KlarStep Privacy Policy
Last updated: November 2, 2025
KlarStep (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the European Union’s General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Overview
KlarStep is an online platform designed to help immigrants prepare for the Leben in Deutschland (LiD) test by offering realistic mock exams and progress tracking.
We operate under a freemium model: users can take up to 3 exams for free, and unlimited access is available through a one-time payment.
2. Data Controller
KlarStep is owned and operated by [Your Company Name or Individual Name], established in Estonia.
If you have any questions about this policy or your data, you can contact us at:
Email: [your contact email]
Address: [company or registered address, Estonia]
3. What Information We Collect
We collect only the minimum data necessary to operate KlarStep effectively and comply with applicable regulations.
3.1. Account Information
- When you create an account, you can only do so via social login (Google or Meta).
- This provides us with your name, email address, and profile picture (optional) — depending on your provider’s settings and your consent.
We do not store passwords or any authentication credentials ourselves.
3.2. Usage Data (Anonymous Analytics)
- We use Umami (an open-source, privacy-focused analytics tool) to collect anonymous usage information, such as:
- Pages visited
- Time spent on the platform
- Device type and browser
- Country (approximate, derived from IP address but not stored)
- Umami does not use cookies or collect any personal identifiers.
Therefore, this analytics tracking is fully GDPR-compliant and does not require a cookie banner or consent pop-up.
3.3. Payment Information
- Payments are processed securely via Mollie, our third-party payment provider.
- We do not store or process your credit card or payment details.
- Mollie may collect certain billing information as required by law (e.g., name, email, country, and transaction details).
3.4. Communication Data
- If you subscribe to notifications or updates, your email address may be used via Brevo (email service provider) for:
- Transactional messages (e.g., payment confirmation)
- Regional updates (e.g., new LiD exam versions)
- You can unsubscribe from non-transactional communications at any time.
4. How We Use Your Data
We use your data only for legitimate purposes:
- To provide access to your account and exam progress.
- To enable payments and verify transactions.
- To send important service-related communications.
- To improve the platform based on anonymous usage data.
- To comply with legal obligations (e.g., tax records, security logs).
5. Legal Basis for Processing
Under the GDPR, we process your personal data on the following bases:
- Contractual necessity: To provide our services and manage your account.
- Legitimate interests: To improve user experience and prevent abuse.
- Legal obligation: To comply with accounting and tax requirements.
- Consent: When you opt-in to receive communications from us.
6. Data Retention
- Account data is retained as long as your account remains active.
- If you delete your account, all personal information (name, email) is removed within 30 days, except data we are legally required to retain (e.g., payment records).
- Anonymous analytics data (via Umami) is not linked to any personal user and is kept indefinitely in aggregated form.
7. Data Sharing and Third Parties
We only share data with trusted providers necessary to operate KlarStep:
| Purpose | Provider | Data Shared | Location |
|---|
| Authentication | Google, Meta | Name, Email | EU/US (GDPR safeguards) |
| Payments | Mollie | Billing address | EU |
| Email delivery | Brevo | Email | EU |
| Analytics | Umami (self-hosted) | Anonymous data | EU |
All providers are GDPR-compliant and bound by data processing agreements.
8. International Data Transfers
Some data may be transferred to countries outside the EU (e.g., via Google or Meta).
When this happens, it is done in accordance with GDPR-approved mechanisms such as the EU Standard Contractual Clauses (SCCs) to ensure adequate data protection.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access: Request a copy of your data.
- Correction: Request corrections to inaccurate data.
- Deletion: Request deletion of your data (“right to be forgotten”).
- Restriction: Limit processing under certain conditions.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Withdraw consent for communications at any time.
You can exercise these rights by contacting us at [your contact email].
10. Data Security
We implement strict technical and organizational measures to safeguard your data:
- Encrypted connections (HTTPS) for all communication.
- Encrypted storage for sensitive information (e.g., payment references).
- Regular security audits and server hardening.
- Access controls and least-privilege policies.
11. Cookies and Tracking
KlarStep does not use cookies for analytics, advertising, or tracking purposes.
Functional cookies may be used only to support session management (e.g., authentication tokens). These are strictly necessary and do not require consent under the GDPR.
12. Children’s Privacy
KlarStep is intended for users aged 18 or older.
We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us to have it deleted.
13. Changes to This Policy
We may update this Privacy Policy periodically.
When we make material changes, we will notify users by email or a notice on our website.
14. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or your personal data, you can contact us at:
Email: [your contact email]
Address: [your registered address, Estonia]
Data Protection Contact: [optional DPO or same email]