Legal & transparency
Cookies and similar technologies
In short: Acutic uses only strictly-necessary cookies and two cookieless analytics tools (Plausible + PostHog). No tracking cookies, no advertising cookies, no fingerprinting, no third-party analytics scripts persist anything on your device. Under § 25 (2) Nr. 2 TDDDG (the German implementation of Art. 5 (3) ePrivacy Directive), strictly-necessary storage does not require prior consent, so we do not display a cookie banner.
Analytics — Plausible (cookieless)
We use Plausible Analytics, an EU-hosted (Hetzner, Falkenstein, Germany) cookieless web-analytics service. The Plausible script does not set any cookies, does not use localStorage or fingerprinting, and does not collect personal data: it counts page views and computes a daily-rotating hash from your IP address and User-Agent that is discarded after 24 hours. See the Plausible data policy for details.
Analytics — PostHog (cookieless)
We additionally use PostHog on the EU cluster (Hetzner, Frankfurt, Germany) for product analytics — page views, web vital metrics, and feature-usage events on the dashboard. The PostHog browser SDK runs in persistence: 'memory' mode: it does not set cookies, does not use localStorage, and does not fingerprint your device. On the dashboard, once you are signed in, we attach your internal account ID (a UUID — not your email or name) to subsequent events so we can measure per-user feature usage and retention. The dashboard sends nothing on the public marketing site; only anonymous pageviews flow from acutic.io.
When you delete your account, we propagate the deletion to PostHog within minutes via an authenticated server-side call. You can also email privacy@acutic.io to request immediate erasure.
Strictly-necessary cookies in use
| Name | Purpose | Duration | Category | Set by |
|---|---|---|---|---|
| acutic_session | Authenticated session — keeps you logged in to the Acutic product app. | Session (cleared on browser close) + sliding 7-day refresh window. | Strictly necessary (TDDDG §25(2)(2)) | Acutic (first-party) |
| acutic_csrf | CSRF token — protects forms and API calls against cross-site request forgery. | Session (cleared on browser close). | Strictly necessary (TDDDG §25(2)(2)) | Acutic (first-party) |
| acutic_lang | UI language preference (EN / DE). | 1 year. | Strictly necessary (TDDDG §25(2)(2)) | Acutic (first-party) |
| cf_turnstile (challenge cookies) | Cloudflare Turnstile bot-protection challenge on the early-access form. Set only when a challenge is presented. | 30 minutes. | Strictly necessary (TDDDG §25(2)(2)) | Cloudflare (sub-processor — see /legal/subprocessors) |
| acutic_consent_record | Records that you have acknowledged the AI-disclosure modal at first login. Required by EU AI Act Art. 50. | 3 years (audit retention). | Strictly necessary (TDDDG §25(2)(2)) | Acutic (first-party) |
Why no consent banner?
§ 25 (2) TDDDG exempts storage that is strictly necessary for the service the user actively requested. All entries in the table above qualify under that exemption. Our analytics tool is cookieless and stores nothing on your device, so it is also outside the scope of § 25 (1) TDDDG. We therefore display no banner.
If we ever add tracking technology that is not strictly necessary (for example, third-party advertising pixels or product analytics that set cookies), we will publish an updated version of this page and add a TDDDG-compliant consent banner with three equal-prominence options (Accept all / Reject all / Settings).
Related pages
Cookies — Deutsche Fassung
Kurzfassung: Acutic verwendet ausschließlich technisch notwendige Cookies sowie zwei cookielose Analyse-Werkzeuge (Plausible für die Marketing-Site und PostHog für die Produktanwendung, beide EU-gehostet). Tracking-Cookies, Werbe-Cookies, Fingerprinting und externe Analyse-Skripte werden nicht eingesetzt. Im eingeloggten Dashboard übermittelt PostHog zusätzlich Ihre interne Konto-ID (eine UUID, weder E-Mail noch Name), damit wir Funktionsnutzung pro Konto messen können — gespeichert wird auf Ihrem Gerät dennoch nichts. Bei Kontolöschung werden die zugehörigen PostHog-Daten innerhalb weniger Minuten entfernt. Da § 25 (2) Nr. 2 TDDDG für technisch notwendige Speichervorgänge keine Einwilligung verlangt, zeigen wir kein Cookie-Banner.
Wenn künftig nicht-notwendige Tracking-Technologien hinzukommen, ergänzen wir diese Seite und stellen ein TDDDG-konformes Banner mit gleichwertigen Auswahloptionen (Alle akzeptieren / Alle ablehnen / Einstellungen) bereit.
Letzte Aktualisierung: 2026.