DOCUMENT CLASSIFICATION: LEGAL & COMPLIANCE

PRIVACY POLICY

Data handling, third-party services, infrastructure, and your rights. Last updated: July 5, 2026.

AI Summary / tl;dr

  • TARGET_ENTITY: Litzki Systems LLC: Privacy Policy
  • VERDICT: B2B-Only: Minimal Data Collection, No Personal Data Beyond Technical Necessity
  • RISK_VECTOR: Third-Party Services: Cloudflare Insights (analytics), Calendly (scheduling), Stripe (payments)
  • RESOLUTION: Controller: Litzki Systems LLC, St. Petersburg, FL 33702, USA. Contact via litzki-systems.com/contact
  • CORE_THESIS: Litzki Systems LLC operates exclusively as a B2B service. Site use is generally possible without actively providing personal data. Analytics via Google Analytics 4 (consent-gated, anonymized, _ga cookies). Bot protection via Cloudflare CDN and Cloudflare Turnstile (contact form). Scheduling via Calendly embedded widget (consent-gated). Payments via Stripe. The QuickScan runs client-side and transmits no data. The Full Audit scans publicly accessible infrastructure signals only. SSL/TLS encryption throughout. SOVP Validator Portal: email magic-link login (subscription and one-time-scan customers), session cookie sovp_session (httpOnly, secure, SameSite=Strict, 24h). Last updated July 5, 2026.

01 // OVERVIEW

Litzki Systems LLC is committed to the integrity of your data. This site operates exclusively as a B2B service. Use of our infrastructure is generally possible without actively providing personal data beyond what is technically necessary for a secure connection.

The controller responsible for data processing on this site is: Litzki Systems LLC, 7901 4th St N, #32272, St. Petersburg, FL 33702, USA. Contact via litzki-systems.com/contact.

02 // AUTOMATIC DATA COLLECTION

When you access this site, our server infrastructure automatically records technical connection data, including browser type, operating system, referring URL, time of access, and IP address. This data is processed by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) strictly for security integrity and DDoS mitigation under applicable compliance standards. It is not used for advertising or personal profiling.

03 // ANALYTICS & TRACKING: GOOGLE ANALYTICS 4

This site uses Google Analytics 4 (GA4) via Google Tag (gtag.js), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics collects anonymized usage data including page views, session duration, traffic sources, and device type for the purpose of structural performance measurement and traffic analysis.

GA4 is loaded only after you have given explicit consent via the cookie banner. IP anonymization is active. No retargeting, remarketing, or advertising audience creation takes place. Cookies set: _ga, _ga_* (duration: 2 years). Legal basis: Art. 6(1)(a) GDPR.

You can withdraw consent or change your preferences at any time via Cookie Settings. Additionally, you may install the Google Analytics Opt-out Browser Add-on as a fallback.

Google Search Console (GSC) is used for structural search performance measurement. GSC does not process individual user data visible to the site operator.

03a // BOT PROTECTION: CLOUDFLARE TURNSTILE

The contact form on this site is protected by Cloudflare Turnstile, provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Turnstile verifies that form submissions originate from real users without displaying a visible CAPTCHA challenge. It processes browser and network signals to make this determination and may set a session cookie.

This processing is technically necessary to protect the contact form from automated abuse. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the service from spam and bot submissions). No consent is required.

04 // CONTACT FORM

The contact form on this site is powered by Resend (Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA). When you submit a contact form, the data you provide (including name, email address, company, and message content) is transmitted to and stored by Resend for the purpose of delivering your message to Litzki Systems LLC and managing the subsequent email correspondence.

Data submitted via the contact form is used exclusively to respond to your inquiry. It is not shared with third parties beyond the technical transmission via Resend. You may request deletion of your contact data at any time via litzki-systems.com/contact.

05 // SCHEDULING: CALENDLY

For scheduling consultations and strategy calls, this site uses an embedded Calendly widget (Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA). The widget is loaded only after you have given explicit consent via the cookie banner. Without consent, the widget is replaced with a notice; appointments can still be booked via direct link.

When the widget is active, Calendly may set session and preference cookies in your browser. When you book an appointment, Calendly collects your name, email address, and any additional information you provide. Calendly processes this data to manage the appointment and send confirmation and reminder emails. Calendly's own privacy policy applies. Legal basis: Art. 6(1)(a) GDPR (consent for the widget) and Art. 6(1)(b) GDPR (contract performance for the appointment itself).

You can withdraw consent for the Calendly widget at any time via Cookie Settings.

06 // QUICKSCAN: BROWSER-ONLY PROCESSING

The SOVP QuickScan at validator.litzki-systems.com runs entirely within your browser. No scan data, domain names, or results are transmitted to or stored on any server. No login is required. The result is visible only to you.

06a // QUICK SCAN EMAIL SUBMISSIONS

When you submit your email address via the SOVP Quick Scan analysis request form, the following applies:

  • Purpose: Delivery of a manual scan analysis with three actionable fixes.
  • Legal basis: Art. 6 (1) lit. b GDPR: processing necessary for the performance of a pre-contractual measure requested by the data subject.
  • Retention: Your email address is deleted within 7 days after the analysis has been delivered.
  • Third parties: Your email is not shared with any third party and not used for any other purpose.
  • No newsletter: Submitting your email does not constitute consent to any newsletter or marketing communication.

07 // FULL AUDIT: SOVEREIGN VAULT

Full Audit scans are processed on a dedicated Hetzner server infrastructure located in Nuremberg, Germany (GDPR-compliant jurisdiction). Results are stored in the Sovereign Vault for a maximum of 14 days following delivery, then permanently and irreversibly deleted. No third-party access to audit data is granted. No data is retained beyond the delivery window.

Payment processing is handled by Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA). Billing address and, where applicable, VAT identification number are collected at checkout by Stripe. Litzki Systems LLC does not store payment card data. Stripe's privacy policy applies to all payment transactions.

08 // AI API SERVICES USED IN FULL AUDIT

The SOVP Full Audit makes use of two external AI APIs during scan execution. In both cases, the target domain URL submitted by the client is transmitted to these services as part of the analysis process.

Google Gemini API: The Prime Entity Analysis step uses the Google Gemini API, provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to classify the entity type of the target domain based on DOM signals and infrastructure data. Data is processed under Google's API terms of service and data processing agreements. No data is stored beyond the scope of the individual API request.

Perplexity API: External entity verification and cross-referencing is performed via the Perplexity API, provided by Perplexity AI, Inc. (355 Mission Street, San Francisco, CA 94105, USA). The target domain URL and derived infrastructure signals are submitted to Perplexity to validate entity classification against external sources. Data is processed under Perplexity's API terms of service. No data is stored beyond the scope of the individual API request.

Both services are engaged solely for the technical execution of the audit. No personal data beyond the target domain URL and derived technical signals is transmitted. Clients who have concerns about third-party API processing may contact us prior to purchase.

09 // AUTOMATED INFRASTRUCTURE SCANNING: SOVPBOT

SOVPBot is the automated scanner of Litzki Systems LLC. It processes exclusively publicly accessible technical infrastructure parameters of websites: HTTP headers, DNS records, SSL configuration, structured data, link status values, and LLM-readiness signals. No page content, user data, or personal information is collected or stored.

Legal basis for the processing of technical metadata: legitimate interest in assessing the quality of public web infrastructure (GDPR Art. 6(1)(f) equivalent under applicable law). Website operators can exclude SOVPBot at any time via robots.txt:

User-agent: SOVPBot
Disallow: /

Contact: legal@litzki-systems.com. For further details see litzki-systems.com/bot.

09a // SOVP VALIDATOR PORTAL (MAGIC-LINK LOGIN)

Both subscription customers (Starter, Professional, Agency, Enterprise) and customers with a certified one-time scan (Tier 1/2/3, Founding Client, Certificate Renewal, Retainer) receive access to the SOVP Validator Portal. Logging in requires only your email address; the system sends a time-limited login link (magic link).

Token storage: The login link (email address, token, used status, creation and expiry timestamp) is stored server-side. Used or expired tokens are removed automatically (cleanup on system start and every six hours thereafter).

Session cookie: After successful login, a session cookie (sovp_session) is set — httpOnly, secure, SameSite=Strict, valid 24 hours, scoped to the Portal API path only. The cookie serves exclusively session authentication and no tracking or third-party function. Legal basis: GDPR Art. 6(1)(b) (contract performance).

IP addresses on Portal requests: The requesting IP address is not stored in the database — it is held only temporarily in memory to limit request frequency (rate limiting) and is lost on server restart. Requests to the Portal interface are additionally recorded in the server access log in anonymized form (IP address truncated) and deleted after 14 days.

Security audit log: Failed login attempts, invalid sessions, and invalid magic-link verifications are additionally recorded in a dedicated audit table — using a hashed subject reference (no plaintext email) and an anonymized IP address. Purpose: detecting abuse attempts. Retention: 30 days, then automatic deletion. Legal basis: GDPR Art. 6(1)(f) (legitimate interest in abuse detection).

Scope for one-time scans: Portal access from a certified one-time scan is limited to viewing the existing certificate and domain (no quota for additional scans). Running additional scans or adding domains requires a paid subscription plan or renewal.

Legal basis: GDPR Art. 6(1)(b) (contract performance).

10 // YOUR RIGHTS

Under applicable data protection law, you have the right to obtain information about any personal data we hold about you, its origin, recipients, and the purpose of processing. You also have the right to request correction, restriction of processing, or deletion of your data.

To exercise these rights, contact us via litzki-systems.com/contact. Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.

11 // SECURITY

All data transmitted to and from this site is encrypted via TLS. Our infrastructure operates behind Cloudflare's global network. Security headers, HSTS, and strict transport enforcement are active across all nodes.

12 // OBJECTION TO ADVERTISING EMAILS

The use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising or information materials is hereby expressly prohibited. We reserve the right to take legal action in the event of unsolicited transmission of spam communications.

13 // CHANGES TO THIS POLICY

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or our service infrastructure. The current version is always published at litzki-systems.com/privacy. Continued use of our services after any update constitutes acceptance of the revised policy.