Privacy policy (summary)

1. Controller

Responsible for data processing on this site:
[Legal entity TBD — currently: Xaver Freytag, Berlin]
Email: mail@xaverfreytag.com

2. What we don't collect

levelll is built data-sparse:

• No user accounts, no login
• No personalised profiles
• No tracking cookies
• No advertising, no ad trackers
• No social media integrations
• No storage of consumption behaviour on our servers

3. Server logs (technically unavoidable)

When you visit the site, our hosting provider Vercel processes technically unavoidable data:

• IP address (truncated after 24h)
• Date and time of access
• Requested URL
• Browser user agent

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing and securing the website).

4. Hosting

This site is hosted by Vercel Inc. (USA). A Data Processing Agreement (DPA) is in place. EU region is used where possible.

5. iOS app (planned)

The planned levelll iOS app runs fully offline. All data stays local on your device. No cloud sync, no server backups. Sensitive data is encrypted in the iOS Keychain. Reset deletes all data irreversibly.

6. Your rights (Art. 15–22 GDPR)

• Right of access, rectification, erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to lodge a complaint with the supervisory authority (Berlin Commissioner for Data Protection)

7. Changes

We may update this policy to reflect current legal requirements. The current version is always available here.

Last updated: 2026-05-06