Effective Date: February 2026

Privacy Policy / Datenschutzerklärung

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

NMA Venture Capital GmbH
Am Sandtorkai 27
20457 Hamburg
Germany

Email: info@nma.vc
Imprint: https://nma.vc/imprint

2. General Information on Data Processing

2.1 Scope of Processing

We process personal data of our users generally only to the extent necessary to provide a functional website, as well as our content and services (SaaS platform).

2.2 Legal Basis

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis (e.g., Google Analytics).

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis (use of the SaaS software).

If processing is necessary to protect a legitimate interest of our company or a third party (e.g., hosting, security), Art. 6(1)(f) GDPR serves as the legal basis.

3. Provision of the Website and Log Files (Hosting)

3.1 Description and Scope

Each time our website is accessed and the web application is used, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • IP address of the user
  • Date and time of access
  • Browser type and version
  • Operating system of the user
  • Referrer URL (the previously visited page)

3.2 Hosting Provider

We host our application and databases with specialized service providers to ensure a secure and high-performance provision. We have concluded a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR with all service providers.

Our infrastructure partners are:

  • Vercel Inc. (Frontend Hosting & Edge Network, USA/Global)
  • Supabase Inc. (Database & Backend, USA/Frankfurt)
  • Google Cloud Platform (Infrastructure, Ireland/EU)
  • Railway Corp. (App Hosting, USA)

Insofar as data is transferred to providers in the USA (Vercel, Supabase, Railway), we rely on the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework (DPF), provided the providers are certified, or alternatively on the Standard Contractual Clauses (SCC) of the EU Commission.

3.3 Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR (Legitimate interest in technical security and stability).

4. Registration and Use of the SaaS Software

4.1 Description and Scope

On our website, we offer users the opportunity to register by providing personal data in order to use the software. The data is entered into an input mask and transmitted to us and stored.

The following data is collected during the registration process:

  • Email address
  • Password (encrypted/hashed)
  • First and Last name
  • Company name and VAT ID (for B2B verification)

4.2 Purpose and Legal Basis

Registration is necessary for the performance of the contract with the user or for the implementation of pre-contractual measures. The legal basis is Art. 6(1)(b) GDPR.

5. Payment Processing (Stripe)

We use the payment service provider Stripe Payments Europe, Ltd. (Ireland) to process payments (subscriptions).

We do not store credit card data or bank details ourselves. These are transmitted directly to Stripe. Stripe assumes the function of an independent controller or joint controller for the transaction data.

The legal basis is the performance of the contract (payment obligation) in accordance with Art. 6(1)(b) GDPR.

Further information on data protection at Stripe can be found at: https://stripe.com/de/privacy

6. Transactional Emails (Unosend)

For the dispatch of system-critical emails (confirmation of registration, password reset, invoices), we use the service provider Unosend.

For this purpose, the email address of the user is transmitted to the service provider.

The legal basis is the performance of the contract (Art. 6(1)(b) GDPR), as these emails are an essential part of the service.

7. Web Analytics (Google Analytics)

7.1 Scope of Processing

Insofar as you have given your consent via our cookie banner, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited.

Google Analytics uses "cookies", which enable an analysis of your use of the website. We use the "IP anonymization" function, which means that your IP address is truncated by Google within member states of the European Union.

7.2 Legal Basis

The legal basis for processing personal data using Google Analytics is your consent pursuant to Art. 6(1)(a) GDPR. Consent can be revoked at any time via the cookie settings on our website.

7.3 Third Country Transfer

The information generated by the cookie is usually transferred to a Google server in the USA. Google relies on the EU-U.S. Data Privacy Framework.

8. Rights of the Data Subject

If personal data is processed by you, you are a "data subject" within the meaning of the GDPR and you have the following rights vis-à-vis us:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure ("Right to be forgotten" – Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to notification (Art. 19 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.