Privacy Policy

Invessiv

Owner: Moritz Hecht

Frankenberger Straße 235, 09131 Chemnitz, Germany

Email: service@invessiv.com

Phone: +49 1523 2070477

We use Vercel to host this website. When the website is accessed, Vercel processes technically required connection and log data, in particular IP address, time of access, requested resource, referrer URL, status information, and information about browser, operating system, and device where technically applicable. This processing is necessary to provide the website, deliver content, ensure stability and security, and defend against misuse. The legal basis is Art. 6 para. 1 lit. f GDPR. Log and infrastructure information is stored by Vercel only for as long as required for operation, security, and the retention periods applicable under the booked plan.

We use Vercel Web Analytics to evaluate the use of our website in aggregated form. According to Vercel, the service processes anonymized data and does not use cookies. This may include page views, referrer information, technical context data such as browser type, operating system, device type, and approximate region, as well as conversion events defined by us. These include in particular CTA clicks, contact clicks, calendar clicks, form interactions such as form start, submit attempt, successful form submission or error category, language or theme switches, and the visibility of individual page sections to measure where visitors leave the page (drop-off measurement). The form entries themselves are not transmitted for analytics purposes; for error events, only a general error category such as validation, delivery, or rate limit is processed. In our integration, query parameters and URL fragments are removed before transmission, and sensitive URL areas are not sent to Vercel Analytics. The processing is used for reach measurement, conversion analysis, and website optimization. The legal basis is Art. 6 para. 1 lit. f GDPR.

We use Vercel Speed Insights to measure the technical performance of our website. This may include page paths, technical performance indicators, and metrics relating to user experience. According to Vercel, the recorded data points are anonymous and are not associated with an individual person or IP address. The service helps us measure and technically improve loading times, stability, and interaction quality. The legal basis is Art. 6 para. 1 lit. f GDPR.

Only on our landing page at /services/landing-page and its related confirmation page – not on the rest of the website – we additionally use Google Analytics 4 (measurement ID G-5T4BC28Z0F) and Google Ads conversion tracking. Google Analytics 4 helps us understand how this landing page is used and how the inquiry flow performs, for example page views, drop-offs, engagement, and traffic sources. Google Ads conversion tracking measures inquiries that originate from our Google ads; the conversion is the visit to the confirmation page after a successful form submission, provided you have consented to the marketing category. This may process in particular your IP address as processed by Google, technical device and browser data, interaction and conversion events, and, for ad clicks, the Google click identifier (gclid). Both services run in Google Consent Mode v2 in Advanced Mode. This means the Google tag loads with the default setting "denied" (consent default denied). As long as you do not consent, no cookies are set and no device-related or personal identifiers are stored; only cookieless pings with aggregated signals that cannot be traced back to you (consent status as well as aggregated analytics signals) are sent to Google, from which Google statistically models usage. "Cookieless" does not mean "without data transmission": these aggregated signals are sent to Google even without consent. If you consent to the analytics or marketing category, the tag is upgraded to full measurement via consent update (analytics: analytics_storage; marketing: ad_storage, ad_user_data, ad_personalization). We only send Google Ads conversions after you have consented to the marketing category. The legal basis for full tracking after your consent is Art. 6 para. 1 lit. a GDPR. You give this consent via our cookie banner, which appears only on the landing page and the confirmation page; analytics and marketing are disabled there by default and are only activated for full measurement after your active consent. Consent Mode is merely the technical interface to Google and does not replace your consent. We store your selection locally in your browser as a technically necessary record of your own decision; you can change it or withdraw it with effect for the future at any time via the "Cookie settings" link in the footer of these pages. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; processing by Google LLC in the United States cannot be ruled out (see the section on third-country transfers). Further information can be found in Google's privacy notices.

If you contact us by contact form or email, we process the data you provide in order to handle your inquiry, communicate with you, and, where applicable, prepare or perform a contract. Depending on your input, this may include in particular your name, email address, phone number, company, role, requested service, website, project description, and optional details relating to budget, preferred start, page scope, or workflows. Form inquiries are transmitted technically to our mailbox via the email service Resend and are also stored in a Postgres/Neon-based lead database used by us to document incoming inquiries, track processing status, and manage follow-up communication in a structured way. In particular, we store the time of receipt, the form or inquiry channel used, the processing and mail-delivery status, and the version of the privacy and terms notices applicable at the time of submission. For form interactions, general events are also sent to Vercel Analytics, such as form start, submit attempt, successful form submission, or a general error category. The form entries themselves are not transmitted to analytics. The legal basis is Art. 6 para. 1 lit. b GDPR where the processing is required for pre-contractual steps or contract performance and otherwise Art. 6 para. 1 lit. f GDPR for the efficient handling, documentation, and follow-up of inquiries. Required fields are marked in the form; without them, we may be unable to process your inquiry or may only be able to process it to a limited extent.

If you use the LinkedIn post generator, we process your inputs such as topic, role or industry, tone, and selected color style, as well as the generated sample. The inputs are transmitted to OpenAI to create the result. The result is then provided directly in the browser as a ZIP file containing an image file and a text file; email delivery and providing an email address are not part of the generator. To limit misuse and costs, we store a pseudonymous technical identifier for 30 days based on a server-side hashed IP value, together with a usage counter and reset time. The raw IP address, prompt, and output are not stored in the limit record. The legal basis is Art. 6 para. 1 lit. b GDPR for the requested generation and provision of the download, and Art. 6 para. 1 lit. f GDPR for misuse and cost control. We do not permanently store generator content at Invessiv, apart from technically necessary logs and possible retention by service providers.

If you book an appointment via our Calendly link, you leave our website and enter your booking details directly on the Calendly page. This may include in particular your name, email address, appointment details, and optional notes. We use Zoom for online meetings. Depending on how a meeting is conducted, names, contact details, meeting metadata, and audio, video, or chat content may be processed. Meetings are not recorded by default; if a recording is planned in an individual case, we will inform you separately in advance. The processing is used to organize and conduct appointments and meetings. The legal basis is Art. 6 para. 1 lit. b GDPR where the processing is required for pre-contractual steps or contract performance and otherwise Art. 6 para. 1 lit. f GDPR.

Outside the landing page and the confirmation page (see the section "Google Analytics 4 and Google Ads"), we do not use consent-based tracking or marketing cookies. The website uses technically necessary storage mechanisms to provide the display and interaction settings you request. This includes localStorage to store the selected language, sessionStorage to temporarily restore scroll position during language changes, and a first-party cookie named "invessiv-theme" that stores your selected theme preference (dark or light) for up to 12 months. On the landing page and the confirmation page, we additionally store your cookie consent locally in your browser (localStorage) so that your selection is preserved and the banner is not shown to you again; storing your own decision in this way is technically necessary. Where information is stored on or read from your device in this context, this is done for technically necessary purposes; the legal basis for any subsequent processing of personal data is Art. 6 para. 1 lit. f GDPR. The cookie banner used on the landing page and the confirmation page controls the optional full analytics and marketing measurement (Google Analytics 4 and Google Ads); this only takes place after your consent. You can change or withdraw your selection at any time via the "Cookie settings" link in the footer of these pages.

Depending on the processing activity, personal data may in particular be received by: Vercel Inc. for hosting, Vercel Web Analytics, and Vercel Speed Insights, Google Ireland Limited or Google LLC for Google Analytics 4 and Google Ads conversion tracking on the landing page, OpenAI for generating LinkedIn post samples, Resend / Plus Five Five, Inc. for the technical delivery of form inquiries, Neon for the technical storage of lead records and pseudonymous generator limit data in a managed Postgres database, Calendly LLC for appointment scheduling, and Zoom Communications, Inc. for online meetings. Apart from that, we only disclose personal data where this is necessary to handle your inquiry, perform a contract, comply with legal obligations, or where you have provided consent.

We store personal data only for as long as required for the relevant purposes. We retain contact inquiries and related communication for as long as needed to handle the inquiry, continue related communication, prepare a contract, or comply with statutory retention and evidence obligations. Lead records from contact forms are generally deleted or anonymized after 24 months if no contractual relationship results from the inquiry and no longer statutory retention period applies. Pseudonymous limit data for the LinkedIn post generator is stored for 30 days and then replaced by a new time window or deleted. We do not permanently store generator content at Invessiv. Technical log, analytics, and performance data is processed in accordance with the retention periods provided by the respective service and required for operation and is then deleted, anonymized, or no longer kept in a personally identifiable form.

When using Vercel, Google, OpenAI, Resend, Neon, Calendly, and Zoom, it cannot be ruled out that personal data may also be processed in countries outside the EU or EEA, in particular in the United States, or be administratively accessible from there. Where no directly applicable adequacy decision applies to such transfers, the providers state that they rely on appropriate safeguards, in particular standard contractual clauses or, where certified, the EU-US Data Privacy Framework. According to its own information, Google is certified under the EU-US Data Privacy Framework. Further information can be found in the respective providers' privacy notices.

Under the GDPR, you have rights including access, rectification, erasure, restriction of processing, data portability, and objection. Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.

You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the Saxon Data Protection and Transparency Commissioner, Maternistraße 17, 01067 Dresden, Germany, email: post@sdtb.sachsen.de, website: www.datenschutz.sachsen.de.