Privacy Policy
Last updated: April 1, 2026
1. Controller
Benjamin Regitz
Am Schießrain 19
60389 Frankfurt am Main, Germany
Email: [javascript required to view email]
2. Overview
newsproof.life is a research-based educational tool for reflecting on news consumption habits. This policy explains what data is collected, why, how it is processed, and what rights you have.
This product is designed with privacy-by-design principles: quiz data is anonymous by default, email addresses are encrypted at rest, and no data is sold or shared for advertising purposes.
3. Hosting and Server Logs
This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, on a server located in Sweden (EU/EEA).
When you visit the website, the server automatically collects technical data in log files: your IP address, browser type and version, operating system, referring URL, and the time of the request. These logs are necessary for secure operation and are deleted within 14 days.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in secure and reliable operation.
4. Quiz Data
When you complete the quiz, your answers, calculated scores, assigned profile, and country selection are stored in our database. This data is anonymous by design — it is identified only by a randomly generated ID and is not linked to your identity unless you voluntarily provide your email address in a later step.
Anonymous quiz data is used to:
- Display your personal results
- Generate aggregate statistics (e.g., profile distribution, country comparisons)
- Improve the quiz and scoring over time
Since fully anonymous data does not constitute personal data under GDPR, it is retained indefinitely for aggregate research purposes. If you provide your email address, the link between your email and quiz data can be severed at any time upon request (see Section 14).
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing the service you requested and improving the product.
Bot protection: To prevent automated abuse, we use a honeypot field (invisible to humans) and a minimum completion time check. No CAPTCHA or third-party bot-detection service is used.
5. Automated Profiling
The quiz uses an automated scoring algorithm to calculate your News Balance Score (0–100) across five dimensions and assign one of nine media consumption profiles. This process constitutesprofiling within the meaning of Art. 4(4) GDPR.
How it works: Your answers to 12 questions are scored on five weighted dimensions (Emotional Strain, Intentional Consumption, Time Investment, Fear of Missing Out, Source Diversity). The algorithm applies fixed scoring rules to assign a total score and a profile label. For paid products, the Anthropic Claude API generates personalized text based on your anonymous quiz data.
What this does not do: The profiling does not produce legal effects or similarly significantly affect you within the meaning of Art. 22 GDPR. It does not make automated decisions about access to services, creditworthiness, employment, or any other consequential matter. The output is an educational reflection tool — not a diagnosis, assessment, or evaluation of your psychological state.
Your right to object: You have the right to object to profiling under Art. 21(1) GDPR. To do so, contact us at [javascript required to view email]. If you object, we will delete any stored data linked to your session.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing meaningful, personalized results.
6. Email Address — Result Delivery
If you choose to receive your detailed analysis by email, you provide your email address voluntarily. Your email address is:
- Encrypted at rest using AES-256 encryption
- Linked to your quiz results only via a one-way SHA-256 hash — the link cannot be reversed without our server-side secret
- Used to deliver your requested analysis and related transactional emails (order confirmations, purchased product delivery)
- Never sold, shared, or provided to third parties for marketing purposes
We use a double opt-in process: you must confirm your email address by clicking a link in a confirmation email before we send any content.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract (delivering the digital content you requested).
In addition to delivering your analysis, we may use your email address to send you information about related newsproof products (such as Pattern Map, Growth Path, or Bundle). This is permitted under §7(3) of the German Act Against Unfair Competition (UWG), which allows direct marketing for similar products when the email address was obtained in connection with the provision of a service, provided you were informed at the time of collection and can opt out at any time. You can unsubscribe from these messages at any time via the link in every email.
Legal basis for product-related emails: §7(3) UWG (Bestandskundenprivileg) in conjunction with Art. 13(2) ePrivacy Directive, which constitutes lex specialis to GDPR.
7. Email Address — Newsletter and General Marketing
Marketing emails (e.g., product updates, new features, educational content) are only sent if you giveseparate, explicit consent via an optional, unchecked checkbox. This consent is independent of your request to receive the detailed analysis.
You can withdraw your marketing consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at [javascript required to view email]. Withdrawal does not affect the delivery of purchased products or transactional emails.
Legal basis: Art. 6(1)(a) GDPR — your freely given consent.
8. Payments
If you purchase a paid product (Pattern Map, Growth Path, or Bundle), payment is processed byStripe, Inc. and optionally PayPal (via Stripe Checkout). We do not store your credit card details or PayPal credentials.
Stripe processes payment data as an independent controller under its own privacy policy. We store only the Stripe session ID, payment method type, product name, price, and payment status, linked to your contact record.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
9. AI-Powered Personalization (Paid Products)
The paid products (Pattern Map and Growth Path) use the Anthropic Claude API to generate personalized text based on your quiz answers and optional free-text input. Only your anonymous quiz data (scores, profile, dimension values, and free-text response) is sent to Anthropic — never your email address or any other identifying information.
Anthropic acts as a data processor under a Data Processing Agreement. Data sent via the API is not used by Anthropic to train their models.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
10. Analytics
This website uses Umami, a privacy-focused, open-source analytics tool that we self-host on our own server in Sweden (EU/EEA). Umami does not use cookies, does not store your IP address, does not collect personal data, and does not track individual users across sessions.
The only data collected is anonymous page view and event data (page URL, referrer, browser type, screen size, country derived from IP — the IP itself is not stored).
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding aggregated usage patterns.
11. Contact Form
If you use the contact form on the Imprint page, your name, email address, and message are transmitted via Formspree, Inc. (USA) and processed to respond to your inquiry. Formspree acts as a data processor. Your data is deleted after your inquiry has been resolved, unless a legal retention obligation applies.
Legal basis: Art. 6(1)(b) GDPR — pre-contractual or contractual communication.
12. Fonts
This website uses the open-source typefaces Playfair Display, Inter, and JetBrains Mono. All font files are self-hosted on our own server. No connection to Google servers or any other third party is made when loading fonts.
13. Data Processors and International Transfers
| Provider | Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Server hosting | Sweden (EU/EEA) | No transfer outside EU |
| Resend, Inc. | Email delivery | USA (EU/Ireland region) | EU-U.S. DPF + SCCs |
| Stripe, Inc. | Payment processing | USA | EU-U.S. DPF (independent controller) |
| Anthropic, PBC | AI text generation | USA | SCCs |
| Formspree, Inc. | Contact form | USA | SCCs |
Where data is transferred to the United States, the transfer is protected by the mechanisms indicated above. We maintain Standard Contractual Clauses as a backup mechanism for all US-based processors.
14. Data Retention
- Anonymous quiz data (not linked to an email): retained indefinitely for aggregate research and product improvement.
- Email addresses: retained until you unsubscribe or request deletion, then deleted within 30 days. The hash link to quiz data is removed simultaneously.
- Purchase records: retained for 10 years as required by German tax law (§147 AO, §257 HGB).
- Contact form messages: deleted after the inquiry has been resolved.
- Server logs: deleted within 14 days.
15. Cookies
This website does not set any cookies. We do not use cookie-based tracking, advertising cookies, or cookie consent banners. No third-party service used by this website sets cookies on your device.
16. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) — obtain confirmation of whether and what personal data is processed
- Right to rectification (Art. 16 GDPR) — correct inaccurate personal data
- Right to erasure (Art. 17 GDPR) — request deletion of your personal data
- Right to restriction of processing (Art. 18 GDPR) — restrict processing under certain conditions
- Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format
- Right to object (Art. 21 GDPR) — object to processing based on legitimate interest, including profiling
- Right to withdraw consent (Art. 7(3) GDPR) — withdraw consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at [javascript required to view email] or via the form on the Imprint page.
17. Right to Lodge a Complaint
You have the right to file a complaint with a data protection supervisory authority. The competent authority for the controller is:
Hessischer Beauftragter für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
Website: https://datenschutz.hessen.de
If you are located in another EU/EEA member state, you may also contact your local supervisory authority.
18. International Users
If you access this website from outside the EU/EEA, please be aware that your data is processed in accordance with EU data protection law (GDPR), which provides a high level of protection.
UK users: If you are located in the United Kingdom, your data is also protected under the UK GDPR. The rights described in Section 16 apply equally under UK data protection law. If you wish to lodge a complaint, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
19. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated via email where possible. The current version is always available at this page.