English is provided for convenience. Where German and English versions differ, the German text takes precedence for legal interpretation.
Important Disclaimer
Immowiser is a data-driven decision-support hub for German property decisions (rental / buy-to-let and simplified owner-occupier orientation). It is not tax, legal, financial or investment advice. All outputs (including verdict, action plan, and triggers) are estimates based on your inputs and the rules applied at calculation time. Owner-occupier mode uses simplifications — not individual tax advice. Laws and programmes (AfA, KfW, transfer tax, energy rules) change often. User-maintained municipal/funding entries (including payout timing and 'apply to model') are assumption inputs and may differ from actual approvals and program terms. Built-in plausibility/conflict checks are technical aids, not legal eligibility determinations. Where enabled on the server, optional AI-assisted features may suggest explanatory text or extraction hints — this does not replace your review or professional advice; you verify and confirm inputs. You are responsible for your decisions. Verify with a qualified Steuerberater and/or legal advisor before acting. No liability for financial loss, tax outcomes, or decisions made using this tool.
The controller under GDPR is Immowiser (sole proprietorship). Full provider details — including name, address and contact email — are in the Imprint. Please use the Imprint contact for privacy requests.
We process personal data only where necessary to provide a working application, perform the contract, comply with legal obligations, or where you have consented. Immowiser is a calculation and decision-support tool; it does not provide tax or legal advice (see disclaimer).
The application runs on professional hosting. Server log data may be generated (e.g. IP in truncated form, timestamp, requested resource). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and stability).
Transport and storage use industry-standard safeguards. Details follow the current technical documentation.
Encryption is applied at infrastructure level; end-to-end encryption of all content by the application is only claimed if separately announced.
Despite reasonable measures, absolute protection against all security incidents cannot be guaranteed.
Responsible party and product focus are Germany (see Imprint). Data residency and delivery depend on the deployed project configuration and applicable agreements.
For registration and sign-in we process the data you provide (email address, optional display name). Legal basis: Art. 6(1)(b) GDPR (contract). Authentication providers may act as processors with appropriate safeguards (including SCCs for third-country transfers where applicable).
Scenarios, inputs and outputs are stored to provide the service and associate data with your account. This may include uploaded documents (e.g. text-layer PDF, .txt) and derived metadata or excerpts where you use those features. Legal basis: Art. 6(1)(b) GDPR. You can trigger deletion and export via account functions where available.
If you use manual funding/municipal entries, related inputs (programme code, type, amounts, payout profile, evidence status, notes) may be processed for modelling.
Integrated calculator modules may store values and derived KPIs so linked areas (Deals, Documents, Assumptions, Calculators, Results, Visuals) stay consistent.
Where included in your plan, structured decision artefacts may be processed (drivers/risks, triggers, action items, audit metadata, export-related dossier data).
Plan limits and entitlements are enforced as authorisation data across the app.
In-app sharing links use protected in-app references; third-party access requires valid sign-in and permission.
For paid plans, payment data is processed by a payment service provider. We typically do not receive full card data—only transaction and subscription status to manage your plan. Legal basis: Art. 6(1)(b) GDPR.
Plan/entitlement information may be processed so gated features apply correctly.
Cookies or similar technologies may be used for sessions and preferences (e.g. theme, language). Strictly necessary cookies support operation (Art. 6(1)(b) or (f) GDPR). A consent banner is shown on first visit. Optional analytics activates only after consent (Art. 6(1)(a) GDPR); you can change settings via “Cookie settings”.
With consent, we may use Google Analytics (GA4) and Microsoft Clarity for statistical evaluation. Without consent these tools are not activated. Revocation anytime via “Cookie settings”. Legal basis: Art. 6(1)(a) GDPR. Third-country transfers rely on mechanisms provided by vendors (in particular EU Standard Contractual Clauses).
The contact form may use a CAPTCHA service (e.g. hCaptcha). Connection data required for that processing may be processed. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in system security).
Some features may use server-configured AI-assisted inference (e.g. explanatory text, structured suggestions from document text). Only inputs necessary for the respective function are processed. Avoid entering unnecessary sensitive personal data in free-text fields.
Inference runs on infrastructure chosen in operations; vendor branding is not presented as professional advice in the product UI.
We apply technical limits to AI calls (caching, rate limits, focused prompts) to minimise data processed.
The documents feature primarily processes PDFs with a text layer and .txt files. Pure scans/images may yield incomplete or no machine-readable content. Detected values are shown as technical suggestions and must be verified before use.
Scope: file contents, suggested field values, technical metadata (e.g. size/slot) and scenario linkage. Legal basis: Art. 6(1)(b) GDPR.
Retention and deletion: document data is stored for product purposes and removed on deletion request or account deletion unless legal retention applies.
Subprocessors: where used (e.g. infrastructure or model inference), processing follows contractual standards; only data necessary for the function is transferred.
Transactional emails (sign-in, security, billing-related notices) are sent via configured mail paths. Legal basis: Art. 6(1)(b) or (f) GDPR.
We store data while a customer relationship exists or statutory retention requires it (e.g. tax retention under German commercial/tax law). After termination or deletion request, data is deleted or anonymised unless retention duties apply.
Subject to GDPR you have rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection to processing under Art. 6(1)(f) (Art. 21), and withdrawal of consent (Art. 7(3)). You may lodge a complaint with a supervisory authority. Contact the address in the Imprint for privacy requests.
We update this statement when legal requirements, vendors or product features change. The version published on this page with the date below applies.
Updated: April 2026 · Version: v1.1