Privacy Policy

Last updated: April 12, 2026

1. Introduction

This Privacy Policy applies to ToolKit, available at docutools.pro (“the Service”, “we”, “us”). We value your privacy and are committed to protecting your personal data in compliance with the European General Data Protection Regulation (GDPR/DSGVO) and the German Bundesdatenschutzgesetz (BDSG).

The core functionality of our tools operates client-side within your browser. Uploaded electronic invoices (XML/PDF) are processed entirely in-memory and are not stored on our servers unless you explicitly choose to use the GoBD Vault feature.

2. Data Controller

The data controller responsible for processing your personal data is identified in our Impressum (Legal Disclosure). For data protection inquiries, contact us at: bluecalafilms@gmail.com

3. Data We Collect

3.1 Automatically Collected Data

When you visit our website, our servers may automatically log:

  • IP address
  • Browser type and version
  • Operating system
  • Referring URL and pages visited
  • Date and time of access
  • Amount of data transferred

This data is processed for security, abuse prevention, and performance monitoring based on Art. 6(1)(f) GDPR (legitimate interest).

3.2 Account Data (Optional)

If you register for a Pro account via Google Sign-In, we receive and store your Google display name, email address, and profile photo URL. This data is managed through Supabase (our authentication provider) and is used solely for account management and subscription handling. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.3 Invoice Data (Client-Side)

Files you upload to our tools are processed in your browser or in server memory. We do not permanently store your invoice files or their content unless you are a Pro user and explicitly use the GoBD Vault feature, in which case invoice metadata is stored in our Supabase database under your account.

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Cookies are small text files stored on your device that help us improve your browsing experience, analyze site traffic, and serve relevant advertisements.

4.1 Essential Cookies

We use essential cookies and localStorage entries for:

  • Theme preference (dark/light mode)
  • Cookie consent choice
  • Authentication session (for Pro users)

These are strictly necessary for the Service to function. Legal basis: Art. 6(1)(f) GDPR.

4.2 Google Analytics

We use Google Analytics (Measurement ID: G-PG01L1F9P4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies to help analyze how users interact with our website. The information generated by the cookie about your use of the website (including your IP address) may be transmitted to and stored by Google on servers in the United States.

Google Analytics cookies are only activated after you have given your consent via our cookie consent banner. Legal basis: Art. 6(1)(a) GDPR (consent).

You can learn more about how Google uses data at: How Google uses data when you use our partners' sites or apps.

4.3 Google AdSense

We use Google AdSense to display advertisements on free-tier pages. Google AdSense uses cookies and web beacons to serve ads based on your prior visits to this website and other websites on the Internet:

  • Third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website or other websites.
  • Google’s use of advertising cookies enables it and its partners to serve ads to users based on their visit to your websites and/or other websites on the Internet.
  • Third-party vendors and ad networks may also place and read cookies on your browser, or use web beacons to collect information, in the course of serving ads on this website.

Advertising cookies are only activated after you have given your consent via our cookie consent banner. Legal basis: Art. 6(1)(a) GDPR (consent).

You may opt out of personalized advertising by visiting Google Ads Settings. Alternatively, you can opt out of a third-party vendor’s use of cookies for personalized advertising by visiting www.aboutads.info.

5. Third-Party Services

We use the following third-party services:

  • Supabase (authentication and database) — Your account profile and invoice vault data are stored in Supabase hosted infrastructure. See: Supabase Privacy Policy
  • Stripe (payment processing) — Pro subscription payments are processed by Stripe. We do not store your credit card information; this data is handled entirely by Stripe. See: Stripe Privacy Policy
  • Vercel (hosting and CDN) — Our website is hosted on Vercel. See: Vercel Privacy Policy

6. Data Retention

Server access logs are retained for a maximum of 30 days. Account data is retained for as long as your account is active. Invoice vault data (Pro users) is retained until you delete it or terminate your account. After account deletion, all associated data is removed within 30 days.

7. Your Rights under GDPR

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — You may request information about what personal data we store about you.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your personal data (“right to be forgotten”).
  • Right to restriction of processing (Art. 18 GDPR) — You may request restriction of processing under certain circumstances.
  • Right to data portability (Art. 20 GDPR) — You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3) GDPR) — You may withdraw any consent you have given at any time (e.g., cookie consent).

To exercise any of these rights, contact us at: bluecalafilms@gmail.com

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

8. International Data Transfers

Some of our third-party providers (Google, Stripe, Vercel, Supabase) may process data outside the European Economic Area (EEA). These transfers are safeguarded by Standard Contractual Clauses (SCCs) or the provider’s participation in equivalent adequacy mechanisms.

9. Children's Privacy

The Service is not designed for or directed at children under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates the most recent revision. We encourage you to review this page periodically.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

E-Mail: bluecalafilms@gmail.com

Postal address: See our Impressum.