Privacy Policy

Datenschutzerklärung for bestfactory.ai. Effective date: 2026-04-16.

1. Controller (Art. 4(7) GDPR)

itcv Gesellschaft mit beschränkter Haftung
Solmsstr. 71
60486 Frankfurt
Germany

Phone: +49.69.24742919-0
Email: info@itcv-software.com

Privacy requests (access, deletion, objection, etc.): info@itcv-software.com

2. Scope and current state

This policy applies to the public bestfactory.ai landing website implemented in this repository.

bestfactory.ai is currently in preview. The site does not collect, process, or store any data you submit. The contact form is disabled, no analytics or tracking is loaded, no Cloudflare Turnstile bot-protection script is loaded, and no third-party advertising or social embeds run on the page.

This policy does not automatically govern separate product environments on other domains unless those domains explicitly reference this text.

3. Which data is processed and why

3.1 Website delivery and security logs

When you open the website, technical request data is processed by the hosting infrastructure to deliver pages and maintain security.

Typical categories:

  • IP address
  • date/time
  • requested path/resource
  • HTTP status
  • user-agent
  • referrer (if sent by browser)

Purposes:

  • website delivery
  • system stability
  • security and abuse prevention

Legal basis: Art. 6(1)(f) GDPR (legitimate interests). This data is not combined with other sources to identify you and is not used for profiling.

3.2 Get Started page (/get-started)

The server reads your user-agent header to show a matching browser logo (Safari/Firefox/Chrome fallback). The user-agent value is read in-memory for rendering only and is not persisted by the application.

Category: user-agent string. Purpose: contextual UI rendering. Legal basis: Art. 6(1)(f) GDPR.

3.3 Theme preference storage

The website uses next-themes to remember your selected light/dark mode in your browser’s local storage on your own device. Nothing is sent to the server.

Category: local preference value (typically theme). Purpose: persist your selected display mode.

Legal bases:

  • Art. 6(1)(f) GDPR
  • § 25(2) no. 2 TDDDG (storage/access strictly necessary for the requested display functionality)

3.4 External links

The website contains outbound links (e.g., docs, blog, social links). If you click such links, processing on the destination website is governed by that operator’s privacy terms.

Legal basis for link provision: Art. 6(1)(f) GDPR.

4. Recipients and processor categories

While the site is in preview, the only recipient of personal data is the hosting/infrastructure provider that delivers the site ([TO COMPLETE: hosting provider legal entity + country]).

No analytics, advertising, bot-protection, or email-delivery processors are engaged. If processing is carried out by processors, it is governed by data processing agreements where legally required.

5. International data transfers (Art. 44 ff. GDPR)

If data is transferred outside the EEA, transfer mechanisms are used as required by GDPR, e.g.:

  • adequacy decisions (Art. 45 GDPR)
  • Standard Contractual Clauses (Art. 46 GDPR)
  • other valid mechanisms under Chapter V GDPR

For U.S. recipients, EU-U.S. Data Privacy Framework certification may be used where applicable.

6. Retention

While the site is in preview, the application itself does not persist any user-submitted data.

The hosting provider may retain technical request/security logs (see §3.1) for the period documented in its own retention policy ([TO COMPLETE: server/security log retention period]). Such logs are retained only as long as necessary for the purposes stated in §3.1 unless longer retention is required by law or for legal defense.

7. Your rights under GDPR

You have the right to:

  1. access (Art. 15 GDPR)
  2. rectification (Art. 16 GDPR)
  3. erasure (Art. 17 GDPR)
  4. restriction of processing (Art. 18 GDPR)
  5. data portability (Art. 20 GDPR)
  6. object (Art. 21 GDPR), especially where processing is based on Art. 6(1)(f) GDPR
  7. withdraw consent at any time for consent-based processing (Art. 7(3) GDPR)
  8. lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise rights, contact: info@itcv-software.com.

8. Supervisory authority (Germany)

Given the controller seat in Frankfurt am Main, the competent authority is generally:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de

You may also contact another competent authority in your EU residence/work location.

9. Mandatory provision

You are not legally obliged to provide personal data to use this website. No forms are active that would require you to enter personal data.

10. Automated decision-making

No automated decision-making with legal or similarly significant effects under Art. 22 GDPR is implemented in this landing codebase.

11. Changes

We may update this policy to reflect legal, technical, or organizational changes.

BestFactory logoBestFactory
© 2026 itcv GmbH. All rights reserved.

Pages

Socials

  • BlogSoon
  • DocsSoon

Legal

App

BestFactory