Jeremias Meister - Tools & Pipeline

Privacy Policy

Last Updated: 29.11.2025

This Privacy Statement gives you an overview of the processing of your personal data in the context of the use of the website at https://www.cg-jm.com/ (the “Website“) and our desktop software “Project Succession” (the “Software”). This Privacy Statement also informs you about your rights and the possibilities to control your personal data and to protect your privacy. Responsible as a data controller for data processing on the Website is Jeremias Meister, Trautmannstr. 11, 81373 Munich, Germany. This person is also meant if the terms “we“ or “us“ are used in the following. You can contact Jeremias Meister with privacy related inquiries under contact@cg-jm.com.

1. Introduction

In the following, we provide information about the collection of personal data when using our website cg-jm.com and our profiles in social media. Personal data is any data that can be related to a specific natural person, such as their name or IP address.

1.1. Contact details

The controller within the meaning of Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Jeremias Meister Trautmannstr. 11 81373 Munich Germany, email: contact@cg-jm.com.

Once Project Succession is commercially released under a registered company, the data controller will be: cg-jm UG (haftungsbeschränkt), [address], represented by the Managing Director. Until this change takes effect, the controller remains the individual named above.

We are not legally required to appoint a Data Protection Officer pursuant to Art. 37 GDPR.

We detail the scope of data processing, processing purposes and legal bases below. In principle, the following come into consideration as the legal basis for data processing:

1.3. Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed by adequacy decisions of the EU Commission, insofar as they exist (e.g. for Great Britain, Canada and Israel) (Art. 45 para. 3 GDPR).

If no adequacy decision exists (e.g. for the USA), the legal basis for the data transfer are usually, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 para. 2 lit. b GDPR, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that go beyond the standard contractual clauses to protect the data. These include, for example, guarantees regarding the encryption of data or regarding an obligation on the part of the third party to notify data subjects if law enforcement agencies wish to access the respective data.

In addition, for transfers to service providers in third countries where no adequacy decision exists (e.g., the USA), we rely on the EU Standard Contractual Clauses (SCCs) according to Art. 46 para. 2 lit. c GDPR.

Despite these safeguards, we cannot guarantee that access by public authorities in the third country can be fully excluded. Data subjects may request copies of the relevant SCCs by contacting us.

1.4. Storage duration

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

1.4.1 Specific Retention Periods

In addition to our general deletion policy, the following specific retention periods apply:

1.5. Rights of data subjects

Data subjects have the following rights against us with regard to their personal data:

Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data. Contact details of the data protection supervisory authorities are available at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

Where processing is based on consent (e.g., behavioral analytics within the Software, beta surveys), data subjects may revoke their consent at any time by contacting us at contact@cg-jm.com.

Revocation does not affect the lawfulness of processing carried out before the revocation.

1.6. Obligation to provide data

Within the scope of the business or other relationship, customers, prospective customers or third parties need to provide us with personal data that is necessary for the establishment, execution and termination of a business or other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or to provide a service or will no longer be able to perform an existing contract or other relationship.

Mandatory data are marked as such.

1.7. No automatic decision making

As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 GDPR to establish and implement the business or other relationship. Should we use these procedures in individual cases, we will inform of this separately if this is required by law.

1.8. Making contact

When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) to answer inquiries directed to us. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

1.9. Competitions

Occasionally, we offer competitions via our website or in other ways. We process the data requested in these competitions in order to determine and notify the winners. Afterwards, we delete the data. It may also be that we only offer competitions for existing customers. In this case, we only process the name to determine the winners and the contact data to notify the winners.

It is our legitimate interest to offer competitions to attract customers or to interact with our existing customers. The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR.

1.10. Customer surveys

From time to time, we conduct customer surveys to get to know our customers and their wishes better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit. f GDPR. We delete the data when the results of the surveys have been evaluated.

1.11 Data processing for the provision of our software products

For the purposes of creating an account and the subsequent use of our Project Succession software, we process the following personal data: Display name, email address, IP address. Art. 6(1)(b) GDPR (Performance of a Contract). We have a need in collecting this data in order to provide our software.

For the purposes of creating, offering to use, developing and improving our Project Succession software and to analyze user behavior and preferences, we also process the following personal data:

Behavior in the Project Succession Software

Interactions related to the user account created for Project Succession

(Additional) behavioral data on cg-jm.com that goes beyond the basic, pseudonymised web statistics described in section 3.2

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a GDPR. The processing is based on consent. Data subjects can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

1.12. Conducting surveys as part of our alpha/beta tests

Users are offered the opportunity to complete a survey about their use of the Project Succession. In doing so, the following personal data will be processed:

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a GDPR. The processing is based on consent. Data subjects can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

1.13. Children

Our services, including the Software and Website, are not intended for persons under 16 years of age.

We do not knowingly collect personal data from children. If we become aware that data of a person under 16 has been collected, we will delete this data immediately.

2. Newsletter

We reserve the right to inform customers who have already used services from us or purchased goods from time to time by email or other means electronically about our offers, if they have not objected to this. The legal basis for this data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest is to conduct direct advertising (recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without incurring additional costs, for example via the link at the end of each e-mail or by sending an e-mail to our above-mentioned e-mail address. Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Subscription takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another clear action, whereby interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 para. 1 s. 1 lit. a GDPR. Consent can be revoked at any time, e.g. by clicking the corresponding link in the newsletter or notifying our e-mail address given above. The processing of the data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 para. 1 s. 1 lit. a GDPR), we also measure the opening and click-through rate of our newsletters to understand what is relevant for our audience.

3. Data processing on our website and within the Software

For all non-essential cookies and external services requiring consent (e.g., analytics, embedded videos), we use a Consent Management Platform (CMP).

When visiting our Website for the first time, users can choose which categories of cookies or services they allow. These preferences can be changed at any time through the cookie settings link displayed on the Website.

Legal basis: Art. 6 para. 1 lit. a GDPR (Consent).

For all non-essential cookies and external services requiring consent (e.g., analytics, embedded videos), we use a Consent Management Platform (CMP).

When visiting our Website for the first time, users can choose which categories of cookies or services they allow. These preferences can be changed at any time through the cookie settings link displayed on the Website.

Legal basis: Art. 6 para. 1 lit. a GDPR (Consent).

3.1. Spam Protection with Google reCAPTCHA

We have implemented Google reCAPTCHA in forms on our website to check whether the data entered in the forms comes from human visitors or from machines or automated programs, also known as “bots”. This tool automatically analyzes the behavior of website visitors as soon as they interact with the website using various information like IP address, length of stay, and mouse movements. The data processed includes usage data such as the website accessed, date and time of access, and mouse movements, as well as communication data like IP addresses, browser type, and operating system. This processing is targeted at website visitors and users of online services. The primary purpose of this processing is to prevent the misuse of our contact form, thereby enhancing security. The legal basis for this is our legitimate interest according to Art. 6 para. 1 p. 1 lit. f. GDPR. The data recipients include Google Ireland Ltd, based at Google Building Gordon House, Barrow St, Dublin 4, Ireland, (https://policies.google.com/privacy) and our website hosting provider. While your personal data is processed within the EU, the retention time for the processed data is determined by Google Ireland Limited. Additional information can be found in the Google reCAPTCHA privacy policy: https://policies.google.com/privacy

3.2 Website Analytics (None)

At the current time, I moved the website from Jimdo (which had Jimdo Analytics) to Cloudflare hosting. I don’t apply any additional Analytics tools at the time being.

3.3. Customer account

Users of Project Succession can create a customer account within the tool. We process the data requested in this context in order to provide the Software and fulfil our contractual obligations. Legal basis for the processing is Art. 6 para. 1 s. 1 lit. b GDPR (performance of a contract).

In addition to the data entered during registration, we process IP addresses, browser resolution and, in the case of SSO, the data transmitted via OpenID.

Users may request deletion of their Project Succession account at any time by contacting us at contact@cg-jm.com. Upon deletion, all account-related data will be removed unless statutory retention obligations apply (see section 1.4.1).

3.3.1. Error Logs and Crash Reports

When the Software encounters technical errors or crashes, diagnostic data may be generated. This can include:

Processing these logs is necessary to ensure stability, security, and improvement of the Software.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in maintaining functionality).

Crash logs are stored for a maximum of 12 months unless earlier deletion is required or requested.

3.4. Technically necessary cookies

Our website sets cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter “Technically Necessary Cookies”), the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website. Specifically, we set technically necessary cookies for the following purpose or purposes:

3.5. Third Parties

3.5.1. Google Firebase

We use Firebase, a framework from Google Ireland Limited (privacy policy: https://firebase.google.com/support/privacy), through which we track and manage the following real-time features in the software:

Firebase Authentication and Firestore: We use these services to create and manage your user account, authenticate you, and store your license information (e.g., email, hashed password, license status). This processing is necessary to provide you with the software you have licensed. The legal basis is Art. 6 para. 1 lit. b GDPR (Performance of a Contract).

Firebase Functions allows the Software to securely communicate with third party providers like Paddle.com Market Limited (https://www.paddle.com/legal/privacy) or Atlassian (https://www.atlassian.com/legal/privacy-policy)

We use the information processed by Google to evaluate the use of the app in order to facilitate the optimisation and further development of the software. The processing is based on Art. 6 para. 1 s. 1 lit. a GDPR. Data subjects can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Passwords stored via Firebase Authentication are hashed using industry-standard hashing algorithms (e.g., bcrypt or equivalent), never stored in plain text.

3.5.2. Paddle

We use the reseller Paddle.com Market Limited (Paddle) to handle all payment processing and order fulfillment. Paddle is the “Merchant of Record” for all transactions. When you purchase our Software, you provide your personal data (name, address, payment information, email) directly to Paddle. We do not receive or store your full payment details. We only receive information from Paddle necessary to fulfill the contract, such as your email address and license type, to create your account.

Paddle is the data controller for your payment and purchase data. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR (Performance of a Contract). Paddle’s privacy policy is available at: https://www.paddle.com/legal/privacy.

3.6. User-Generated Content (Local Data)

Project Succession enables users to create automation pipelines (“User-Generated Content”). This includes scripts, workflows, configurations, third-party tool connections, and any other material created within the Software. All such data is processed and stored exclusively on the user’s local device. We do not access, upload, analyze, or collect this data unless the user expressly and voluntarily provides it (e.g., for support).

You remain the sole controller of this data (Art. 4 No. 7 GDPR).

4. Data processing on social media platforms

We are represented in social media networks in order to present our organization and our services there. The operators of these networks regularly process their users’ data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. To this end, the operators of the networks store information on user behavior in cookies on the users’ computers. Furthermore, it cannot be ruled out that the operators merge this information with other data. Users can obtain further information and instructions on how to object to processing by the site operators in the data protection declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process data there. This may result in risks for users, e.g. because it is more difficult to enforce their rights or because government agencies access the data.

If users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.

4.1. Instagram

We maintain a profile on Instagram. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

4.2. YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.

4.3. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4.4. TikTok

We maintain a profile on TikTok. The operator is musical.ly Inc, 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA. The privacy policy is available here: https://www.tiktok.com/de/privacy-policy.

4.5 Reddit

We maintain a profile on Reddit. The operator is Reddit, Inc, 548 Market St. #16093, San Francisco, California 94104, USA. The privacy policy is available here: https://www.reddit.com/policies/privacy-policy.

4.6 Discord

We maintain a profile on Discord. The operator is Discord Inc, San Francisco, CA, 444 De Haro Street, USA. The privacy policy is available here: https://discord.com/privacy.

5. Changes to this privacy policy

We reserve the right to change this privacy policy with effect for the future. A current version is always available here.

6. Questions and comments

If you have any questions or comments regarding this privacy policy, please feel free to contact us using the contact information provided above.

Effective Date and Versioning

This Privacy Statement is Version 1.0 and was last updated on 29.11.2025.

Future changes will be published on this page.