Legal overview

Browse legal categories, open policy pages, and read the latest published content from CMS.

CategoriesBestFactory Landing

Privacy Policy

Effective date: April 16, 2026

Privacy Policy (Datenschutzerklärung) for bestfactory.ai

Effective date: 2026-04-16

1. Controller (Art. 4(7) GDPR)

https://bestfactory.ai/legal?category=bestfactory&document=impressum

2. Scope

This policy applies to the public bestfactory.ai landing website implemented in this repository, including the contact form and public legal overview pages.

This policy does not automatically govern separate product environments on other domains unless those domains explicitly reference this text.

3. Which data we process and why

3.1 Website delivery and security logs

When you open the website, technical request data is processed to deliver pages and maintain security.

Typical categories:

IP address

date/time

requested path/resource

HTTP status

user-agent

referrer (if sent by browser)

Purposes:

website delivery

system stability

security and abuse prevention

Legal basis:

Art. 6(1)(f) GDPR (legitimate interests)

3.2 Get Started page (/get-started)

The server reads your user-agent header to show a matching browser logo (Safari/Firefox/Chrome fallback).

Categories:

user-agent string

Purpose:

contextual UI rendering

Legal basis:

Art. 6(1)(f) GDPR

3.3 Contact form (/contact and /api/contact)

If you submit the contact form, we process:

name

email

optional company

message

submission timestamp

Turnstile verification token

forwarded IP address (if provided by infrastructure)

Purposes:

handling your inquiry

pre-contract communication

spam/abuse prevention

Legal bases:

Art. 6(1)(b) GDPR (pre-contractual communication)

Art. 6(1)(f) GDPR (abuse prevention and reliable communication)

Art. 6(1)(c) GDPR where legal retention obligations apply

3.4 Cloudflare Turnstile (bot protection)

The contact form uses Cloudflare Turnstile. A client-side Turnstile script is loaded and the token is validated server-side via Cloudflare.

Categories may include:

IP address

browser/device metadata

interaction/security signals

Turnstile token

Purposes:

bot and spam protection

protection of service integrity

Legal bases:

Art. 6(1)(f) GDPR

§ 25(2) no. 2 TDDDG (strictly necessary storage/access for requested secure functionality)

3.5 Theme preference storage

The website uses next-themes to store your selected light/dark mode in browser storage.

Category:

local preference value (typically theme)

Purpose:

persist your selected display mode

Legal bases:

Art. 6(1)(f) GDPR

§ 25(2) no. 2 TDDDG

3.6 Legal overview CMS content (/legal)

The legal overview page fetches legal content from a CMS backend using server credentials.

Categories:

request/query context (e.g., selected category/document/locale)

technical request metadata

Purpose:

render legal content dynamically

Legal basis:

Art. 6(1)(f) GDPR

3.7 External links

The website contains outbound links (e.g., docs, blog, social links). If you click such links, processing on the destination website is governed by that operator’s privacy terms.

Legal basis for link provision:

Art. 6(1)(f) GDPR

4. Recipients and processor categories

Depending on feature usage, recipients can include:

Hosting/infrastructure provider(s) operating this website ([TO COMPLETE: legal entity + country])

Cloudflare Turnstile (bot protection)

SMTP/email delivery provider used for contact form messages ([TO COMPLETE: legal entity + country])

CMS backend operator for legal content ([TO COMPLETE if separate legal entity])

If processing is carried out by processors, processing is governed by data processing agreements where legally required.

5. International data transfers (Art. 44 ff. GDPR)

If data is transferred outside the EEA, transfer mechanisms are used as required by GDPR, e.g.:

adequacy decisions (Art. 45 GDPR)

Standard Contractual Clauses (Art. 46 GDPR)

other valid mechanisms under Chapter V GDPR

For U.S. recipients, EU-U.S. Data Privacy Framework certification may be used where applicable.

6. Retention

Data is retained only as long as necessary for the respective purpose, unless longer retention is required by law or needed for legal defense.

Operationally relevant concrete periods should be documented and maintained internally:

server/security log retention ([TO COMPLETE])

contact inquiry retention ([TO COMPLETE])

7. Your rights under GDPR

You have the right to:

access (Art. 15 GDPR)

rectification (Art. 16 GDPR)

erasure (Art. 17 GDPR)

restriction of processing (Art. 18 GDPR)

data portability (Art. 20 GDPR)

object (Art. 21 GDPR), especially where processing is based on Art. 6(1)(f) GDPR

withdraw consent at any time for consent-based processing (Art. 7(3) GDPR)

lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise rights, contact: info@itcv-software.com

8. Supervisory authority (Germany)

Given the controller seat, the competent authority is generally:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2-4, 40213 Düsseldorf, Germany
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

You may also contact another competent authority in your EU residence/work location.

9. Mandatory provision

You are not legally obliged to provide personal data for general browsing.

For contact form communication, required fields are needed to process your request.

10. Automated decision-making

No automated decision-making with legal or similarly significant effects under Art. 22 GDPR is implemented in this landing codebase.

11. Changes

We may update this policy to reflect legal, technical, or organizational changes.

BestFactory logoBestFactory
© 2026 BestFactory. All rights reserved.

Pages

Socials

Legal

App

BestFactory