Privacy Policy

1. General Information

Protecting your personal data is very important to us. This privacy policy explains which data is collected on this website and how it is used.

2. Controller

The responsible party for data processing on this website is:
Dominik Baumann
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Germany

3. Data Collected, Purposes and Legal Bases

Using this website is generally possible without providing personal data. The following functions, however, process data. For each processing activity we inform you about purpose, legal basis and storage period:

• Contact form: When used, your name, email address, subject and message are processed to respond to your inquiry. Legal bases are Art. 6 (1) lit. b GDPR (pre-contractual communication) and our legitimate interest in efficient handling pursuant to Art. 6 (1) lit. f GDPR. We store these data for up to six months after the conversation has ended unless statutory retention duties require otherwise.
• Product and access data via Supabase: When retrieving product information, access data (e.g. IP address) are processed to provide the content and maintain system security. Legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Log files are usually deleted automatically after 30 days.
• Language preference: Your selected language is stored in your browser's local storage so the website appears in that language on your next visit. Legal basis is your consent according to Art. 6 (1) lit. a GDPR, which you can withdraw at any time by deleting the data in your browser. Storage continues until you clear your local storage.
• Tools & calculators: Inputs in features like the protein calculator, ideal weight calculator, weekly planner or other tools are transmitted to Supabase and processed there to calculate results. Legal bases are Art. 6 (1) lit. b GDPR for providing the requested functionality and Art. 6 (1) lit. f GDPR for troubleshooting. Supabase logs access data and provided values for error analysis, which are generally deleted after 30 days. Export and PDF functions still run locally.
• Vercel Analytics: For anonymous reach measurement we record page views without the use of cookies. Legal basis is our legitimate interest in statistical evaluation pursuant to Art. 6 (1) lit. f GDPR. The data are aggregated and typically anonymised after 30 days.
• Comments on blog posts and recipes: When publishing a comment, the name you enter, the comment text, and an anonymous editor token (UUID) generated in your browser are stored. The token’s only purpose is to let you edit or delete your own comment later; it does not identify you and is never returned to other visitors. No email address is collected. IP addresses are processed only briefly in memory for rate-limiting and are never persisted. Legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in a spam-free discussion). You can delete your comment yourself using the “Delete” button at any time, or request deletion via the contact form.
• Recipe ratings: When you submit a rating, the star value (1–5) and a random token (UUID) generated in your browser are stored. The token is used solely to prevent duplicate ratings per browser; it does not identify you. The same token is also stored in your local storage; clearing local storage breaks the link. Legal basis is Art. 6 (1) lit. f GDPR.
• Cloudflare Turnstile (bot protection): When you submit a comment or rating, Cloudflare Turnstile checks whether the request originates from a real browser. Technical browser data is transmitted to Cloudflare Inc., 101 Townsend St, San Francisco, CA, USA. Legal basis is Art. 6 (1) lit. f GDPR. EU Standard Contractual Clauses ensure an adequate data protection level.

4. Hosting and Services

This website uses the following external services:

• Vercel for hosting and Vercel Analytics. Provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. An adequate data protection level is ensured by EU Standard Contractual Clauses and the choice of EU data centers. Vercel stores access data (e.g. IP addresses) temporarily and usually deletes them after 30 days.Privacy Policy
• Supabase (Supabase, 970 Toa Payoh North, #07-04, Singapore 318992) for providing product and food data and processing inputs in our tools. Data are processed in the AWS region eu-central-1 (Frankfurt, Germany). Supabase temporarily stores access data and submitted values for error analysis and relies on EU Standard Contractual Clauses for safeguards.Privacy Policy
• Resend (Resend Ireland Limited, 7 Grand Canal Street Lower, Dublin, D02 KW81, Ireland) for sending messages from the contact form. Resend also uses infrastructure of Resend Inc., USA. EU Standard Contractual Clauses ensure an adequate protection level.Privacy Policy

5. Cookies, Consent and Google Consent Mode

This website only uses cookies with your explicit consent.

Consent Management (Google Funding Choices)

We use the Google Consent Management Platform (Funding Choices) to manage your consent. On your first visit, a cookie banner will be displayed where you can grant or deny consent. Your decision is stored and respected on future visits.

Google Consent Mode v2

This website implements Google Consent Mode v2. This means:

• Without your consent, no tracking cookies are set
• Google Analytics and AdSense automatically respect your cookie preferences
• You can change your consent at any time via the cookie banner that reappears

Necessary Storage

Your language preference is stored in your browser's local storage. This is technically necessary and does not require separate consent.

Meal planner: When you use the meal planner at /tools/mahlzeitenplaner, the meals, portions, notes and daily targets you enter are stored in your browser's local storage (key essentials.mealPlan.v1) so your plan persists across sessions. No data is transmitted to our server or any third party; only you can access it via your own browser. This storage is strictly necessary for the explicitly requested functionality of the tool (§ 25 (2) no. 2 TTDSG / GDPR Art. 6 (1) (f)). You can disable this storage at any time using the “Save plan in browser” toggle directly inside the tool — stored data is then removed immediately. You can also clear it via your browser settings.

Analytics and Advertising Cookies (with consent)

With your consent, Google Analytics and Google AdSense set cookies for analytics and displaying personalised advertisements. You can withdraw your consent at any time by accessing the cookie banner again or deleting cookies in your browser settings.

6. Google Analytics and Google Tag Manager

This website uses Google Analytics 4 and Google Tag Manager, services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager

Google Tag Manager is a tool that allows us to manage tracking and analytics tags centrally. The Tag Manager itself does not set cookies and does not collect personal data. However, it triggers other tags that may collect data.

Google Analytics 4

Google Analytics uses cookies and similar technologies to analyse user behaviour on this website. The following data may be processed:

• IP address (anonymised through IP masking)
• Pages visited and time spent
• Technical information (browser, operating system, screen resolution)
• Referrer URL (where you came from)
• Approximate location (country/city level)

Legal Basis

Processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR. Without your consent, no analytics cookies are set and no tracking data is collected.

Data Transfer

Google may transfer data to the USA. An adequate level of data protection is ensured by EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework.

Further Information

• Google Privacy Policy
• Google Analytics Opt-Out Browser Add-on
• How Google uses data from sites or apps that use our services

7. Advertising and Google AdSense

This website uses Google AdSense, an advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Data Processing

Google AdSense uses cookies and similar technologies to display interest-based advertising. The following data may be processed:

• IP address (anonymised)
• Device information (browser, operating system)
• Interactions with advertisements
• Pages visited on this website

Legal Basis

Processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time via the cookie settings.

Data Transfer

Google may transfer data to the USA. An adequate level of data protection is ensured by EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework.

Further Information

• Google Privacy Policy
• Disable personalised advertising
• How Google uses data from sites or apps that use our services

8. Your Rights

You are entitled to:

• Information about the data stored about you
• Rectification of inaccurate data
• Erasure of data
• Restriction of processing
• Data portability
• Objection to the processing of personal data (Art. 21 GDPR)
• Withdrawal of consent with effect for the future (Art. 7 (3) GDPR)
• Lodging a complaint with a supervisory authority (Art. 77 GDPR)

Please contact us by email to exercise your rights:info@essentials.fitness. You may also contact the competent supervisory authority, e.g. the Bavarian Data Protection Authority (BayLDA).

9. Technical and Organisational Measures

We protect your data through technical and organisational measures such as TLS-encrypted transmission, role-based access control, logging of system access and regular updates of the software used.

10. Next.js and Server-Side Rendering (SSR)

This website uses Next.js, a framework for React that supports server-side rendering. Parts of the content are generated on the server before being sent to your browser.

• Processing of IP addresses:
  When visiting the site, your IP address is processed for the duration of server communication to deliver the content correctly.
• Data processing:
  The processing is temporary and solely for the purpose of secure provision of the website.

11. Automatic Logging by Next.js (Server Logs)

When the website is accessed, automatic server logs may be recorded:

• IP address (anonymized where possible)
• Date and time of access
• Pages visited
• User agent (browser type and version)

These data are used solely for troubleshooting and technical security.

12. Automated Decision-Making

No automated decision-making, including profiling, takes place.

13. Changes to this Privacy Policy

We reserve the right to update this privacy policy when necessary to comply with legal requirements or to reflect new functions of the website.