Data privacy

Effective as of: May 19, 2026

1. General

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as 'data') within our website and its associated web pages, features, and content. Regarding the terminology used, such as 'processing' or 'controller,' we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

2. Controller

minimum energy GmbH
Siebengebirgsallee 60
50939 Köln, Germany
Represented by: Dr. Leander Kotzur, Stanley Risch, Dr. Felix Kullmann
Contact: support@minimum.energy

3. Types of Processed Data
  • Inventory data (e.g., name, company, role).
  • Contact data (e.g., email address).
  • Content data (e.g., building and energy data, project data, optimization results).
  • Usage data (e.g., features used, access times).
  • Payment data (e.g., billing address, payment status, invoice references).
  • Technical data (e.g., IP address, browser, device information).
4. Purpose of Processing
  • Provision of the online offer, its functions, and content.
  • Responding to contact requests and communicating with users.
  • Security measures.
  • Product analysis and improvement.
5. Used Technologies
  • SSL Encryption (HTTPS): To protect the data transmitted via our website, we use SSL encryption.
  • Cookies: Our website uses 'cookies' to improve the usage of our offerings.
6. Consent Management (CookieScript)

To obtain and document your consent for non-essential storage access on your device (cookies as well as local/session storage), we use the service CookieScript by CookieScript UAB, Lithuania. CookieScript presents a banner with the available consent categories and stores your decision locally in the cookie "CookieScriptConsent" (lifetime: approx. 1 month). Only consent-requiring third-party components are loaded after you have granted the relevant consent — specifically Sentry Session Replay (category "Performance") and Featurebase (category "Functionality"); see the respective sections. Third-party services operating on a different legal basis (performance of contract or legitimate interest) are not affected. You may change your decision at any time — directly via the button below or (inside the signed-in application) via the "Cookie settings" menu in the sidebar.

Legal bases: For storing the consent cookie on your device, § 25(2)(2) TTDSG (strictly necessary for the explicitly requested consent-management service). For processing the consent record contained therein, Art. 6(1)(c) GDPR (legal obligation to document consent pursuant to Art. 7(1) GDPR).

7. Server-side Consent Audit Log

To fulfill our obligation of proof under Art. 7(1) GDPR, we additionally record your consent decisions on the server side in an immutable log. The following are recorded: user ID, email address (at the time of the decision), action (accept/reject), selected categories, timestamp, and an identifier of the banner installation shown to you. Anonymous decisions are not logged.

Legal basis: Art. 6(1)(c) GDPR (statutory obligation of proof under Art. 7(1) GDPR).

Retention: Each entry is deleted three years after its validity ends — that is, three years after contract termination or, if you revoke or change your consent earlier, three years after that point (aligned with § 195 BGB and § 31 OWiG). In case of an ongoing dispute, the period is extended accordingly. We review individual deletion requests under Art. 17 GDPR on a case-by-case basis.

8. Mixpanel

To analyze and improve the user experience on our platform, we use the analytics service Mixpanel, operated by Mixpanel Inc., 1 Front Street, 28th Floor, San Francisco, CA 94111, USA. Mixpanel allows us to understand how our application is used, e.g., which features are utilized. Analysis is performed exclusively server-side — no data is stored on or read from your device. Pseudonymized usage data such as feature interactions are collected. Data is processed in the EU (Netherlands). Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to make our services more user-friendly and efficient. You may object to processing at any time by contacting us at support@minimum.energy.

9. Intercom

For customer support and communication with authenticated users, we use the service Intercom by Intercom Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA. Intercom is part of the contractually owed support service and is loaded exclusively for authenticated users. For the chat to function, technically required information is stored in your browser's local storage (e.g., "intercom.intercom-state", and the realtime transport preference "ably-transport-preference"). Intercom is certified under the EU-U.S. Data Privacy Framework; data is stored on servers in the USA.

Legal basis: Art. 6(1)(b) GDPR (performance of the contract with you for the provision of the platform, including support); the storage on your device required for this purpose is permitted without consent pursuant to § 25(2)(2) TTDSG. Because Intercom is part of the contractually owed service, objection to processing is only possible by terminating the contract.

10. Sentry (Error Tracking)

To monitor and improve the technical stability of our website, we use Sentry, a service by Functional Software, Inc., 45 Fremont Street, San Francisco, CA 94105, USA. When an error occurs, Sentry collects technical data (e.g., device type, browser, stack trace, error message, timestamp, and IP address) to enable us to analyze and resolve the cause.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the stability and security of our services).

11. Sentry Session Replay

Additionally — only if you have explicitly consented — Sentry may transmit a recording of the browser session immediately preceding an error ("Session Replay"). DOM snapshots and click, scroll, and input events are captured to facilitate reproducing the error. Text and media content is automatically masked before transmission (configuration: "maskAllText", "blockAllMedia"). Without your consent no Session Replay recording takes place; the error tracking described above is not affected.

Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG (consent to storage on the device). You may revoke your consent at any time via "Cookie settings"; revocation takes effect for the future.

12. Mailgun

For sending transactional emails (e.g., registration confirmations, password resets, notifications) we use the service Mailgun by Sinch Email (Pathwire GmbH). Email address, name, and email content are transmitted to Mailgun. Processing takes place on servers in the EU (Frankfurt). The legal basis is Art. 6(1)(b) GDPR (performance of contract). A data processing agreement pursuant to Art. 28 GDPR is in place.

13. Featurebase

For collecting user feedback and presenting our product roadmap, we use the service Featurebase by CORDNET OÜ (Estonia). The Featurebase widget is loaded as an embedded iframe when you open the "Roadmap" feature in the application. Your name and email address are transmitted; additionally, functional usage data (e.g., completed tours, viewed content) are stored in your browser's local storage (keys with prefix "uf_", "tours", "checklistsDismiss"). Processing takes place in the EU.

The Featurebase widget is loaded only after your explicit consent to functional cookies (category "Functionality" in the cookie banner). Without consent the roadmap/feedback feature is unavailable; you will be informed about this in the application. Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG. You may revoke your consent at any time via "Cookie settings".

14. External Links

This website contains links to external websites of third parties, over whose content we have no influence. Therefore, we cannot assume any liability for these external contents.

15. Hosting

Our platform is hosted by Hetzner Online GmbH (ISO 27001 certified) in Germany. We process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers and users based on our legitimate interests in an efficient and secure provision of this online offer according to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR. Database backups are stored with Amazon Web Services (AWS EMEA SARL) in the EU region Frankfurt.

16. Your Rights

You have the right to receive information about the personal data processed by us, as well as the right to correction or deletion, restriction of processing, objection to processing, and the right to data portability. You also have the right to file a complaint with a supervisory authority.

17. Single Sign-On

To simplify your access to our services, we offer the option of Single Sign-On. You can log in to our website using existing login data of a third-party provider (e.g., Google or Facebook). When using this function, certain information from your third-party provider account is transferred to us.

18. Use of Google Geocoder

Our website uses the Google Geocoder service to convert addresses into geographic coordinates and vice versa. Your entered address data is transmitted to Google for geographic localization. We use this information exclusively for location determination and improving our offer.

19. Use of Amazon S3

Our website uses Amazon Simple Storage Service (Amazon S3) by Amazon Web Services EMEA SARL (AWS) for storing and providing media files. Storage is performed in EU data centers (Frankfurt region). AWS processes data on our behalf. More information: https://aws.amazon.com/privacy/

20. Changes to the Privacy Policy

We reserve the right to change this privacy policy to adapt it to changed legal situations, or in the event of changes to the service and data processing.