Privacy Policy

Responsible Party

The party responsible for processing data on this website is:
CLXON STUDIOS (GBR)
Owner: Artur Pfaff
Jahnstraße 139
41189 Mönchengladbach
Germany

Email: info@clxon.com
Website: www.clxon.com

1. Privacy at a Glance

General Information

This privacy policy explains how CLXON Tools ("we", "our", or "us") handles your personal data when you use our free online tools website. We are committed to protecting your privacy and ensuring complete transparency about our data practices.

100% Client-Side Processing

All tools on CLXON Tools process data entirely in your browser. No data is sent to our servers, stored on our servers, or transmitted to third parties. Your data never leaves your device, ensuring maximum privacy and security.

2. Data Processing

No Server-Side Data Storage

When you use our online tools (QR code generator, password generator, JSON formatter, color converter, markdown converter, and all other tools), all processing happens locally in your web browser using JavaScript. We do not collect, store, or process any of your data on our servers.

Website Encryption: Our website uses TLS encryption (HTTPS) to protect data during transmission. This ensures that all data exchanged between your browser and our website is encrypted and protected against unauthorized access.

Web Fonts

We use the Inter font family, which is provided by Google Fonts. The fonts are loaded from Google's servers (fonts.googleapis.com and fonts.gstatic.com). When you visit our website, your browser may establish a connection to Google's servers to load the fonts. Google may collect certain technical data (such as your IP address) as part of this process.

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) for ensuring consistent and professional typography across our website.

For more information about Google Fonts and data processing, please visit: Google Privacy Policy

What Data Do We Collect?

We collect no personal data from tool usage. Our website is deployed as a static export, which means there is no server-side processing. Our hosting provider (Netlify) may maintain standard server logs (IP address, browser type, access time) as part of their service. We do not have direct access to these logs, and they are used solely for website operation and security purposes.

Newsletter Subscription

If you subscribe to our newsletter, we collect and store your email address. We use a double opt-in process, which means you will receive a confirmation email after subscribing. Your subscription is only activated after you confirm your email address by clicking the confirmation link in that email.

We use your email address solely for sending newsletter updates about new tools and features. We do not use your email address for marketing purposes or share it with third parties.

Newsletter emails are sent via our email service provider (Strato SMTP). Your email address is transmitted to Strato's servers for the purpose of sending the newsletter. Strato processes this data in accordance with their privacy policy and applicable data protection laws.

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly. When you unsubscribe, we will remove your email address from our newsletter list.

Legal Basis: Your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Storage Duration: We store your email address until you unsubscribe from the newsletter. After unsubscribing, your data will be deleted immediately, unless we are legally obligated to retain it for a longer period.

Contact Form

When you use our contact form, we collect the following data: name, email address (optional), subject, reason, and message. This data is transmitted to us via email and is used solely to process and respond to your inquiry.

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) for processing your inquiry. If you provide your email address, we may also process it based on your consent (Art. 6 para. 1 lit. a GDPR).

Storage Duration: We store your inquiry data for as long as necessary to process your request and for a maximum of 3 years after the last contact, unless we are legally obligated to retain it for a longer period (e.g., commercial or tax retention obligations).

Data Transmission: Your data is transmitted via email using SMTP. We use secure email transmission (TLS/SSL encryption). However, please note that email transmission is generally not completely secure.

Email Storage: Emails are stored on the servers of our email provider (Strato) until they are deleted. We access these emails via our email client for processing and responding to your inquiries.

3. Cookies and Tracking

Cookies

We use essential cookies and local storage for website functionality. Specifically, we use:

• Language Preference: Stored in localStorage to remember your language selection (English or German) for future visits.
• Cookie Consent Preferences: Stored in localStorage to remember your cookie preferences so you don't have to see the cookie banner on every visit.

These essential storage mechanisms are necessary for the website to function properly and do not require your consent. LocalStorage data is not transmitted to us or third parties and remains exclusively on your device.

Cookie Consent Management: We use our own, locally hosted cookie banner without third-party providers. The cookie banner allows you to manage your consent preferences for analytics and marketing cookies. Your preferences are stored locally in your browser and are not transmitted to our servers.

Google Analytics (Optional)

If you consent to analytics, we use Google Analytics exclusively with activated IP anonymization (anonymizeIp). This means your IP address is shortened within the EU before storage, so that it can no longer be assigned to you personally. We use Google Analytics solely with your explicit consent and only to understand website usage patterns.

IP Anonymization: We use Google Analytics exclusively with activated IP anonymization. This means your IP address is shortened within the EU before being transmitted to Google servers, so that it can no longer be assigned to you personally.

Data Processing Agreement: We have entered into a data processing agreement with Google in accordance with Art. 28 GDPR.

Data Transmission to Third Countries: If you consent to analytics, data may be transmitted to Google servers in the USA. We have ensured that appropriate safeguards are in place through Google's compliance with standard contractual clauses approved by the European Commission.

Consent-Based Usage: Google Analytics is only loaded and used after you have given your explicit consent via our cookie banner. You can withdraw your consent at any time by changing your cookie preferences. Analytics data is anonymized and does not identify individual users.

4. Your Rights

Under GDPR (General Data Protection Regulation) and other applicable privacy regulations, you have the following rights:

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about the processing.
• Right to Rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
• Right to Erasure (Art. 17 GDPR): You have the right to obtain the erasure of personal data concerning you without undue delay, where certain conditions are met.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to obtain restriction of processing where certain conditions apply.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
• Right to Withdraw Consent (Art. 7 GDPR): You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

To exercise any of these rights, please contact us using the contact information provided in section 9. We will respond to your request within one month, in accordance with GDPR requirements.

Supervisory Authority: If you are located in Germany, you can contact the following supervisory authority:
Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Deutschland

Website: www.ldi.nrw.de
Email: poststelle@ldi.nrw.de

5. Third-Party Services

Our website is hosted on external servers operated by Netlify, Inc. (44 Montgomery Street, Suite 300, San Francisco, California 94104, USA). As part of their hosting services, Netlify may automatically collect and store certain information in server logs, including:

• IP address
• Browser type and version
• Operating system
• Referrer URL (the website from which you accessed our site)
• Date and time of access
• Requested pages/files

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) for ensuring website security, preventing abuse, and ensuring proper website operation.

Storage Duration: Server logs are typically stored for a maximum of 30 days by the hosting provider, unless a longer retention period is required for security or legal purposes.

Data Transmission to Third Countries: Netlify may process data in the USA. We have ensured that appropriate safeguards are in place through Netlify's compliance with standard contractual clauses approved by the European Commission.

We do not share your data with any third parties for marketing or advertising purposes. We do not sell your personal data.

6. Security

We implement industry-standard security measures to protect our website. However, since all tool processing happens client-side, your data security is primarily dependent on your own device security. We recommend using secure, up-to-date browsers.

7. Privacy for Children

Our tools are designed to be safe for users of all ages. We do not knowingly collect personal information from children under 13 (in the USA) or under 16 (in the EU) without parental consent.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. We will take steps to delete such information from our systems as soon as possible.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information from our servers immediately.

8. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically to stay informed about how we protect your data.

9. Contact

If you have questions about this privacy policy or our data practices, please contact us at:
CLXON STUDIOS (GBR)
Owner: Artur Pfaff
Jahnstraße 139
41189 Mönchengladbach
Germany

Email: info@clxon.com
Website: www.clxon.com