Privacy Policy
This privacy policy informs about the nature, scope and purpose of the processing of personal data in connection with the online service should-i-leave.com, in line with the EU General Data Protection Regulation (GDPR).
1. Controller
The controller for the data processing in the sense of Art. 4 (7) GDPR is:
AutoProfessor UG (haftungsbeschränkt)
Wiesendamm 152
22303 Hamburg
Germany
Represented by Managing Director Jan Sebastian Steffen
Email: info@autoprofessor.de
2. Principle: Processing in the browser
The self-assessment offered on this site (the "10-question check") runs entirely locally in the browser of your end device. The profile inputs you make (such as industry, region, function, seniority, age band, capability profile) and your answers are used exclusively to immediately compute the analysis.
These inputs are not transmitted to a server operated by AutoProfessor UG (haftungsbeschränkt) or to third parties and are not permanently stored. Closing or reloading the page discards the entered data. To this extent, no processing of personal data by the controller takes place beyond the purely technical delivery of the page.
3. Hosting and server log data
This website is provided via Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA ("Netlify"). Netlify delivers the static site content and accepts form submissions. A data processing relationship under Art. 28 GDPR exists with Netlify; Netlify's standard DPA is incorporated by reference into the Netlify Terms of Service and applies automatically upon entry into contract.
Netlify operates its infrastructure across multiple locations and serves content via a globally distributed content delivery network. A transfer to the United States is therefore not excluded. The transfer is based on Netlify, Inc.'s participation in the EU-U.S. Data Privacy Framework. Standard contractual clauses agreed in Netlify's terms apply in addition.
When the website is accessed, Netlify processes technically necessary data that your browser transmits automatically, in particular IP address, date and time of access, transferred data volume, page accessed, referrer URL, and browser and operating-system information. This processing serves to ensure a smooth connection, system security and technical stability. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in the secure and functional operation of the website). Server log data are stored according to Netlify's rules and subsequently deleted or anonymized. There is no further processing of these log data by the controller.
4. Cookies and reach measurement
This website only sets cookies for analytics or reach measurement purposes if you have explicitly consented. On first visit, a consent dialog appears in which you can agree to or decline the processing. Without your consent, only technically necessary mechanisms are used, to the extent they are required for the functionality of the site. Consent under § 25 (1) TDDDG is not required for these technically necessary mechanisms, as access to the end device is strictly necessary to provide the service explicitly requested.
Where you consent, we use Google Analytics 4, a web analytics service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies to analyze how you use the site. The information generated is generally transmitted to a Google server in the United States and stored there. We have IP anonymization enabled, so that your IP address is truncated by Google before storage.
The legal basis is your consent under Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. An additional legal basis for the transfer to the United States is the EU-U.S. Data Privacy Framework, to which Google LLC has self-certified. A data processing agreement under Art. 28 GDPR is in place with Google. The cookies set by Google Analytics have a default retention period of up to two years.
You can withdraw your consent at any time with effect for the future. To do so, click the corresponding button at the end of this privacy policy to reopen the consent dialog and change your selection.
5. Optional email reservation
At the end of the analysis, you may voluntarily leave an email address to be notified about the availability of a more detailed deepening analysis. Providing this is optional; using the check is fully possible without it.
If you submit your email address, the processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR. You can withdraw consent at any time with effect for the future, e.g. by an informal message to the email address listed above. The lawfulness of processing carried out before withdrawal remains unaffected. The email address will be used solely for the stated purpose and not shared with third parties.
The form submission is collected and stored via the Netlify Forms service. The provider is Netlify, Inc. as named under Section 3 above. The framework conditions described there apply, including the data processing relationship, the transfer to the United States based on the EU-U.S. Data Privacy Framework, and the supplementary standard contractual clauses. Reservations are retained until you object to processing or until the deepening review becomes generally available and you have been notified, in any case no longer than 24 months.
6. Recipients and third-country transfers
Your data is not shared with third parties, with the exception of the processing by Netlify, Inc. (USA) as processor described under Sections 3 and 5. A transfer to the United States is therefore not excluded. The safeguards under Art. 44 et seq. GDPR are provided through Netlify, Inc.'s participation in the EU-U.S. Data Privacy Framework as well as through supplementary standard contractual clauses.
7. Retention periods
Profile and answer data processed in the browser are not retained beyond the session. Server log data are kept according to Netlify's rules and subsequently deleted or anonymized. An optionally submitted email address is retained as described under Section 5, no longer than 24 months.
8. Your rights as a data subject
Subject to the statutory conditions, you have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and the right to object to processing (Art. 21 GDPR). Any consent granted may be withdrawn at any time.
To exercise these rights, an informal message to the controller named above is sufficient.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for the operator's seat is:
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany.
10. Currency and changes
This privacy policy is dated June 2026. Further development of the service or changes in legal requirements may make adjustments necessary.
11. Withdraw or change Google Analytics consent
If you have consented to the use of Google Analytics, you may withdraw your consent at any time with effect for the future. Click the button below to reopen the consent dialog and change your selection.
12. User accounts and the deepening tools (Firebase)
The 10-question check is usable anonymously and without an account. Only the optional deepening tools require a user account. If you create one, we process your email address and a password (stored by the provider only as a secure hash), plus the assessments you choose to save and which tools you have unlocked. To operate the refer-a-friend unlock, we also store a referral code and, if you signed up via a referral link, the referring code.
These account functions are provided via Google's Firebase service (Authentication and the Firestore database), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data is stored in the European region (Frankfurt, europe-west3) and is encrypted in transit (TLS) and at rest. A data processing agreement under Art. 28 GDPR with Google is in place; a transfer to Google LLC (USA) is not excluded and is safeguarded by the EU-U.S. Data Privacy Framework and standard contractual clauses.
The legal basis is the performance of the requested service under Art. 6 (1) lit. b GDPR and, where applicable, your consent under Art. 6 (1) lit. a GDPR. Account data is retained until you delete your account. You can delete your account and all associated data at any time from the account page; this also removes the data from Firebase (Art. 17 GDPR).
If you purchase a paid tool, the payment is handled by Stripe; we store only the resulting unlock status with your account, not your payment-card data.