Privacy Policy

quebi GmbH
Geitau 22
83735 Bayrischzell
Germany

Email: hi@quebi.de
Website: klartex.app (opens in new tab)

Represented by the Managing Directors:
Max Schurig, Florian Pirchmoser

We take the protection of your personal data very seriously. Personal data is processed only to the extent necessary to provide a functional website, our content, and our services, and always in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

Our website is hosted and protected by:

Cloudflare, Inc.
101 Townsend St, San Francisco, CA 94107, USA

Cloudflare provides security and performance optimization services (e.g., DDoS protection, caching, load balancing). Our application runs on Cloudflare Workers, and we use Cloudflare D1 (database), R2 (object storage), Durable Objects (real-time collaboration), KV (key-value storage), and Queues for data processing. In this context, technical data such as IP addresses, access logs, browser information, and geographic data may be processed.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website operation).

Data transfers to third countries: Cloudflare may process data in the United States. Cloudflare is certified under the EU–US Data Privacy Framework, which ensures an adequate level of data protection.

For more information, see Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/ (opens in new tab)

When accessing our website, Cloudflare and our servers automatically collect the following information:

• IP address of the requesting device
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL
• Hostname of the accessing computer

This data is processed for security, technical operation, and optimization purposes only and is not used to identify users.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest).

When you register on our platform, we process the personal information you provide (e.g., name, email address, username, and institution, if applicable). This data is required to provide access to your account, enable communication, and manage platform functionality.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract).

We use Auth0, a service provided by Okta, Inc., 100 First Street, Suite 600, San Francisco, CA 94105, USA, for user authentication.

Auth0 enables login via third-party identity providers, including Google, GitHub, and GitLab. When logging in through one of these providers, we receive personal information such as your name, email address, and profile ID to authenticate your identity. We use this data exclusively for login and account management purposes.

Legal basis:
Art. 6(1)(b) GDPR (contract performance). Data transfer: Auth0 may process data in the United States. Okta participates in the EU–US Data Privacy Framework.

For more information, see Auth0's privacy policy: https://auth0.com/privacy (opens in new tab)

Privacy policies of the identity providers:

• Google: https://policies.google.com/privacy (opens in new tab)
• GitHub: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement (opens in new tab)
• GitLab: https://about.gitlab.com/privacy/ (opens in new tab)

We use Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA, for payment processing.

When you subscribe to a paid plan, your payment information (e.g., credit card details, name, billing address) is transmitted directly to Stripe. We do not store your full payment card details on our servers. Stripe processes this data to complete transactions, prevent fraud, and comply with legal obligations.

Legal basis:
Art. 6(1)(b) GDPR (contract performance). Data transfer: Stripe may process data in the United States. Stripe participates in the EU–US Data Privacy Framework.

For more information, see Stripe's privacy policy: https://stripe.com/privacy (opens in new tab)

We use Resend, Inc. to send transactional emails (e.g., account notifications, collaboration invitations). Your email address and name are shared with Resend solely for the purpose of delivering these messages.

Legal basis:
Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in operational communication).

For more information, see Resend's privacy policy: https://resend.com/legal/privacy-policy (opens in new tab)

We use Sentry (Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA) for error monitoring and performance tracking.

Sentry may collect technical data such as IP addresses, browser information, device type, and error context to help us identify and fix issues in our application. This data is used exclusively for improving the reliability of our service.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in maintaining a stable and reliable service).

For more information, see Sentry's privacy policy: https://sentry.io/privacy/ (opens in new tab)

Our platform integrates with external APIs to provide bibliography and reference management features:

• Mendeley (Elsevier B.V.) — Used for importing and searching bibliographic data. Search queries and document metadata may be sent to the Mendeley API.
• Semantic Scholar (Allen Institute for AI) — Used for academic paper search. Search queries are sent to the Semantic Scholar API.

These services receive only the search queries and metadata necessary to provide results. No personal account data is shared with these providers.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in providing bibliography features).

Privacy policies:

• Mendeley: https://www.elsevier.com/legal/privacy-policy (opens in new tab)
• Semantic Scholar: https://allenai.org/privacy-policy (opens in new tab)

Our website loads external resources from content delivery networks (CDNs) to provide fonts and stylesheets:

• Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) — Fonts are loaded from Google's servers. Your browser sends your IP address to Google when requesting these resources.
• jsDelivr (Prospect One Sp. z o.o.) — CSS stylesheets for mathematical typesetting (KaTeX) are loaded from jsDelivr. Your browser sends your IP address when requesting these resources.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in efficient delivery of web resources).

Privacy policies:

• Google Fonts: https://policies.google.com/privacy (opens in new tab)
• jsDelivr: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net (opens in new tab)

Our website uses the following cookies:

• Session cookie (_session) — An essential cookie used to maintain your logged-in state. It is HttpOnly, SameSite: Lax, and expires after 7 days. The session data is stored in Cloudflare KV; the cookie itself contains only a session identifier.

We do not use advertising cookies, tracking cookies, or analytics cookies. The session cookie is strictly necessary for the functionality of our service.

Legal basis:
Art. 6(1)(b) GDPR (contract performance — maintaining the user session is necessary to provide the service).

Registered users can create and publish academic or educational content. Such content, including metadata (e.g., creation date), is stored and may be displayed publicly. Users may delete their content or request deletion at any time.

Legal basis:
Art. 6(1)(b) GDPR (performance of user agreement).

Your personal data will only be shared when:

• You have given explicit consent (Art. 6(1)(a) GDPR),
• It is necessary for contractual performance (Art. 6(1)(b) GDPR), or
• We are legally obliged to do so (Art. 6(1)(c) GDPR).

No data is shared for advertising purposes without consent.

You have the following rights under the GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure ("right to be forgotten," Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)

To exercise these rights, please contact: hi@quebi.de

You may withdraw your consent to data processing at any time with future effect. The legality of processing carried out prior to withdrawal remains unaffected.

We use SSL/TLS encryption and implement appropriate technical and organizational measures to protect your personal data against loss, misuse, or unauthorized access.

This privacy policy is effective as of February 2026. We reserve the right to update it to reflect legal or technical changes. The most current version will always be available at klartex.app/privacy.