Privacy Policy
Last updated: July 2026
1. Controller
The controller responsible for data processing on this website is: Melanie Beck factorytoolkit, Wiesneckstr. 21, 79256 Buchenbach. Contact: info@factorytoolkit.com.
2. Processing of your configuration data
When you use the configurator, you enter operational data (e.g. company name, industry, machine and area names, shift model, KPI targets). This data is processed solely to generate your personal shopfloor management package (Excel workbooks, PDF guide, print templates).
Processing happens on demand when you click "Generate download". Generation runs asynchronously on the server (see section 5): your finished package is stored there TEMPORARILY so you can retrieve it via a link, and is automatically deleted after a limited period. Your configuration is not stored permanently. You receive a copy of your configuration as config.json inside the ZIP — it stays with you.
The legal basis is Art. 6 (1) (b) GDPR (steps prior to entering into a contract or performance of a contract at your request).
3. Local draft storage in your browser (localStorage)
The configurator stores your work-in-progress as a draft in your browser's localStorage so your entries survive accidentally closing the tab. This data never leaves your device and is not transmitted to us. You can delete the draft at any time via the "Discard" function in the configurator or via your browser settings.
4. Cookies and tracking
This website currently does not use cookies and does not employ any tracking or analytics services.
Planned: We intend to use Vercel Analytics for reach measurement (cookieless, aggregated measurement without cross-device tracking). This policy will be updated before activation.
5. Hosting and processors
The website and the generation service are operated at Railway Corp. (server location in the EU). Acting on our behalf, Railway processes the technically required data — in particular the configuration you enter during generation, the generated package until you retrieve it (temporary storage, then automatic deletion) and server log data.
A data processing agreement pursuant to Art. 28 GDPR is in place with Railway; where processing takes place outside the EU, it is based on the EU Standard Contractual Clauses. We reserve the right to later move parts of the web frontend to Vercel Inc.; this policy will be updated accordingly in that case.
6. Payment
The purchase of the kit is handled by Stripe (Stripe Payments Europe, Ltd., Ireland, and Stripe, Inc., USA) as payment provider and merchant of record ("Stripe Managed Payments"). When you trigger the paid download, you are redirected to a payment page hosted by Stripe; you enter your payment details directly there. They are processed solely by Stripe — we do not receive full payment details.
After a successful purchase, Stripe sends us a purchase confirmation (including an order identifier and the email address provided at checkout) so we can release generation and provide the package to you. Invoicing and tax handling are carried out by Stripe as merchant of record. Where processing takes place outside the EU, it is based on the EU Standard Contractual Clauses. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract).
7. Emailing the download link (optional)
Optionally, before downloading you may provide an email address to also receive the download link by email. Only in that case do we process your email address for this purpose and send the message via the provider Resend (Resend, Inc.) as a processor. If you do not provide an email address, no email is sent. The legal basis is Art. 6 (1) (b) GDPR.
8. Contact
If you contact us by email (e.g. support requests), we process your details to handle the request (Art. 6 (1) (b) or (f) GDPR). The data is deleted once it is no longer required and no statutory retention obligations apply.
9. Your rights
You have the following rights regarding your personal data: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing (Art. 21 GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).