Last updated: May 2026
The controller responsible for the data processing on this website under the GDPR is: Sven Rosema An der Wallhecke 5 26899 Rhede (Ems) Germany Contact details are listed at the bottom of this page.
This privacy policy applies to https://tff-order-stats.de. tff-order-stats.de is a private, non-commercial community project around Tesla orders. It is operated without intent to generate profit. Personal data is collected only to the extent technically necessary.
When the website is accessed, the hosting provider (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) collects technical data in so-called server logs: IP address, time of the request, requested URL, HTTP status, transferred byte size, referrer and user-agent. These data are technically required for the secure operation of the website. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating and securing the site). Retention period: a maximum of 14 days, after which logs are automatically deleted.
The website uses one strictly necessary cookie only: • admin_token — set exclusively after a successful admin login and used for authentication. HttpOnly, Secure, SameSite=Strict. Lifetime: 7 days. No cookies are set for regular visitors without admin access. Consent under § 25(2) TTDSG is not required, as the cookie is strictly necessary for the service the user expressly requested (admin login). Legal basis: Art. 6(1)(b) GDPR.
The website stores the following technical preferences exclusively in your browser's local storage (never transmitted to the server): • selected language • selected filters, sorting and visible table columns • visibility of filter/statistics sections • filters in the updates feed • selected theme (light/dark) These data never leave your browser and are used solely to improve usability. You can clear them at any time via your browser settings.
Reach measurement uses the self-hosted open-source software Umami, running on the same server as the website. No cookies are set and no personal data is transferred to any third party. Umami collects only anonymised information: pages visited, referrer source (e.g. search engine), coarse geolocation (country), browser/device type and screen resolution. IP addresses are hashed before storage and not retained in identifiable form. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in statistical evaluation to improve the website).
When you submit an order through the form, the data you provide (a self-chosen display name, vehicle configuration, order date, delivery window, country, etc.) is stored in the database and shown publicly. No email address or real name is required. If you set a password for your entry, it is stored exclusively as a bcrypt hash and never in plaintext. You can edit or delete your entry at any time via the edit button or by contacting the address below. If you use the third-party app TOST (https://www.tesla-order-status-tracker.de), data entered there is forwarded to this website through their API. The TOST app's own privacy policy applies to data processed within TOST. Legal basis for storage on this website: Art. 6(1)(a) GDPR (consent through active submission).
Loading the site fetches the following external resources, which transmits your IP address to the respective providers: • Twemoji icons via cdn.jsdelivr.net (Fastly/Cloudflare) — display of country flags. • Google Fonts — fonts are bundled at build time and served from the same domain, so no direct calls to Google occur during normal use. Vehicle preview images are generated server-side via the official Tesla compositor endpoint and served exclusively from the website's own domain. No direct request to tesla.com is made from your browser. Legal basis for external resources: Art. 6(1)(f) GDPR (legitimate interest in up-to-date presentation and CDN-based performance).
The footer and menu contain optional links to Buy Me a Coffee and PayPal. They are loaded only when actively clicked; nothing is transmitted to these providers beforehand.
Under the GDPR you have the right to: • access (Art. 15) • rectification (Art. 16) • erasure (Art. 17) • restriction of processing (Art. 18) • data portability (Art. 20) • object to processing based on legitimate interests (Art. 21) • withdraw consent at any time with future effect (Art. 7(3)) An informal message to the contact address below is sufficient to exercise these rights.
Without prejudice to other remedies, you may lodge a complaint with a data protection supervisory authority, in particular the one responsible for your place of residence or the alleged infringement. The authority responsible for the controller is the Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover.
This privacy notice may be adjusted when data processing changes or legal requirements demand it. The current version is always available on this page.
Please direct enquiries about your rights and data protection to: