Privacy

The controller responsible for data processing on this site is:

Co-fé GmbH · Petersbergstr. 13, 50939 Köln · Germany
Managing Director: Benedict Schönenstein
Email: ben@askmatchbox.com

• Problem descriptions you submit - to extract your intent and rank matching products, and - in abstracted form - to improve matching over time. The text is sent to our AI provider (see below). Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in operating and improving the service.
• Email address - only when you provide it - to sign in via magic link, claim a listing, or join a waitlist/notification list. Legal basis: performance of a request you made / pre-contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)).
• Listing claims & suggested corrections - to manage ownership of a listing and keep the catalog accurate. Legal basis: Art. 6(1)(b) and (f).
• Technical request data (e.g. IP address, timestamps) - for security, abuse prevention and rate limiting. Legal basis: legitimate interest (Art. 6(1)(f)).

We use the following processors, each under a data-processing agreement, to run the service:

• Render - application hosting (region: Frankfurt, EU).
• Supabase - database, authentication and file storage.
• OpenAI - AI matching - the text of your problem is sent to OpenAI (United States) to extract intent and rank products.
• Resend - transactional & notification email (United States).

We do not sell your data, and we do not use it for cross-site advertising.

Some processors (OpenAI, Resend) are based in the United States. Where data is transferred outside the EU/EEA, it is safeguarded by EU Standard Contractual Clauses and/or the EU–U.S. Data Privacy Framework.

Matchbox uses only strictly necessary cookies - the session cookies that keep you signed in after a magic-link login. These are required for the service to function and do not need consent. Your light/dark theme choice is stored in your browser’s local storage. We currently run no advertising or cross-site tracking cookies.

We keep submitted problem text and match results for as long as useful to operate and improve matching, and account and listing-claim data for as long as your account or listing is active. If you delete your account, the associated personal data is deleted within 30 days, except where we are required to retain it longer. Outreach email bodies are purged on a rolling 90-day window, and technical logs are deleted after 90 days. Billing and accounting records are retained for up to 10 years as required by German law (§ 147 AO, § 257 HGB). You can ask us to delete your data at any time.

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability and objection, and the right to lodge a complaint with a supervisory authority. To exercise any of these, email ben@askmatchbox.com.

You also have the right to lodge a complaint with a data-protection supervisory authority. The competent authority for Co-fé GmbH is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf (ldi.nrw.de).