Privacy Policy
Last updated: February 2026
Kikiform is a product of Technotetis UG (haftungsbeschränkt), Pohlstr. 70, 10785 Berlin, Germany. This policy explains what information we collect when you use Kikiform, why we need it, and what we do with it.
We aim to keep things simple and honest. If you have questions, write to us at info@kikiform.de.
What data we collect
Account data
When you sign up or sign in, we store your email address. That is the minimum we need to give you access to your account.
Invoice and business data
Kikiform stores the invoices you create and the client records you add. This includes your business details (name, address, VAT ID, IBAN) and your clients' details. You enter all of this yourself. We store it so you can access and manage it.
Session data
When you are signed in, we keep a session in our database. This session is linked to a secure cookie set on your browser — it contains only a session identifier, nothing personal. We do not derive any tracking or advertising data from sessions.
How you can sign in
Kikiform supports two ways to sign in:
Magic link (email): We send you a single-use sign-in link by email. We never store a password.
Google Sign-In: This is entirely optional. You will only see it as an option on the sign-in screen if you choose to use it. If you do, Google processes your sign-in under Google's own privacy policy. We receive only the email address associated with your Google account. No other data is shared between Kikiform and Google unless you actively initiate a Google sign-in.
Where your data is stored
All data is stored on servers operated by Hetzner Online GmbH, a German company. Infrastructure is located within the European Union (Germany and Finland). Your data does not leave the EU.
Cookies
Kikiform sets one cookie:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
authjs.session-token |
Keeps you signed in | First-party, HttpOnly, Secure | Until you sign out |
We do not use advertising cookies, tracking pixels, or any third-party cookies.
Analytics
We use Pirsch Analytics to understand how Kikiform is used — which pages visitors land on, how many people complete sign-up, and where the product could be clearer. Pirsch is a German company and all data is processed on servers in Germany.
Pirsch is designed to be privacy-first:
- Pirsch itself sets no cookies and uses no
localStoragefor analytics purposes — no tracking data is stored on your device - If you use the opt-out toggle to disable analytics, a single local flag (
localStorage.disable_pirsch) is stored on your device so your choice can be honored. This flag is set only when you use the toggle - No cross-site tracking, no advertising profiles, no data sold to third parties
- Your IP address is processed only to generate a short-lived, daily-rotating hash — the raw IP is never stored
- Your browser's Do Not Track and Global Privacy Control signals are respected automatically — if either is enabled, Pirsch does not record your visit
Legal basis: Our legitimate interest in measuring how the product is used to improve it (Art. 6(1)(f) GDPR). Pirsch itself stores nothing on your device for analytics, so no consent under § 25 TTDSG / ePrivacy is required. The local opt-out flag is only written when you actively use the toggle below.
What is processed: Anonymous pageview data (page URL, referrer, country, device type, browser family) and conversion events (for example, that a sign-up was completed — never your email or account details).
Retention: Aggregate statistics are retained by Pirsch for the lifetime of our account. No individual visitor records are kept.
Opt out of analytics
Even though Pirsch is anonymous, you can always opt out:
- Enable Do Not Track or Global Privacy Control in your browser settings — Pirsch will ignore you automatically, and
- Use the opt-out toggle below, which stores a local flag in your browser telling the analytics script to stay silent:
Third-party services
We use the following third-party services to operate Kikiform:
- Hetzner Online GmbH — server and database hosting (EU, Germany)
- Lettermint — transactional email delivery for magic link sign-in emails (EU, GDPR-compliant)
- Mistral AI — AI text extraction from invoice PDFs uploaded during onboarding (optional feature, only active when you choose to upload an invoice). Only the extracted text content of the PDF is transmitted; the file itself is discarded immediately on our servers and never stored. EU-based (France). Privacy policy
- Mollie — payment processing. When you purchase invoices or subscribe, your payment is processed by Mollie B.V. (Netherlands). Mollie processes your payment details (card number, bank account) and email address. Privacy policy
- Pirsch Analytics — cookieless, privacy-first web analytics. EU-based (Germany). See the Analytics section above for what is processed and how to opt out. Privacy policy
We do not use social media embeds, advertising networks, or external tracking services.
How long we keep your data
We keep your account and invoice data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Invoice data linked to your account is deleted at the same time.
Note: German tax law (§ 147 AO) may require you to keep your own invoice records for up to 10 years. That obligation is yours as a business owner — it does not create an obligation for us to retain your data on your behalf.
Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (right to erasure)
- Export your data in a portable format
- Object to processing or ask us to restrict it
To exercise any of these rights, contact us at info@kikiform.de. We will respond within 30 days.
You also have the right to lodge a complaint with the supervisory authority responsible for Berlin:
Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstr. 219, 10969 Berlin www.datenschutz-berlin.de
Changes to this policy
If we make significant changes to this policy, we will notify you by email before they take effect. Minor updates (such as clarifications) will be published here with an updated date.
Contact
Technotetis UG (haftungsbeschränkt) Pohlstr. 70, 10785 Berlin, Germany info@kikiform.de