Privacy Policy

1. Introduction

Lackner Consulting ("we", "us", "our") operates HostMetrics (hostmetrics.ai). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using HostMetrics, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

Lackner Consulting
Lengwilerstrasse 25
8585 Schönenbaumgarten
Switzerland

Email: hello@hostmetrics.ai

3. Information We Collect

3.1 Information you provide

• Account information: name, email address, password
• Payment information: processed by Paddle; we don't store credit card details
• Communication data: support tickets, emails, feedback
• User content: saved analyses, notes, preferences

3.2 Information collected automatically

• Device information: browser type, operating system, device type
• Usage data: pages visited, features used, time spent, clicks
• IP address: and approximate geographic location
• Cookies: and similar tracking technologies

3.3 Information from third parties

• Payment status: from Paddle (subscription status, billing events)
• Property data: from Airbtics and public sources (anonymized market data)

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Send transactional emails (receipts, account updates, security alerts)
• Send marketing emails (only with your consent; unsubscribe anytime)
• Analyze usage patterns to improve the Service
• Prevent fraud, abuse, and security threats
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

• Contract: To provide the Service you subscribed to
• Consent: For marketing communications and optional cookies
• Legitimate interest: For analytics, fraud prevention, service improvement
• Legal obligation: For tax, accounting, and regulatory requirements

6. Data Sharing

We share data with the following categories of recipients:

• Paddle.com: Payment processing (as our Merchant of Record)
• Airbtics: Data provider (anonymized queries only)
• Cloud providers: Hosting and infrastructure (servers, databases)
• Analytics tools: Usage analysis (anonymized/aggregated data)

7. International Transfers

Your data may be transferred to and processed in countries outside your residence, including Switzerland and the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding corporate rules for intra-group transfers

8. Data Retention

We retain your data for the following periods:

• Account data: Until you delete your account, plus 7 years for tax records
• Usage data: 24 months
• Marketing data: Until you unsubscribe
• Support tickets: 3 years
• Legal records: As required by applicable law

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of data processing
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interest
• Withdraw consent: Withdraw consent for marketing communications at any time

To exercise these rights, email: hello@hostmetrics.ai

We will respond to your request within 30 days.

10. Cookies

We use the following types of cookies:

• Essential cookies: Required for Service operation (authentication, security)
• Analytics cookies: To understand usage patterns (can be disabled)
• Preference cookies: To remember your settings and preferences

You can manage cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

11. Security

We implement appropriate technical and organizational security measures:

• Encryption in transit (HTTPS/TLS for all connections)
• Encryption at rest for sensitive data
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure payment processing via Paddle
• Regular backups and disaster recovery procedures

12. Children

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Sending an email to registered users
• Posting a notice on our website
• Updating the "Last updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related inquiries:

Email: hello@hostmetrics.ai

For EU residents, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.