Last updated: April 27, 2026

This Privacy Policy explains how artist-websites.de ("we", "us", "our") processes personal data when you visit our website at artist-websites.de or any subdomain.

1. Controller

The controller responsible for processing personal data on this site is the entity identified in our Imprint, available at https://artist-websites.de/imprint. Please refer to the Imprint for our full company name, postal address, and contact details.

2. Personal Data We Collect

When you visit this site we may process the following categories of personal data:

a) Server logs (automatic): IP address, user-agent string, requested URL, timestamp, referrer. Provided by our hosting provider (see §8) for the purpose of operating, securing, and debugging the service. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functioning, secure website).

b) Cookies and similar local-storage entries (see §3 for details).

c) Marketing-attribution parameters carried in the URL on arrival (e.g. utm_source, utm_medium, utm_campaign, utm_term, utm_content, fbclid). Stored in your browser's sessionStorage under the key "aw_utm_params" and forwarded to the signup page on app.artist-websites.de when you click a call-to-action button.

d) Form submissions: any data you voluntarily enter into a contact or signup form on this site (typically name and email address). Stored in our content database (Vercel Postgres, EU). Legal basis: Art. 6(1)(b) GDPR (steps prior to entering a contract, on your request) and/or Art. 6(1)(a) GDPR (consent), depending on the form's purpose.

e) Tracking-pixel and conversion-API events for advertising attribution (see §4 and §5).

3. Cookies and Local Storage

We set the following first-party cookies and local-storage entries. Cookies marked "Consent required" are only set or read after you grant consent via the cookie banner; "Strictly functional" entries are set without consent because they are necessary for the technical operation of the site or for honoring your consent choice itself.

aw_consent (Cookie, functional) — Stores your consent choice (accepted/rejected) so the banner does not reappear on every visit. Set on Domain=.artist-websites.de so it carries to app.artist-websites.de as well. Lifetime: 1 year.

aw_eid (Cookie, consent required) — Persistent visitor identifier used as Meta's external_id for cross-funnel ad attribution. Random UUID. Domain=.artist-websites.de so it is shared with app.artist-websites.de. Lifetime: 2 years.

_fbp (Cookie, consent required) — Meta Pixel browser ID for ad attribution. Domain=.artist-websites.de. Lifetime: 90 days.

_fbc (Cookie, consent required) — Meta Pixel click identifier. Set only when you arrive on the site through a Meta ad (URL parameter "fbclid"). Domain=.artist-websites.de. Lifetime: 90 days.

aw_utm_params (sessionStorage, functional) — UTM parameters captured from the arrival URL, forwarded to the signup destination so the conversion can be attributed to the originating campaign. Lifetime: session (cleared on tab close).

cookie-consent (localStorage, functional) — Legacy consent state from a previous version; automatically migrated to the aw_consent cookie on first visit and removed thereafter.

You can withdraw consent at any time by clearing your cookies or by using your browser's privacy controls. After withdrawal, advertising-tracking events stop firing immediately for new page interactions.

4. Meta Pixel and Meta Conversions API (CAPI)

We use Meta Pixel and Meta's Conversions API (operated by Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland) to measure the effectiveness of advertising on Facebook and Instagram and to optimize ad delivery. Both technologies are activated only after you grant consent.

The following events are transmitted to Meta when you interact with this site: PageView (when you load a page), ViewContent (when a content section requires it, e.g. on the pricing page), and Lead (when you click a call-to-action button on an ad-targeted landing page, signaling intent to sign up).

For each event we transmit a tracking event identifier ("event_id") for deduplication and a deduplicated combination of: browser-side via Pixel — standard cookies the Pixel reads automatically (_fbp, _fbc) and the visitor identifier described above (external_id = aw_eid); server-side via Conversions API — the same event_id, your IP address, your user-agent string, _fbp and _fbc cookie values, the external_id, and any additional attributes related to the event (e.g. UTM parameters).

We do not collect or transmit your email address, phone number, name, or other direct identifiers from this site to Meta. Where Meta's Conversions API documentation indicates that customer information should be hashed before transmission, we apply SHA-256 hashing on our server before forwarding any applicable values.

Meta acts as an independent controller for the data once received. For details on Meta's processing, retention, and your rights against Meta, please refer to Meta's Privacy Policy at https://www.facebook.com/privacy/policy.

International transfer: Meta processes data in the United States and other jurisdictions outside the EEA. The transfer is based on the EU-U.S. Data Privacy Framework (Meta Platforms, Inc. is certified) and Standard Contractual Clauses where applicable.

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.

5. Google Analytics 4

We use Google Analytics 4 (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to understand aggregate site usage. GA4 is activated only after you grant consent.

GA4 collects: anonymized IP address, device and browser characteristics, page URLs, referrers, and event interactions on this site, associated with a randomly generated client identifier.

International transfer: Google may process data in the United States. The transfer is based on the EU-U.S. Data Privacy Framework (Google LLC is certified) and Standard Contractual Clauses.

Legal basis: Art. 6(1)(a) GDPR (consent). Retention: per Google Analytics default settings (currently 14 months for user- and event-level data; configurable in our GA4 property).

For details on Google's processing, please refer to https://policies.google.com/privacy.

6. Cross-Subdomain Identifier and Consent

The cookies aw_consent and aw_eid are set on Domain=.artist-websites.de so that the application at app.artist-websites.de can read them. This allows your consent decision to carry to the app without re-prompting you, and conversion events fired from the app (such as account creation or subscription purchase) to be linked to the same visitor identifier used on the landing site, for accurate ad attribution.

7. Form Submissions

If you submit a form on this site (e.g. a contact form, newsletter signup, or inquiry form), we process the data you provide for the purpose of responding to your request, fulfilling our contractual obligations, or sending the communications you have requested.

Categories: typically name, email address, message body, and any other fields the specific form requires. Storage: in our content database (Vercel Postgres, EU region). Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures and contract fulfillment), and where applicable Art. 6(1)(a) GDPR (consent for marketing communications). Retention: until you ask us to delete the data, or until the purpose for which it was collected has ceased and we are no longer required to keep it for tax or commercial-record purposes.

8. Hosting and Subprocessors

We engage the following processors to deliver the service. Each is bound by a data processing agreement under Art. 28 GDPR and processes data only on our documented instructions.

Vercel Inc. — Web hosting, edge delivery, server logs. Data location: EU + US edges (per region).

Supabase Pte. Ltd. - Database and Authentication Data location: EU

Vercel Postgres — Content database (CMS entries, form submissions). Data location: EU region.

Stripe Ireland Ltd. - Payment processor. Data location: EU + US

Meta Platforms Ireland Ltd. — Advertising attribution (Pixel + CAPI). Data location: US (DPF).

Google Ireland Ltd. — Web analytics (GA4). Data location: US (DPF).

A current full subprocessor list is available on request.

9. International Data Transfers

Some processors listed above transfer or store personal data outside the European Economic Area, primarily in the United States. Such transfers occur on the basis of an adequacy decision under the EU-U.S. Data Privacy Framework where the processor is certified, and Standard Contractual Clauses (Art. 46(2)(c) GDPR) for processors not covered by an adequacy decision.

10. Your Rights

Subject to the conditions of the GDPR, you have the right to: access (Art. 15) — confirmation whether we process your data, and a copy; rectification (Art. 16) — correction of inaccurate data; erasure / "right to be forgotten" (Art. 17); restriction of processing (Art. 18); data portability (Art. 20) — receive your data in a structured, machine-readable format; object to processing (Art. 21), in particular for direct marketing; and withdraw consent at any time (Art. 7(3)) — without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details in the Imprint at https://artist-websites.de/imprint.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). The German supervisory authority responsible for our place of business is listed in the Imprint.

11. Data Retention

Server logs: typically 7 days, then deleted by the hosting provider. Tracking-event data: as set out in §3 and §4 (cookie lifetimes); aggregate advertising-event data is retained by Meta and Google according to their own retention periods. Form submissions: as described in §7. Consent records: until you withdraw consent or the cookie expires (1 year).

12. No Automated Decision-Making

We do not use your personal data for automated individual decision-making within the meaning of Art. 22 GDPR.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our processing or applicable law. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

14. Contact

For all questions regarding this Privacy Policy, your data, or your rights, please use the contact details in our Imprint at https://artist-websites.de/imprint.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.