Version: July 2026 · MOLOFY is a trademark of ZiaNeo Systems UG (in incorporation)
ZiaNeo Systems UG (haftungsbeschränkt) i. G.
Raiffeisenweg 1c, 67292 Kirchheimbolanden, Germany
E-mail: info@molofy.com
Managing Director authorised to represent: Tatiana Schöneberger
MOLOFY is a curated marketplace. We process personal data in two roles:
Hosting is provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All server locations are inside Germany. A data-processing agreement pursuant to Art. 28 GDPR is in place.
No transfer of data to third countries takes place without your explicit consent.
Purpose: initiation and performance of the contract between guest and provider. Legal basis: Art. 6(1)(b) GDPR.
Purpose: platform account and marketplace listing. Legal basis: Art. 6(1)(b) GDPR.
Reviews are only possible after a completed booking (magic link sent to the guest). Purpose: trust signal for other guests. Legal basis: Art. 6(1)(a) GDPR (consent by submission of the review).
Purpose: security, intrusion detection. Legal basis: Art. 6(1)(f) GDPR. Retention: 30 days. For rate-limit checks your full IP is additionally cached short-term for up to 5 minutes — see §6j.
MOLOFY exclusively uses strictly necessary cookies and localStorage:
No tracking, no cross-site tracking, no retargeting, no advertising cookies.
Map tiles are served exclusively from our own map server (molofy.com/tiles/). Your IP address is not transmitted to OpenStreetMap, CARTO or Esri. Our server fetches tiles from these origin providers once and caches them locally — only our server IP appears in those requests, never a user IP. Legal basis: Art. 6(1)(b) GDPR (performance of contract — delivery of the booking platform).
Hotels and restaurants nearby are fetched via the OpenStreetMap Overpass API (overpass-api.de). Only the geo-coordinates of the harbour are transmitted (no personal data of the visitor). We cache the results for 7 days in our database to minimise the number of requests.
Region suggestion: on your first visit to the homepage we approximate your country from your public IP address to preselect a matching region (e.g. Sardinia, Caribbean). For this we query ip-api.com once. The result is not stored. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a region-appropriate user experience). You can override the suggestion in the dropdown at any time.
Direct contact details (phone, WhatsApp) of a provider are not shown on the experience detail page before booking. They are only revealed after the booking has been made and the deposit has been received (via a WhatsApp float button). Purpose: protection of the commission model and trust through a binding booking. Legal basis: Art. 6(1)(f) GDPR.
The online deposit is processed via Stripe — operated by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. During the booking process the guest is redirected to a secure Stripe checkout page and pays by credit or debit card to the Stripe account of a master-partner-skipper designated by MOLOFY who handles payment processing for the platform. MOLOFY itself does not receive customer money; the MOLOFY booking fee is settled between the master partner and MOLOFY (commission settlement).
Transmitted to Stripe: the amount payable, the booking number as reference and the data entered by the payer at checkout (card data, e-mail address). Card data is processed exclusively by Stripe; MOLOFY does not receive the guest's full payment data. Legal basis: Art. 6 (1) (b) GDPR. Stripe privacy policy: stripe.com/privacy.
As the operator of a digital platform, ZiaNeo Systems UG is legally obliged (EU Directive 2021/514 "DAC7", implemented in the German Platform Tax Transparency Act — PStTG) to report identification and remuneration data of providers active on MOLOFY once a year to the German Federal Central Tax Office. From there, the data is automatically forwarded to the tax authorities of the respective country of residence. Only providers are affected (not guests); reported data includes name/company, address, tax identification number, bank details and quarterly remuneration totals. Legal basis: Art. 6 (1) (c) GDPR (legal obligation). Providers receive an overview of the reported data.
Titles, subtitles, descriptions, meeting-point texts and other free-form fields that a provider enters in the owner console in their own language are automatically translated into the other four MOLOFY languages (German, Italian, Spanish, French) after saving and cached in the database. We use exclusively a locally hosted language model running on our servers in Germany (Ollama with the model gemma-2 9B), plus a locally hosted grammar checker (LanguageTool). No data is transmitted to any external provider. Responsibility for the content remains with the provider who wrote the source text; the translation is a technical tool and does not replace editorial review. On the experience detail page and in the marketplace, every automatically translated listing is labelled with the note „Automatically translated from <language>"; users can view the original at any time. Legal basis: Art. 6 (1) (b) GDPR (contract performance — provision of the multilingual platform).
Images that providers upload in the owner console are automatically checked for anonymisation and personality-rights criteria before publication (boat name, company logo, contact details, recognisable people, vehicle plates, place signs). Images are processed via Google Vertex AI (model gemini-2.5-flash), operated by Google Cloud EMEA Limited, in region europe-west3 (Frankfurt). Images are transmitted for the duration of the call only and not stored at Google. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in anonymisation and third-party rights). A data processing agreement (Google Cloud DPA) is in place. See cloud.google.com/terms/data-processing-addendum.
For every booking we provide a private chat between guest and provider, accessible in the guest's booking page and the provider console. We process: the free-form message text, the sender role (guest or provider), timestamp, read status. Messages are stored in our database in Germany and are automatically deleted together with the booking. MOLOFY as platform operator technically has access to chat contents — there is no end-to-end encryption — and uses that access only for support requests, abuse moderation and the automated translations shown in the chat (see §6d). Legal basis: Art. 6 (1) (b) GDPR (communication between contracting parties is a core part of our brokerage service).
When you tap "Enable notifications" / "🔔" inside your booking page or the provider console, and your browser then asks you whether the site may send you notifications, your browser sets up a push subscription with the push service of your browser vendor: Google Firebase Cloud Messaging (Chrome/Edge/Opera, servers in the USA), Apple Push Notification Service (Safari, servers in the USA), or Mozilla Autopush (Firefox, servers in the USA and Germany). We store the endpoint URL returned by that service together with the two encryption keys p256dh and auth, plus your browser user agent and UI language. When a new chat message arrives for your booking, we encrypt title and preview text (translated into your language, see §6d) with those keys and send them to the push service, which delivers the notification to your device. Legal basis: Art. 6 (1) (a) GDPR (consent via the browser prompt) in combination with Art. 49 (1) (a) GDPR for the third-country transfer to the USA. Withdrawal: at any time via the notification settings of your browser (Chrome, Firefox, Safari) or — for the MOLOFY console — via the "🔔 active" toggle in the chat panel. Retention: until withdrawal, or until the push service reports the endpoint URL as invalid (then automatic deletion).
On molofy.com/kontakt you can send us a general enquiry without having booked yourself. We process the fields you fill in — name, e-mail, subject, optional booking number, and message — and additionally log your IP address and user-agent for up to five minutes for abuse mitigation (mass-spam attacks). Your enquiry is forwarded to our central address info@molofy.com; you additionally receive an automated confirmation to the address you supplied. Legal basis: Art. 6 (1) (b) GDPR (initiation/performance of a contractual relationship) and (f) GDPR (legitimate interest in abuse defence). Retention in the info@molofy.com mailbox: at most 12 months after the ticket is closed.
For providers who supply us with the URL of their own Google Business profile, we import the publicly visible reviews (stars, review text, language, date, first name of reviewers) once a week. The import runs automated via a Playwright browser we operate ourselves. Before a review is written to our database, we automatically remove possible last names and contact details (see the technical implementation in our review_masking module). We thereby process personal data of the original reviewers (first names, review text, possibly visible display names), even though they are publicly available in short form. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a meaningful trust signal for new providers who don't yet have MOLOFY reviews). Objection right: reviewers whose review appears on MOLOFY can at any time request deletion from our database via e-mail to info@molofy.com; we act on such requests without further enquiry.
To prevent automated attacks (e.g. brute-force on logins, booking spam, review manipulation), on certain actions (booking, login, contact form, review submission, chat message, push subscription, translation request) we store your full IP address for at most five minutes in our Valkey cache (data centre in Germany). After the time window expires, the entry is automatically deleted by the underlying sliding-window mechanism. This short cleartext storage is necessary because rate-limit checks would otherwise not work. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure operation of the platform).
All fonts (Playfair Display, Poppins) are served locally from the MOLOFY server. No connection to Google Fonts or external font providers.
Uploaded images are checked before publication by a locally hosted AI model (NudeNet) for youth-endangering content. Images do not leave our infrastructure — no transfer to third parties.
Transactional e-mails (login, confirmation, review invitation) are sent via an own mail server located in a German data centre. No external delivery services such as SendGrid or Mailchimp.
To exercise these rights, please e-mail info@molofy.com.
Reviews, rankings and suggestions are sorted algorithmically but do not involve automated decisions with legal effect within the meaning of Art. 22 GDPR.
This policy will be adapted whenever processing changes materially. The current version is always available at molofy.com/datenschutz/en/.