Last updated: 11 July 2026
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Furnify3D GmbH
Elisabethstraße 7Full provider identification in the Legal Notice.
Given the size of our organisation, we are not required to appoint a data protection officer under § 38 BDSG. For data-protection enquiries please contact us directly via the email address above.
We process personal data only to the extent necessary to provide a functional website together with our content and services. Such processing is normally based on the user's consent or on a statutory permission (in particular Art. 6(1)(b) and (f) GDPR).
When you visit our website, our hosting provider automatically captures technical data in log files:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation). Retention: up to 14 days, then anonymised aggregation or deletion.
The website is hosted on servers operated by Vercel Inc. (frontend) and Hetzner Online GmbH (backend, API server, worker, and object storage). Hetzner servers are located in Falkenstein, Germany. Vercel operates a global infrastructure; individual requests may be processed in data centres in the United States or other third countries.
Legal basis: Art. 6(1)(f) GDPR (provision of services). Data processing agreements pursuant to Art. 28 GDPR are in place. Transfers to the United States are based on the EU-US Data Privacy Framework or on Standard Contractual Clauses (Art. 46 GDPR).
We use Supabase (Supabase Inc.) for sign-up and sign-in. The data is processed in a Postgres database hosted in an EU region (Frankfurt). We collect:
Session tokens are stored in your browser's local storage and are not retained on our servers.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Retention: for the duration of your usage; after account deletion, identification data are removed without undue delay. A data processing agreement pursuant to Art. 28 GDPR is in place.
To register for the free trial we collect the email address you provide. We use it solely to grant trial access and to notify you when the trial period ends.
Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract). Retention: until the end of the trial period; deletion thereafter unless a contract is concluded.
Subscriptions are processed through Stripe (Stripe Payments Europe Ltd., governed by Irish law, with offices in the United States and elsewhere). Payment data (card details, SEPA mandate data, etc.) is entered directly with Stripe and is processed exclusively by Stripe — we neither receive nor store this data. Stripe only transmits to us information about successful payments, the associated Stripe customer ID, and the chosen plan.
During checkout we additionally log your consent to performance beginning before the end of the withdrawal period (time, wording and version of the declaration) in order to meet our statutory duties of proof.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Transfers to the United States are based on the EU-US Data Privacy Framework or on Standard Contractual Clauses. A data processing agreement pursuant to Art. 28 GDPR is in place. Stripe's privacy policy: stripe.com/privacy.
Our cancellation page (Cancel contracts here) lets you cancel contracts without logging in. We process the data you provide (email address, optional contract/organization details, type of cancellation, reason where applicable and requested effective date) together with the date and time of receipt. We store the cancellation notice for processing and as legally required proof and send you a confirmation of receipt by email.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR in conjunction with § 312k of the German Civil Code (statutory confirmation duty). Retention: for the duration of statutory evidence and limitation periods.
On one of our sub-pages (the catalogue) we embed the pCon catalogue of our partner EasternGraphics GmbH via an iframe. Technically necessary connection data (in particular your IP address, user agent, and cookie data) is transmitted directly to the EasternGraphics servers. We have no influence on the scope of this data collection; details are governed by the EasternGraphics privacy policy: easterngraphics.com/en/data-protection.
The catalogue uses its own cookies and similar technologies in four categories (strictly necessary, diagnostics, statistics, YouTube) and may show its own cookie dialog for this purpose. According to EasternGraphics, the catalogue's audience measurement (Matomo) runs on its own servers in Germany with anonymised IP addresses; YouTube videos are embedded in extended privacy mode and only transmit data to YouTube once played.
Legal basis: Art. 6(1)(b) and (f) GDPR (provision of the catalogue as a core function).
To improve user experience we store the following values locally in your browser; these are not transmitted to our servers:
furn4viz_lang) — DE / EN / ESfurn4viz_fs) — preview images and configuration data for performanceYou may clear this data at any time through your browser settings.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional web application) and § 25(2) no. 2 TDDDG (storage strictly necessary on the end device).
On our landing page we use Matomo Analytics via
Matomo Cloud (InnoCraft Ltd., hosted at
furnify3d.matomo.cloud) to understand how visitors
use the site (e.g. which sections they view, where they drop off,
whether they sign up for trial notifications). We use cookieless
tracking in a minimal configuration: we do not set analytics
tracking cookies, and without your consent no device information
is read from your device — browser feature detection including
so-called client hints (e.g. browser version list, operating
system version, screen resolution, supported browser features) is
disabled. IP addresses are anonymized in Matomo (server-side
setting, truncation of at least 2 bytes). No marketing profiles
are created. Campaign parameters from ad links (e.g. Google Ads)
are only used to attribute traffic sources.
Only if you consent to the “Statistics” category via our cookie banner do we additionally collect the aforementioned device information (browser version, operating system, screen resolution, supported features) for our device and browser statistics — still without tracking cookies. You can withdraw this consent at any time with effect for the future via the cookie settings (link in the footer).
Also only after your consent to the “Statistics” category does Matomo create heatmaps and session recordings (the “HeatmapSessionRecording” feature): this records your interactions with the page such as mouse movements, clicks, scrolling behaviour and time on page, in order to improve user guidance and page layout. Input in form fields is masked and not recorded in clear text. Without this consent the feature is fully disabled and no such data is transmitted (its configuration is only loaded after consent, too). Processing takes place within the same Matomo Cloud instance; no additional recipients are involved. You can withdraw your consent at any time with effect for the future via the cookie settings.
You may object to this analysis altogether by enabling “Do Not Track” in your browser (with “Do Not Track” enabled, no Matomo collection takes place at all) or via the Matomo opt-out page. Matomo's privacy policy is available at matomo.org/privacy-policy.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring and optimizing our website) for the cookieless minimal collection; for reading device information and for heatmaps and session recordings after consent, § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent, revocable at any time). You have the right to object at any time on grounds relating to your particular situation (Art. 21(1) GDPR).
We only set strictly necessary cookies or comparable storage required to operate the website. Matomo on the landing page runs without tracking cookies. When you visit Stripe's payment pages, Stripe may set its own cookies; Stripe's privacy policy applies there.
We use the consent management platform Cookiebot (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark) to manage your consent. You can change or withdraw your consent at any time with effect for the future: open cookie settings. The current overview of cookies in use:
Legal basis: § 25(2) no. 2 TDDDG (strict necessity) or § 25(1) TDDDG, Art. 6(1)(a) GDPR (cookies requiring consent).
We use Resend (Plus Five Five, Inc., USA) to send system and transactional emails (e.g. confirmations of receipt and of contract, trial notifications). Your email address and the respective message content are processed. Transfers to the USA are based on the EU-US Data Privacy Framework and standard contractual clauses; a data processing agreement is in place.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (reliable delivery of system messages).
We use Sentry (provider: Functional Software, Inc., USA) on our servers to detect and fix technical errors; the error data is processed in the EU region (Germany, ingest.de.sentry.io). When an error occurs, technical diagnostic data is processed (including IP address, time, affected endpoint and technical error details). We also use Grafana Cloud (provider: Grafana Labs, USA) to monitor system health; the data is held in the EU region (London, eu-west-2), and only aggregated technical metrics without personal data are transmitted there. Where the US-based providers can access data for support or maintenance, we base this on the EU-US Data Privacy Framework and standard contractual clauses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation). Retention of error diagnostic data: maximum 90 days.
Personal data is only disclosed to the following categories of recipients:
An up-to-date overview of the providers engaged as processors, with purpose, location and transfer mechanism, is available in our subprocessor list. For business customers, the Data Processing Agreement (DPA) applies in addition.
Where personal data is transferred to providers established in the United States (in particular Stripe and Vercel), such transfers are based on an adequacy decision of the European Commission (EU-US Data Privacy Framework) and/or on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
US providers currently in use are Vercel, Stripe, Supabase (support access), Resend, Sentry and Grafana Labs. We continuously monitor the legal situation regarding the EU-US Data Privacy Framework and agree standard contractual clauses as an additional safeguard so that transfers remain covered even if the adequacy decision were to lapse.
Personal data is deleted as soon as the purpose of processing ceases, unless statutory retention obligations apply (in particular § 257 HGB and § 147 AO: up to 10 years for accounting-relevant data).
Uploaded files and intermediate processing artifacts are removed by regular automated clean-up runs once processing is complete, unless they are needed for results you have retrieved. Records of consents and cancellations are retained for the duration of statutory evidence and limitation periods.
You have the following rights under the GDPR:
To exercise your rights, please send an informal email to info@furnify3d.com.
You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The competent authority for us is:
Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit (TLfDI)This section applies to visitors and customers in the United States. Depending on your state of residence (e.g. California, Virginia, Colorado, Connecticut, Texas), you may have the right to know what categories of personal information we collect, to access, correct or delete your personal information, to opt out of the sale or sharing of personal information and of targeted advertising, and not to be discriminated against for exercising these rights.
We collect the categories of personal information described in this policy (identifiers such as name and email address, commercial information such as subscription and payment records, and internet activity such as server log data) for the purposes described here. We do not sell personal information and do not share it for cross-context behavioral advertising. We disclose personal information only to the service providers listed in the "Categories of Recipients" section.
We honor the "Do Not Track" browser setting for our web analytics: if Do Not Track is enabled, no Matomo data is collected at all. Signals such as Global Privacy Control are treated the same way where applicable law requires it.
You can exercise your rights — regardless of your state of residence — by emailing info@furnify3d.com. We will verify your request using the email address associated with your account and respond within the timeframe required by applicable law. You may use an authorized agent, provided we can verify the agent's authority and your identity.
Our service is directed at professionals and businesses and not at children. We do not knowingly collect personal information from children under 16 years of age (or under 13 within the meaning of the U.S. COPPA rules). If you believe a child has provided us with personal information, please contact us at info@furnify3d.com and we will delete it.
We reserve the right to amend this Privacy Policy to reflect changes in the legal landscape or in the way we operate our service. The version in force at the time of your subsequent visit will then apply.