU) 2016/679
  
• the German Federal Data Protection Act (BDSG)
  
• the Digital Services Act (DSA)
  
• other applicable European data protection laws

2. Data Controller

The responsible controller according to Article 4(7) GDPR is:

Finqube GmbH
Kolonnenstr. 8
10827 Berlin
Germany
Email: contact@finqube.de

3. Data We Collect

3.1. Server Log Files

When you access our website, we automatically process:

• IP address
  
• date & time of access
  
• visited URL
  
• referrer URL
  
• browser type & version
  
• operating system
  
• amount of data transferred
  
• access status (HTTP codes)
  

Legal basis: Art. 6(1)(f) GDPR (legitimate interest: security & functionality).

• Retention: up to 30 days.

3.2. User Account Data

When creating an account:

• email address
  
• encrypted password
  
• name
  
• account settings
  
• login activity
  

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.3. Portfolio & Transaction Data

When users add financial information, such as:

• securities, assets, positions
  
• historical transactions
  
• purchases, sales, quantities
  
• manual entries and calculations
  

These data are fully user-provided and not shared with third parties, unless legally required.

Legal basis: Art. 6(1)(b) GDPR.

3.4. Payment Data (Stripe & PayPal)

We use Stripe as our primary payment service provider. All payments made on Finqube — including PayPal transactions — are processed through Stripe’s technical interface (API).

During payment processing, Stripe may collect and process the following data:

• name
  
• email
  
• billing address
  
• partial payment method details
  
• transaction details
  
• device and technical information

When users choose PayPal, the same data categories may also be transmitted to PayPal, as required for payment authorization and processing. Stripe and PayPal process this data in accordance with their respective privacy policies.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

• Stripe Privacy Policy: https://stripe.com/privacy
• PayPal Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Data transfers to the United States may occur and take place on the basis of the European Commission’s Standard Contractual Clauses (SCCs).

3.5. Cookies

We use necessary cookies for:

• login sessions
  
• security
  
• platform functionality
  

Analytics or marketing cookies (Google Analytics, Meta Pixel) are only activated after explicit consent in our cookie banner.

Legal basis:

• Necessary cookies: Art. 6(1)(f) GDPR
  
• Analytics/marketing: Art. 6(1)(a) GDPR

4. Meta Pixel (Facebook/Instagram)

We use Meta Pixel for marketing and measurement — but only after explicit user consent.

Meta processes:

• HTTP headers
  
• user interactions
  
• device data
  
• potential Facebook ID (if logged in)
  

Legal basis: Art. 6(1)(a) GDPR (consent).

• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• Data may be transferred to the USA under SCCs.

5. Google Analytics (Future Use)

We plan to integrate Google Analytics 4.

Analytics is only activated after consent in the cookie banner.

Google processes:

• IP address (anonymized)
  
• user behavior
  
• device & browser data
  
• session statistics
  
• page interactions
  

Legal basis: Art. 6(1)(a) GDPR.

• Google Privacy Policy: https://policies.google.com/privacy
• Data may be transferred to the USA under SCCs.

6. Contact & Support

If you contact us via email, we process:

• email address
  
• content of your message
  
• metadata
  
• attachments (if applicable)
  

Legal basis:

• Art. 6(1)(b) GDPR (contract)
  
• Art. 6(1)(f) GDPR (legitimate interest)

7. Data Processors

We use external service providers for:

• hosting
  
• payment processing
  
• email delivery
  
• analytics (future)
  
• security
  

All processors are bound by Art. 28 GDPR data processing agreements (DPAs).

8. International Data Transfers

If data is transferred outside the EU (e.g., USA), this is done under:

• Standard Contractual Clauses (SCCs) (Art. 46 GDPR), or
  
• explicit user consent (Art. 49 GDPR)

9. Data Retention

We retain data only as long as necessary for:

• account operations
  
• legal obligations
  
• tax and commercial requirements
  

Typical retention periods:

• Account data: until deletion
  
• Payment data: up to 10 years
  
• Log files: up to 30 days
  
• Marketing data: until consent is withdrawn

10. Your Rights Under GDPR

Users have the following rights:

• Right of access (Art. 15)
  
• Right to rectification (Art. 16)
  
• Right to erasure (Art. 17)
  
• Right to restriction (Art. 18)
  
• Right to data portability (Art. 20)
  
• Right to object (Art. 21)
  
• Right to withdraw consent (Art. 7(3))
  

Contact: contact@finqube.de

11. Right to File a Complaint

You may lodge a complaint with the supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Germany

12. Security Measures

We implement state-of-the-art security measures, such as:

• SSL/TLS encryption
  
• firewalls
  
• encrypted passwords
  
• access controls
  
• regular security updates

13. Deleting Your Account

Users may delete their accounts at any time.
Personal data will be deleted unless legal retention periods prevent this.

14. Changes to This Policy

We may update this Privacy Policy.
The current version is always available at finqube.io/privacy-policy.