Privacy Policy

quebi GmbH
Geitau 22
83735 Bayrischzell
Germany

Email: hi@quebi.de
Website: klartex.app (opens in new tab)

Represented by the Managing Directors:
Max Schurig, Florian Pirchmoser

We take the protection of your personal data very seriously. Personal data is processed only to the extent necessary to provide a functional website, our content, and our services, and always in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

Your personal data will only be shared when you have given explicit consent (Art. 6(1)(a) GDPR), it is necessary for contractual performance (Art. 6(1)(b) GDPR), or we are legally obliged to do so (Art. 6(1)(c) GDPR). No data is shared for advertising purposes.

We use SSL/TLS encryption and implement appropriate technical and organizational measures to protect your personal data against loss, misuse, or unauthorized access.

Our website is hosted and protected by:

Cloudflare, Inc. (opens in new tab)
101 Townsend St, San Francisco, CA 94107, USA

Cloudflare provides security and performance optimization services (e.g., DDoS protection, caching, load balancing). Our application runs on Cloudflare Workers, and we use Cloudflare D1 (database), R2 (object storage), Durable Objects (real-time collaboration), KV (key-value storage), and Queues for data processing.

When accessing our website, the following data is automatically collected:

• IP address of the requesting device
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL
• Hostname of the accessing computer

This data is processed for security, technical operation, and optimization purposes only and is not used to identify users.

Data transfers to third countries: Cloudflare may process data in the United States. Cloudflare is certified under the EU–US Data Privacy Framework, which ensures an adequate level of data protection.

For more information, see Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/ (opens in new tab)

When you register on our platform, we process the personal information you provide (e.g., name, email address, username, and institution, if applicable). This data is required to provide access to your account, enable communication, and manage platform functionality.

We use Auth0 (opens in new tab), a service provided by Okta, Inc., 100 First Street, Suite 600, San Francisco, CA 94105, USA, for user authentication.

Auth0 enables login via third-party identity providers, including Google (opens in new tab), GitHub (opens in new tab), and GitLab (opens in new tab). When logging in through one of these providers, we receive personal information such as your name, email address, and profile ID to authenticate your identity. We use this data exclusively for login and account management purposes.

Data transfer: Auth0 may process data in the United States. Okta participates in the EU–US Data Privacy Framework.

For more information, see Auth0's privacy policy: https://auth0.com/privacy (opens in new tab)

Privacy policies of the identity providers:

• Google: https://policies.google.com/privacy (opens in new tab)
• GitHub: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement (opens in new tab)
• GitLab: https://about.gitlab.com/privacy/ (opens in new tab)

We use Paddle.com Market Limited, 15 Briery Close, Great Oakley, Corby, Northamptonshire, NN18 8JG, United Kingdom, as our Merchant of Record for payment processing.

When you subscribe to a paid plan, your payment information (e.g., credit card details, name, billing address) is transmitted directly to Paddle. We do not store your full payment card details on our servers. As our Merchant of Record, Paddle handles all payment processing, tax compliance, invoicing, and refunds on our behalf.

Data transfer: Paddle may process data outside the EEA with appropriate safeguards in place.

For more information, see Paddle's privacy policy: https://www.paddle.com/legal/privacy (opens in new tab)

We use Resend, Inc. (opens in new tab) to send transactional emails (e.g., account notifications, collaboration invitations). Your email address and name are shared with Resend solely for the purpose of delivering these messages.

For more information, see Resend's privacy policy: https://resend.com/legal/privacy-policy (opens in new tab)

We use Sentry (opens in new tab) (Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA) for error monitoring and performance tracking.

Sentry may collect technical data such as IP addresses, browser information, device type, and error context to help us identify and fix issues in our application. This data is used exclusively for improving the reliability of our service.

For more information, see Sentry's privacy policy: https://sentry.io/privacy/ (opens in new tab)

Our platform integrates with external APIs to provide bibliography and reference management features:

• Mendeley (opens in new tab) (Elsevier B.V.) — Used for importing and searching bibliographic data. Search queries and document metadata may be sent to the Mendeley API.
• Semantic Scholar (opens in new tab) (Allen Institute for AI) — Used for academic paper search. Search queries are sent to the Semantic Scholar API.

These services receive only the search queries and metadata necessary to provide results. No personal account data is shared with these providers.

Privacy policies:

• Mendeley: https://www.elsevier.com/legal/privacy-policy (opens in new tab)
• Semantic Scholar: https://allenai.org/privacy-policy (opens in new tab)

Our website loads external resources from content delivery networks (CDNs) to provide fonts and stylesheets:

• Google Fonts (opens in new tab) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) — Fonts are loaded from Google's servers. Your browser sends your IP address to Google when requesting these resources.
• jsDelivr (Prospect One Sp. z o.o.) — CSS stylesheets for mathematical typesetting (KaTeX) are loaded from jsDelivr. Your browser sends your IP address when requesting these resources.

Privacy policies:

• Google Fonts: https://policies.google.com/privacy (opens in new tab)
• jsDelivr: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net (opens in new tab)

Our website uses the following cookies:

• Session cookie (_session) — An essential cookie used to maintain your logged-in state. It is HttpOnly, SameSite: Lax, and expires after 7 days. The session data is stored in Cloudflare KV; the cookie itself contains only a session identifier.

We do not use advertising cookies, tracking cookies, or analytics cookies. The session cookie is strictly necessary for the functionality of our service.

You have the following rights under the GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure ("right to be forgotten," Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)

To exercise these rights, please contact: hi@quebi.de

You may withdraw your consent to data processing at any time with future effect. The legality of processing carried out prior to withdrawal remains unaffected.

This privacy policy is effective as of February 2026. We reserve the right to update it to reflect legal or technical changes. The most current version will always be available at klartex.app/privacy.