Dystild.Finance
    LearnContact

    Legal

    Privacy Policy

    Datenschutzerklärung — Last updated: April 2026

    1. Data Controller (Verantwortlicher)

    Black Kat Ventures
    Unternehmergesellschaft (haftungsbeschränkt)
    Markgrafenstr. 67
    10969 Berlin
    Germany
    Email: hello@dystild.io

    2. Overview

    This policy explains what personal data is collected when you use dystild.io, why it is collected, how it is stored, and what rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

    We collect as little data as possible. We do not collect IP addresses, browser fingerprints, or device information. We do not have user accounts or authentication. The data we collect is limited to what you voluntarily enter into the financial diagnostic tool and the analytics data described below.

    3. Data We Collect and Why

    3.1 Infrastructure and Hosting

    This website is hosted on Amazon Web Services (AWS) in the EU region via Amazon Elastic Container Service (ECS), behind an Application Load Balancer (ALB). ALB access logging is disabled. We do not collect or store IP addresses, browser information, operating system data, or request metadata at the infrastructure level.

    AWS may process limited technical data as part of routing and delivering requests. AWS's privacy policy is available at: aws.amazon.com/privacy

    Legal basis: Art. 6(1)(f) GDPR — legitimate interests in operating a functional and secure website.

    3.2 Questionnaire Answers and Results

    When you complete the financial diagnostic questionnaire on this site, your answers and the generated results are stored in our database hosted on AWS (Amazon RDS or DynamoDB, EU region).

    What we store:

    • Your questionnaire answers (income bracket, employment status, savings information, account balances, and related financial profile data)
    • Your calculated results and pillar classification
    • A session identifier to associate answers with results
    • Timestamp of submission

    What we do not store:

    • Your name
    • Your email address
    • Your IP address
    • Any directly identifying information

    Your questionnaire data is not linked to your identity unless you explicitly provide contact information elsewhere on the site.

    Questionnaire answers and results are retained for [X] days, after which they are automatically deleted. Aggregated, anonymised data derived from questionnaire responses may be retained indefinitely as it cannot be linked to any individual.

    Legal basis: Art. 6(1)(a) GDPR — your consent, given by voluntarily submitting the questionnaire. You can request deletion of your data at any time by contacting hello@dystild.io.

    3.3 Anthropic API

    Your questionnaire answers are transmitted to Anthropic, Inc. (548 Market St, San Francisco, CA 94104, USA) via their API to generate personalised analysis and recommendations. Anthropic processes your answers solely to generate the response returned to you. We do not use Anthropic in a way that retains your data for model training by default.

    Anthropic's data retention and usage policies: anthropic.com/privacy

    Legal basis: Art. 6(1)(a) GDPR — consent. This transfer to the US is based on your explicit consent pursuant to Art. 49(1)(a) GDPR.

    3.4 Google Analytics

    We use Google Analytics (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to understand how visitors use this site — which pages are visited, how long people stay, and where traffic comes from. Google Analytics uses cookies. We have enabled IP anonymisation — your full IP address is not stored by Google. Data may be transferred to Google servers in the United States. Google LLC participates in the EU-US Data Privacy Framework.

    You can opt out using the Google Analytics Opt-out Browser Add-on.

    Legal basis: Art. 6(1)(a) GDPR — consent, given via our cookie banner. Google's privacy policy: policies.google.com/privacy

    3.5 Google Fonts

    This site uses Google Fonts to display typography. Your browser requests font files from Google's servers when loading a page. Google may log this request. We have no control over what Google collects through this request.

    Legal basis: Art. 6(1)(f) GDPR — legitimate interests in providing a consistent visual experience.

    3.6 Automated Decision-Making

    The financial diagnostic tool uses a deterministic algorithm to classify your financial profile into one of five categories and generate account recommendations. This constitutes automated processing within the meaning of Art. 22 GDPR. The classification is based solely on your answers and applies general financial principles. It does not constitute a personalised investment recommendation and has no legal or similarly significant effect on you. You are free to disregard any output from the tool.

    If you have questions about how the classification works, contact us at hello@dystild.io.

    3.7 Affiliate Links

    This site contains links to third-party financial products and services. Clicking these links does not transmit personal data to us. Third-party sites operate under their own privacy policies and may set their own cookies. We may receive a commission if you open an account through one of these links.

    4. Cookies

    CookieProviderPurposeDuration
    _gaGoogleIdentifies unique users2 years
    _ga*GoogleStores session state2 years
    _gidGoogleIdentifies unique users24 hours

    We do not set any first-party cookies beyond what is technically necessary for the tool to function. Analytics cookies are only loaded with your consent.

    5. International Data Transfers

    • Google (Analytics and Fonts): Data transferred to the United States under the EU-US Data Privacy Framework adequacy decision of 10 July 2023.
    • Anthropic: Data transferred to the United States based on your explicit consent (Art. 49(1)(a) GDPR). By submitting the questionnaire you consent to this transfer.
    • AWS: Your questionnaire data is stored in the EU region. AWS Standard Contractual Clauses govern any incidental transfers.

    6. Data Retention Summary

    DataRetention
    Questionnaire answers[X] days
    Generated results[X] days
    Anonymised aggregate dataIndefinite
    Google Analytics data14 months
    Email correspondence3 years
    ALB / infrastructure logsNot collected

    7. Your Rights (Betroffenenrechte)

    Under GDPR and BDSG you have the following rights:

    • Right of access (Art. 15 GDPR): Request confirmation of whether we hold data about you and, if so, a copy of that data.
    • Right to rectification (Art. 16 GDPR): Request correction of inaccurate data we hold.
    • Right to erasure (Art. 17 GDPR): Request deletion of your data where we have no overriding legitimate reason to retain it.
    • Right to restriction (Art. 18 GDPR): Request that we pause processing of your data in certain circumstances.
    • Right to data portability (Art. 20 GDPR): Request your data in a structured, machine-readable format.
    • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests.
    • Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting the lawfulness of prior processing.

    To exercise any of these rights, email hello@dystild.io. We will respond within one month.

    Note: because we store no names, email addresses, or IP addresses alongside questionnaire data, we may be unable to identify your specific record without a session identifier. If you saved your results, include any reference number shown.

    8. Right to Lodge a Complaint (Beschwerderecht)

    You have the right to lodge a complaint with a supervisory data protection authority at any time pursuant to Art. 77 GDPR. The supervisory authority for Berlin is:

    Berliner Beauftragte für Datenschutz und Informationsfreiheit
    Friedrichstr. 219
    10969 Berlin
    Germany
    www.datenschutz-berlin.de

    9. Security

    We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. Questionnaire data is stored in an AWS database in the EU region with access restricted to application processes only. Data in transit is encrypted via HTTPS.

    10. Children

    This site is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has submitted data through this site, contact us at hello@dystild.io and we will delete it promptly.

    11. Changes to This Policy

    We may update this policy periodically. The date at the top of the page reflects the most recent revision. Continued use of the site after changes are published constitutes acceptance of the revised policy.

    12. Contact

    hello@dystild.io
    dystild.io