Privacy Policy

Effective and last updated: June 17, 2026

This Privacy Policy explains how Kardix, operated by Savvas Katsikas in Rommerskirchen, Germany, handles information when you use maotaw.com. Kardix is designed to minimize credential data: the generator runs in your browser and does not send your passphrase, optional PIN, account label, or generated credentials to a Kardix password vault.

1. Controller and contact

The responsible operator is Savvas Katsikas, Rommerskirchen, North Rhine-Westphalia, Germany. Privacy questions can be sent to maotaw17@gmail.com or through the information on the Contact page.

2. Local credential generation

The generator processes the values you enter locally in the browser. Kardix does not require an account and does not intentionally transmit or store your root passphrase, optional PIN, account label, generated password, generated username, secure PIN, or email alias on a Kardix server. Browser extensions, malware, the operating system, clipboard tools, or other software on your device may still observe what you type or copy; those systems are outside Kardix’s control.

3. Hosting and technical logs

The website is delivered through hosting and content-delivery infrastructure. As with most websites, the hosting provider may process technical request data such as IP address, date and time, requested path, response status, referrer, browser user agent, and security signals. This processing supports delivery, abuse prevention, troubleshooting, and security. Logs are not used by Kardix to reconstruct generator inputs.

4. Google AdSense and third-party advertising

Kardix uses, or intends to use, Google AdSense, a third-party advertising service provided by Google. Third-party vendors, including Google, may use cookies or similar technologies to serve, measure, limit, and report advertising. Google’s use of advertising cookies may allow Google and its partners to show ads based on a visitor’s prior visits to this site or other sites when personalized advertising is permitted.

Non-personalized ads are selected using contextual information rather than a profile, but they may still use cookies or similar storage for purposes such as frequency capping, aggregated reporting, fraud prevention, and security. Advertising technology is non-essential and should remain blocked until the visitor makes a consent choice where consent is legally required.

5. Consent and GDPR

For visitors in the European Economic Area, the United Kingdom, and Switzerland, advertising and related personal-data processing are subject to consent requirements under the GDPR, the ePrivacy rules, Google’s EU User Consent Policy, and related national law. The website’s local consent layer defaults to not loading the AdSense script until the visitor accepts personalized or non-personalized advertising.

Google also requires AdSense publishers serving ads in these regions to use a Google-certified consent management platform integrated with the IAB Transparency and Consent Framework. The live website should therefore have Google Privacy & messaging, or another certified CMP, activated in the AdSense account. The local banner in this code package is a technical blocking layer and is not represented as a substitute for Google certification.

6. Legal bases

• Consent: non-essential advertising cookies, personalized advertising, and related measurement where consent is required.
• Legitimate interests: website security, preventing abuse, diagnosing errors, and maintaining reliable delivery, balanced against visitor rights.
• Contract or pre-contract steps: when responding to a request that concerns a service or proposed arrangement.
• Legal obligation: where records or disclosures must be retained under applicable law.

7. Your advertising choices

You can reject non-essential cookies in the consent panel or choose non-personalized advertising. Use the button below at any time to review the choice stored in this browser.

You may also use Google’s advertising settings and industry opt-out tools. An opt-out may not remove all ads; it generally limits personalization. Clearing browser storage can remove the saved Kardix consent choice, causing the panel to appear again.

8. Cookies and local storage

Essential local storage may be used to remember the visitor’s consent selection. The generator itself is intended to work without storing private credential inputs. Google and its advertising partners may set or read cookies only after the relevant advertising choice and subject to the certified CMP configuration on the deployed site.

9. Contact messages

If you email Kardix, the message, address, timestamp, and information you voluntarily include are processed to respond, maintain necessary correspondence, protect against abuse, and meet legal obligations. Do not send passwords, passphrases, PINs, recovery codes, private keys, or credentials for active accounts.

10. Data recipients and international transfers

Technical data may be processed by infrastructure providers that host or protect the site. Advertising data may be processed by Google and approved advertising partners after consent. Some providers may process data outside Germany or the European Economic Area using recognized transfer mechanisms and safeguards described in their own policies.

11. Retention

Kardix does not retain generator inputs in a hosted vault. Technical logs are retained according to hosting and security needs. Contact correspondence is kept only as long as reasonably necessary to answer the request, document important decisions, resolve disputes, or meet legal requirements. Consent preferences remain in the browser until changed or cleared.

12. Your rights

Depending on the GDPR and applicable law, you may have rights of access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. Withdrawal does not make earlier consent-based processing unlawful. You may also lodge a complaint with a competent data-protection supervisory authority.

13. Children

Kardix is not directed to children and does not knowingly request personal information from them. Advertising settings should follow Google’s requirements concerning age and personalized advertising.

14. PayPal support payments

The optional Support page links to PayPal’s normal Send Money page and shows the recipient email address. Kardix does not load PayPal’s donation SDK. PayPal receives connection and payment information only after you choose to open PayPal, and processes it under PayPal’s own privacy terms. Kardix does not receive your PayPal password, complete card details, or other payment credentials.

15. Changes to this policy

This policy may be updated when the website, advertising setup, legal requirements, or providers change. The visible date at the top indicates the current version. Material changes should be reviewed before relying on an earlier consent choice.