Privacy Policy
Last updated: June 3, 2026
1. Data Controller
The data controller responsible for data processing on this website is:
AI Momentum LLC
30 N Gould St Ste R
Sheridan, WY 82801, USA
Email: terminal@cashflowengine.io
Represented by: Thomas Mehlitz
2. General Information
We take the protection of your personal data seriously. We process personal data collected during your visit to our website in compliance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.
3. Legal Basis for Processing
We process personal data based on the following legal grounds:
a) Your consent (Art. 6(1)(a) GDPR)
b) Performance of a contract (Art. 6(1)(b) GDPR)
c) Legal obligations (Art. 6(1)(c) GDPR)
d) Legitimate interests (Art. 6(1)(f) GDPR)
4. SSL/TLS Encryption
This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content.
5. Hosting
This website is hosted by Vercel Inc.; the Cashflow Engine App is hosted by Railway Corp. with Supabase Inc. as database provider. Data processing takes place in the EU region (data on EU servers). All three are US companies certified under the EU-US Data Privacy Framework for any residual transfers.
The Cashflow Engine Workbench (wb.cashflowengine.io) and its API (api.cashflowengine.io) use the same infrastructure (Vercel frontend, Railway API, Supabase) plus the additional services listed in section 10 (“Workbench”).
6. Cookies & Consent
Our website uses cookies. Analytics cookies (specifically Google Analytics 4) are only set after your explicit consent via our cookie consent banner (opt-in). Without your consent, no tracking takes place.
You can revoke your consent at any time by clearing your browser cookies. The consent banner will reappear on your next visit.
7. Google Analytics 4
We use Google Analytics 4 by Google Ireland Limited. Google Analytics is only activated after your consent via our cookie banner (Consent Mode v2). IP anonymization is enabled by default.
Legal basis: Art. 6(1)(a) GDPR (consent).
8. Newsletter (Beehiiv)
If you subscribe to our newsletter, your email address is transmitted to Beehiiv Inc. (USA), our newsletter service provider. We use a double opt-in process: after signing up, you will receive a confirmation email. Your address is only added to our mailing list after confirmation.
You can unsubscribe at any time via the unsubscribe link in each email.
9. Course Platform & Payments
Our video courses are delivered via Coachy GmbH (Germany). Payment processing is handled by CopeCart GmbH (Germany). Both providers are based in Germany; no third-country transfer applies.
10. Cashflow Engine Workbench (wb.cashflowengine.io)
The Cashflow Engine Workbench is our paid analysis and portfolio tool. In addition to the hosting providers above, we use the following processors to operate it. For users in the EEA, non-essential services (analytics, marketing, session replay) are activated only after consent.
Subscription & payments (Paddle)
Billing for the Workbench subscription is handled by Paddle.com Market Ltd. as Merchant of Record (reseller). Paddle processes name, email, and payment/invoice data, performs fraud and tax checks, and issues invoices. Legal basis: Art. 6(1)(b) GDPR (contract).
Product & funnel analytics (PostHog)
We use PostHog (EU Cloud, Frankfurt) to analyse product usage via pseudonymous usage events. For EEA users, PostHog is initialised only after consent. Legal basis: Art. 6(1)(a) GDPR (consent).
Error & performance monitoring (Sentry)
We capture technical error and performance data with Sentry (EU region). Personal identifiers (tokens, emails, trade and portfolio details) are stripped before transmission. Any session replay is enabled only after consent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or (a) for session replay.
Conversion tracking (Google Ads, Meta)
For ad campaigns we measure conversions server-side via Google Ads and the Meta Conversions API. Only pseudonymous event data required for attribution is transmitted; for EEA users only with marketing consent (Google Consent Mode). Legal basis: Art. 6(1)(a) GDPR (consent).
Affiliate links (Option Omega, OptionsApp)
The Workbench links to Option Omega (validation) and OptionsApp (execution) and may earn a commission. Data is transferred to these providers only once you actively open a link or trigger an export; their own privacy notices then apply.
11. Third-Party Data Processors
| Service | Purpose | Location | Framework |
|---|---|---|---|
| Google Analytics 4 | Web Analytics | USA | EU-US Data Privacy Framework |
| Beehiiv | Newsletter Delivery | USA | EU-US Data Privacy Framework |
| Vercel Inc. | Website Hosting & CDN | EU-Region (USA) | EU-US Data Privacy Framework |
| Railway Corp. | App Hosting (app.cashflowengine.io) | EU-Region (USA) | EU-US Data Privacy Framework |
| Supabase Inc. | Database & Authentication | EU-Region (USA) | EU-US Data Privacy Framework |
| Coachy GmbH | Course Platform (kurs.cashflowengine.io) | Deutschland | No third-country transfer |
| CopeCart GmbH | Payment Processing for Course Sales | Deutschland | No third-country transfer |
| Paddle.com Market Ltd. | Payment Processing & Merchant of Record (Workbench subscription) | UK / USA | UK-Angemessenheitsbeschluss / SCC |
| PostHog (EU Cloud) | Product & Funnel Analytics (consent only) | EU (Frankfurt) | No third-country transfer |
| Sentry (Functional Software Inc.) | Error & Performance Monitoring | EU-Region (USA) | EU-US Data Privacy Framework |
| Google Ads | Conversion Tracking, Advertising (consent only) | USA | EU-US Data Privacy Framework |
| Meta Platforms Ireland Ltd. | Conversion Tracking / CAPI, Advertising (consent only) | Irland / USA | EU-US Data Privacy Framework |
12. Your Rights
Under the GDPR, you have the following rights:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, contact us at: terminal@cashflowengine.io
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent authority depends on your place of residence.
14. Data Retention
We delete personal data as soon as the purpose for its storage no longer applies, unless statutory retention periods require otherwise. As a guide:
a) Account / master data: for the duration of the user relationship, then until statutory retention periods expire.
b) Invoice & payment data: per commercial and tax retention obligations (typically up to 10 years, § 147 AO); billing is handled by the respective payment provider (CopeCart or Paddle).
c) Newsletter data: until you unsubscribe or withdraw consent.
d) Analytics / tracking data (GA4, PostHog): until you withdraw consent, or per the retention settings of the respective service.
e) Server log files: typically short-term (a few days to weeks) for security purposes.
f) Contact requests: until your inquiry has been fully handled.
15. Minors
Our services are intended exclusively for adults (18 years and older). We do not knowingly collect personal data from minors. If we become aware that data from a minor has been provided to us without parental consent, we will delete it without undue delay.
16. Changes to This Policy
We reserve the right to update this privacy policy to reflect changes in our services or legal requirements. The current version always applies.
Engineered by Thomas Mehlitz · AI Momentum LLC