Privacy Policy

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when using our website. Personal data is any data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is the operator of this website. Contact: Email: info@sparqly.dev. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2.1 When you use our website for informational purposes only (i.e., if you do not register or otherwise transmit information to us), we only collect data that your browser transmits to the site server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Website visited
• Date and time of access
• Amount of data sent (in bytes)
• Referrer URL (source/reference from which you reached the page)
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., inquiries to the controller), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2.2a Cookies and session management: This website uses only technically necessary session cookies to provide functionality. Session data is kept for a maximum of 1 hour in a cache-based store and may include your uploaded CSV data as well as analysis results. Session cookies are configured as “httponly” and “secure” and use “SameSite: Strict” to protect against cross-site attacks. No tracking cookies or third-party cookies are used.

2.2b Hosting and server location: Sparqly is hosted on a server at Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). All of your data is processed and stored exclusively on servers within Germany and/or the European Union. No data is transferred to third countries outside the EU.

2.2c External resources: To display charts and graphics, this website loads JavaScript libraries from content delivery networks (CDNs), in particular from cdn.jsdelivr.net (Chart.js, Chartkick). In doing so, your IP address may be transmitted to these services. Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing our website quickly and efficiently.

2.3 Uploaded CSV data: Sparqly does not store uploaded CSV files permanently. All data is held temporarily in a session (Solid Cache) for a maximum of 1 hour and is then deleted automatically. You can delete your data at any time manually using the “Clear Data” function. No user accounts are required — you can use the service completely anonymously.

2.4 Disclaimer for uploaded content: The user is solely responsible for the content that they upload and process via Sparqly. The user warrants that they are authorized to process the uploaded data and that they comply with all applicable data protection laws, in particular the GDPR, as well as internal company policies.

We only provide the technical infrastructure to analyze CSV data; however, we do not monitor uploaded content and assume no responsibility for its legality, accuracy, or completeness. The user undertakes not to upload any unlawful, confidential, or unlawfully obtained data.

In the event of a breach of these provisions, the user bears full responsibility. If you accidentally uploaded unauthorized data, please use the “Clear Data” function immediately to delete all data from your session.

When you contact us (e.g., by email), personal data may be collected. This data is stored and used exclusively for the purpose of responding to your inquiry and for the associated technical administration.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once your inquiry has been fully processed. This is the case when it can be inferred from the circumstances that the matter has been conclusively clarified and provided that no statutory retention obligations prevent deletion.

PostHog

This website uses the web analytics service PostHog to analyze and regularly improve the use of our application. The service provider is PostHog B.V., Herengracht 440, 1017 BZ Amsterdam, Netherlands.

We have configured PostHog so that no cookies are stored on your device. Analysis of user behavior is carried out exclusively in so-called “cookie-less mode”.

In cookie-less mode, anonymous visitors are counted as new, non-identifiable users on every page view and on every return visit. No persistent or cross-session identifier is created to track anonymous users across different visits. This means your anonymity is fully preserved prior to logging in.

Usage data is only linked to a person if you actively register or log in on our website. From that point on, your interactions may be associated with your user profile in order to improve the functionality of our service for you.

Data processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and troubleshooting purposes, in order to improve our offering and make it more user-friendly.

To provide this service, we use the EU cloud of PostHog. All collected data is processed exclusively on servers within the European Union. No data is transferred to third countries (such as the USA).

Because we use the EU cloud of the service, we have concluded a data processing agreement (DPA) with the provider pursuant to Art. 28 GDPR. This ensures the protection of our visitors’ data and prohibits unauthorized disclosure to third parties. You have the right to object to this data processing at any time. We provide an appropriate option for this in your profile settings.

No automated decision-making within the meaning of Art. 22 GDPR takes place on this website. All analyses and calculations provided are for informational purposes only and are based on the data you upload. No decisions are made that produce legal effects concerning you or similarly significantly affect you.

6.1 Applicable data protection law grants you the following data subject rights (rights to information and intervention) with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective requirements for exercising these rights:

• Right of access pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to be informed pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw consent pursuant to Art. 7(3) GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.

Note: Because we do not store your data beyond the one-hour session, most of these rights are automatically fulfilled by design. You can delete all your data at any time by clicking “Clear Data” in the application.

6.2 RIGHT TO OBJECT

If we process your personal data on the basis of our overriding legitimate interest as part of a balancing of interests, you have the right at any time, for reasons arising from your particular situation, to object to this processing with effect for the future.

If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for processing that override your interests, fundamental rights and freedoms, or if processing serves the assertion, exercise, or defense of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. You can exercise the objection as described above.

If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and—where applicable—also by the respective statutory retention period (e.g., retention periods under commercial and tax law).

If personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

If statutory retention periods exist for data processed within the framework of contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer required for contract fulfillment or initiation and/or we have no legitimate interest in further storage.

If personal data is processed on the basis of Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or processing serves the assertion, exercise or defense of legal claims.

If personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this policy regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Specifically for Sparqly:

• Uploaded CSV data: maximum 1 hour, then automatically deleted
• Session cookies: until the browser is closed or after 1 hour of inactivity
• Server log files: 7 days