Privacy Policy

MAJOR KEY Capital GmbH ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and purchase our digital products.

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

1. Data Controller

The data controller responsible for your personal data is:

MAJOR KEY Capital GmbH

Innstraße 11

93059 Regensburg, Bavaria, Germany

Managing Director: Lucas Dünnes

Email: support@majorkeycapital.com

2. Information We Collect

2.1 Personal Data You Provide

We collect information that you voluntarily provide when you:

  • Create an account
  • Make a purchase
  • Subscribe to our newsletter
  • Contact us

This information may include:

  • Name and email address
  • Billing information and payment details (processed by Stripe)
  • Account credentials (encrypted)
  • Communication preferences
  • Any other information you choose to provide

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • Device Information: IP address, browser type, operating system, device type
  • Usage Data: Pages viewed, time spent on pages, click data, referring URLs
  • Location Data: Approximate geographic location based on IP address
  • Cookies and Tracking Technologies: See our Cookie Policy for details

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (Stripe) for transaction verification
  • Analytics providers for aggregated usage statistics
  • Marketing platforms for campaign performance data

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to fulfill our contract with you when you purchase products
  • Consent (Art. 6(1)(a) GDPR): For marketing communications, cookies, and tracking technologies where required
  • Legitimate Interests (Art. 6(1)(f) GDPR): For fraud prevention, security, analytics, and business operations
  • Legal Obligation (Art. 6(1)(c) GDPR): For tax and accounting requirements, compliance with legal requests

4. How We Use Your Information

We use your personal data for the following purposes:

  • Process and fulfill your orders
  • Manage your account and provide customer support
  • Send transactional emails (order confirmations, receipts, updates)
  • Prevent fraud and enhance security
  • Improve our website and services
  • Analyze usage patterns and trends
  • Send marketing communications (with your consent)
  • Comply with legal obligations
  • Enforce our terms and conditions

5. Third-Party Service Providers

We share your data with trusted third-party service providers who assist us in operating our business:

Hosting & Infrastructure

Vercel (US): Website hosting and content delivery

Supabase (US): Database, authentication, and file storage

Payment Processing

Stripe (US/Ireland): Payment processing and fraud detection

Stripe is PCI-DSS compliant. We do not store your full credit card information.

Email Services

Resend (US): Transactional emails

Klaviyo (US): Marketing emails and newsletters

Analytics & Tracking

Google Analytics 4 (US): Website analytics

PostHog (US/EU): Product analytics

Meta Pixel (US): Facebook/Instagram advertising

TikTok Pixel (US/Singapore): TikTok advertising

LinkedIn Insight Tag (US): LinkedIn advertising

Reddit Pixel (US): Reddit advertising

Content & Media

ElevenLabs (US): Text-to-speech audio generation

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions, etc.).

6. International Data Transfers

As we use service providers based in the United States and other countries outside the European Economic Area (EEA), your personal data may be transferred to and processed in countries that may not offer the same level of data protection as Germany.

For transfers to the US, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework for certified companies
  • Additional security measures and safeguards

You have the right to obtain information about these safeguards by contacting us.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver targeted advertising. For detailed information, please see our Cookie Policy.

You can manage your cookie preferences through our cookie banner and your browser settings.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: Until you delete your account, plus 30 days
  • Transaction Data: 10 years (German tax law requirement)
  • Marketing Data: Until you unsubscribe or object
  • Analytics Data: Aggregated/anonymized data may be retained indefinitely
  • Support Communications: 3 years after resolution

9. Your Rights

9.1 GDPR Rights (EU/EEA Users)

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
  • Right to Lodge a Complaint: File a complaint with your data protection authority

9.2 CCPA Rights (California Residents)

California residents have additional rights under the CCPA:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: support@majorkeycapital.com

Subject line: "Data Privacy Request"

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication with password hashing
  • Regular security audits and updates
  • Access controls and role-based permissions
  • Monitoring and logging of suspicious activities
  • Data backup and recovery procedures

Important: While we implement strong security measures, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

MAJOR KEY Capital GmbH

Data Privacy Officer: Lucas Dünnes

Innstraße 11, 93059 Regensburg, Germany

Email: support@majorkeycapital.com

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. For Germany, the competent authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach, Germany

Phone: +49 (0) 981 180093-0

Email: poststelle@lda.bayern.de

Website: www.lda.bayern.de

California Consumer Privacy Act (CCPA) Notice

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, geolocation data

Business Purpose for Collection: Providing services, processing transactions, customer support, analytics, marketing

Third Parties We Share With: Service providers, payment processors, analytics providers, advertising partners

Sale of Personal Information: We do NOT sell your personal information to third parties.

Last Updated: November 2025

Effective Date: November 2025