← Back to home

Privacy policy

1. Controller

Philipp Kleine Jäger
Winterbachstraße 6
60320 Frankfurt am Main
Email: philipp.kleinejaeger@gmail.com

2. Data we collect

  • Account data: email address, name (when registering via Clerk)
  • Charging session data: kWh, date, time, meter readings, device data
  • Payment data: processed directly by Stripe; we do not store credit card numbers
  • Usage data: IP address, browser type, access times (server logs)
  • Error reports: When you experience an error, we capture anonymized technical details so we can fix the problem quickly
  • Service data: We measure how fast our systems respond and where users get stuck — without storing any personally identifiable information (see section 5)

3. Legal basis

We process personal data based on:

  • Art. 6(1)(b) GDPR (performance of a contract) — so we can provide our service to you
  • Art. 6(1)(f) GDPR (legitimate interest) — so we can detect and fix errors you experience and improve the service for you

4. Recipients / processors

To keep mimmi running reliably, we work with specialized service providers. Each has a clearly defined role — none receives more data than necessary:

  • Clerk (sign-in & account security) — USA, EU Standard Contractual Clauses
  • Stripe (payment processing) — USA, EU Standard Contractual Clauses. Your credit card details go directly to Stripe and are never stored on our servers.
  • Supabase (database) — EU (Frankfurt). This is where your charging sessions and documents are stored — exclusively in the EU.
  • Vercel (hosting & performance monitoring) — EU (Frankfurt). We measure how fast our pages load for you so we can identify and fix bottlenecks. This measurement works without cookies and without storing your IP address.
  • Cloudflare (document storage) — EU
  • Resend (email delivery) — USA, EU Standard Contractual Clauses
  • Sentry (error detection) — USA, EU Standard Contractual Clauses. When something goes wrong, Sentry helps us find and fix the issue quickly.
  • Railway (background processing) — USA
  • Pendo (user guidance & help) — EU (Frankfurt). Pendo helps us spot where users get stuck, so we can make mimmi easier to use. It also lets us show helpful tips directly inside the app. Pendo only sees which pages and features you use — never the contents of your charging sessions, invoices, or documents.

5. How we protect your data

Privacy is not an afterthought at mimmi — it is a design principle. We want you to understand exactly what we do — and what we don't:

  • Your data stays in the EU: Charging sessions, documents, and account data are stored exclusively in Frankfurt. We choose EU locations for every service where available.
  • Only what's needed: We only collect data that is actually required to create your reimbursement documents. Our analytics tools see no charging data, no financial data, and no document contents.
  • No tracking cookies for analytics: We measure how fast our systems respond without setting cookies or storing your IP address.
  • Guidance, not surveillance: Pendo shows you helpful tips and shows us where users struggle. It only sees navigation and clicks — never the contents of your data.
  • Everything encrypted: Your connection to mimmi is always encrypted. Wallbox credentials are additionally encrypted at rest using AES-256-GCM.
  • Full deletion: You can delete your account at any time from Settings. We then remove all personal data — only documents required by tax law are retained as required by § 147 AO.
  • Tamper protection: All changes to your invoices are logged in a tamper-proof audit trail. This protects the integrity of your documents — including for tax authorities.

6. Retention period

  • Account data: until you delete your account
  • Charging sessions: 10 years (statutory tax retention requirement)
  • Reimbursement documents: 10 years
  • Change log: 10 years
  • Payment data: per Stripe policies (we don't store card details)
  • Service data: performance measurements 30 days, error reports 90 days, usage data per Pendo agreement

7. Your rights

You have the right to:

  • Access (Art. 15 GDPR) to your stored data
  • Rectification (Art. 16 GDPR) of inaccurate data
  • Erasure (Art. 17 GDPR), insofar as no statutory retention obligations apply
  • Restriction (Art. 18 GDPR) of processing
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR) to processing

To exercise your rights, contact us at: philipp.kleinejaeger@gmail.com

You also have the right to lodge a complaint with a supervisory authority, e.g. the state data protection authority of your federal state.

8. Cookies

mimmi only uses cookies where technically necessary: to keep you signed in (authentication cookies) and to improve navigation within the dashboard (Pendo). Pendo cookies are used solely to make mimmi easier to use.

We do not use advertising cookies and we do not track you across other websites. Our performance monitoring works entirely without cookies.

9. SSL encryption

All data is transmitted via an encrypted HTTPS connection.

10. Changes

We may update this privacy policy to reflect changes in legal requirements or changes to the service.

Last updated: 02.03.2026