Privacy Policy

Last updated: [Date]

Table of Contents

• Privacy Policy
  • Table of Contents
  • 1. Introduction
  • 2. Scope of Application; Updates
  • 3. Categories of Personal Data
  • 4. How We Use Your Personal Data
    • Use of Our Website
    • Use, Maintenance and Improvement of Our Services
    • Handling Contact and Support Requests
    • Payment Processing
    • Newsletter & Marketing
    • Social Media Channels
    • Security, Compliance & Legal Obligations
    • Specific Processing Scenarios
  • 5. Data Processing for Payment Processing
  • 6. Email and Contact Form
  • 7. Data Processing via Our Website
    • Server Log Files
    • Content Delivery Network (CDN)
    • Third-Party Tools for Marketing, Analysis and Optimization
  • 8. Where Is My Personal Data Stored?
  • 9. How Long Do We Keep Your Data?
  • 10. What Are My Rights Under Data Protection Laws?
  • 11. Questions, Comments and More Details

We are [Company Name] (registered with number [Registration Number]).

Our registered address is:

[Street Address]
[City, Postal Code]
[Country]

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at [privacy email].

1. Introduction

[Company Name], with its registered business address at [Address] ("Company", "us", "our", "we"), is committed to protecting your privacy. "User", "you", or "your" refers to any individual who accesses or uses our Website or Services, including any features, tools, or functionality made available through them.

2. Scope of Application; Updates

This Privacy Policy applies to all Users and is designed to explain why, how, and when we process personal data to offer and provide our Website and Services. It also describes the choices available to you regarding the processing of your personal data.

This Privacy Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service. This Privacy Policy does not apply where separate privacy terms are provided.

Our Website and Services may contain links to third-party websites and may integrate third-party functionalities (such as social media plug-ins, tools, or APIs) to enhance your experience. We do not control these third parties or how they process or use personal data, and their privacy practices may differ from ours. Any personal data you provide or that is processed through such third-party websites or functionalities is governed solely by the respective third party's privacy policy and terms.

We may update this Privacy Policy from time to time without prior notice to reflect legal changes or enhancements to our Website or Services. The latest version is always available on our Website. The "last updated" date indicates if and when changes have been made.

3. Categories of Personal Data

We may process the following categories of personal data that you provide to us directly, that are generated through your use of our Website or Services, or that we receive from third-party services or publicly available sources:

Contact Data — Information used to identify and contact you, such as name, email address, phone number, and country or place of residence.

Communication Data — Information contained in communications with us, such as emails, chat messages, support requests, feedback, or other content you voluntarily provide when contacting us or using our Website or Services.

Account and Usage Data — Information relating to your account, workspace, subscription, and use of the Services, such as pseudonymized user and workspace identifiers, account settings, authentication events, workflow usage metrics, enabled integrations, and billing information.

Marketing Data — Information relating to marketing communications and interactions, such as contact preferences, newsletter subscriptions, email engagement, and registrations for events, webinars, or product updates.

Traffic and Device Data — Technical information generated when you access or use the Website or Services, such as IP address, device and browser type, operating system, language settings, access times, cookie identifiers, and usage or interaction data.

Our Website and Services are not intended for children under 16 years of age. We do not knowingly process personal data from children under 16. If we become aware that such data has been processed, we will delete it. Parents or guardians who believe their child has provided personal data to us may contact us at any time.

4. How We Use Your Personal Data

Below is an overview of our data processing activities, purposes, and legal bases.

Use of Our Website

• Data processed: Contact Data, Communication Data, Traffic and Device Data
• Purposes: Ensuring the technical availability, stability, and security of our Website; preventing misuse or attacks; logging access data for troubleshooting; conducting surveys and gathering feedback; analyzing usage of our Website
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Contract Performance (Art. 6(1)(b) GDPR), Consent (Art. 6(1)(a) GDPR; §25(1) TDDDG, insofar as cookies are used)

Use, Maintenance and Improvement of Our Services

• Data processed: Account and Usage Data
• Purposes: Creating, maintaining, and managing user accounts; fulfilling contractual obligations; optimizing functionality and stability; correcting errors; analyzing usage and improving services and user experience
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Contract Performance (Art. 6(1)(b) GDPR)

Handling Contact and Support Requests

• Data processed: Contact Data, Communication Data, Account and Usage Data, Traffic and Device Data
• Purposes: Responding to enquiries and support requests; operating internal business processes; communicating with users about accounts or requests; resolving disputes and managing customer relationships; maintaining communication records
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR; §25(1) TDDDG, insofar as cookies are used)

Payment Processing

• Data processed: Contact Data, credit card or other payment details
• Purposes: Payment processing, fraud prevention, invoicing and tax compliance
• Legal basis: Contract Performance (Art. 6(1)(b) GDPR)

Newsletter & Marketing

• Data processed: Contact Data, Communication Data, Marketing Data, Traffic and Device Data
• Purposes: Sending relevant updates and promotions; sending newsletters; event, webinar, or seminar registrations and attendance
• Legal basis: Consent (Art. 6(1)(a) GDPR; §25(1) TDDDG, insofar as cookies are used), Legitimate interests (Art. 6(1)(f) GDPR)

Social Media Channels

• Data processed: Contact Data, Communication Data, Marketing Data, Traffic and Device Data
• Purposes: Operating and maintaining social media profiles; communicating with users and responding to inquiries via social media; increasing brand awareness and engagement; analyzing interactions and reach
• Legal basis: Consent (Art. 6(1)(a) GDPR; §25(1) TDDDG, insofar as cookies are used), Legitimate interests (Art. 6(1)(f) GDPR)

Security, Compliance & Legal Obligations

• Data processed: Contact Data, Communication Data, Account and Usage Data, Traffic and Device Data
• Purposes: Ensuring IT and data security; fulfilling statutory retention requirements; preventing fraud; cooperating with authorities; protecting our rights and interests
• Legal basis: Compliance (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)

Specific Processing Scenarios

When you register for an account. We process your name and email to establish the contract that enables you to access our platform. Legal basis: Art. 6(1)(b) GDPR. We do not use any personal data, including data received through any third-party services, for developing, improving, or training AI and/or ML models. We do not transfer or disclose your information to third parties for purposes other than those provided herein.

When you use a self-hosted deployment. Unless you opt out per our documentation, we process certain Usage Data (including user identifiers, account settings, user events, workflow usage metrics, enabled integrations) to improve our product and your customer experience. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). You can object to this processing at any time by activating the opt-out.

When you sign up for a paid plan. We process your name, email address, company address, and related billing contacts. Payment details are processed by our Merchant of Record. We also process selected, anonymous information about how the service is used to improve your experience and protect against security attacks and abuse.

When you sign up for the community forum. We process your email address or social media handle to assign you a forum account. You can delete your forum account by emailing us at [privacy email].

When you attend events. We may process your name, address, email address, and phone number. We may also take pictures or videos. Legal basis: Legitimate interests. You can opt out of photos at any time by contacting us.

When you contact us. We process your name and contact details to properly respond to your query. Legal basis: Legitimate interests.

On social media. We process your handle, name, and email address to respond to your comments and queries. Legal basis: Legitimate interests.

When you receive our news updates. We process your name and email address to provide you with updates. Where you opted in, legal basis is consent; otherwise, legitimate interests. You can unsubscribe at any time via the link in our emails or by emailing us.

When you register as an expert or affiliate. We process your name, email address, and company details for program communications.

When you apply for a job. Personal data is processed as set forth in our separate Recruiting Privacy Policy.

If our business is sold. We process personal information under legitimate interests to ensure continuity of services.

5. Data Processing for Payment Processing

We use an external payment service provider for the processing of online payments and, where applicable, invoicing and tax handling for digital products. Legal basis: Art. 6(1)(b) GDPR.

Data processed includes name, email address, billing address, payment information (e.g., credit card details), IP address, transaction data, and company-related information where applicable. Processing is carried out for payment processing, fraud prevention, invoicing, and tax compliance (e.g., VAT determination).

The payment service provider may act as an independent controller within the meaning of Art. 4 No. 7 GDPR, in particular where it processes payment data in its own name as a "merchant of record." It may also process personal data to comply with legal obligations and for fraud prevention. Personal data will only be disclosed to third parties if necessary for contract processing, required by law, or within the framework of commissioned data processing.

The storage period is determined by statutory retention obligations and contractual requirements.

6. Email and Contact Form

Our website provides contact information including our email address and a contact form. If you contact us by email or via the contact form, the personal data you provide will be stored automatically. Additional personal data processed during the contact process serves to prevent misuse and ensure IT security.

Legal basis: Art. 6(1)(b) GDPR. We use the personal data exclusively for processing your specific inquiry and treat it confidentially.

Data will be deleted as soon as it is no longer necessary for the purpose for which it was processed — typically when the respective conversation has ended and the matter has been conclusively clarified.

7. Data Processing via Our Website

Server Log Files

Every time you visit our website, access data is stored in server log files. Legal basis: Art. 6(1)(f) GDPR. This includes the date and time of the visit, the amount of data transferred, the requested file name, browser and version, operating system, IP address, and the referrer URL.

Temporary storage of the IP address is necessary to deliver the website to your device.

Content Delivery Network (CDN)

Our website uses a CDN and security service provider. Incoming requests are routed via the provider's globally distributed edge servers. Access data — including IP address, request headers, and browser data — may be processed by the provider before being forwarded to our web server. This serves load balancing, DDoS protection, bot detection, and safeguarding of IT system integrity.

Where the CDN provider processes personal data in its own responsibility, it acts as an independent controller (Art. 4 No. 7 GDPR). Where processing is on our behalf, it is based on a data processing agreement (Art. 28 GDPR).

Third-Party Tools for Marketing, Analysis and Optimization

When you visit our websites, we may process data for marketing, statistics, optimization, and IT security purposes, in some cases with support from service providers (third-party tools). We ask for your consent for this processing. Legal basis: §25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.

Data processed includes IP address, browser type and version, time zone, browser plugins, geolocation, operating system, click behavior, return visits, transaction data, and use of third-party services. You can revoke your consent at any time by adjusting cookie settings.

8. Where Is My Personal Data Stored?

We store your data in the EU.

Whenever we transfer your personal information outside of the EU, we ensure it receives additional protection as required by law. Contact us at [privacy email] for more details.

9. How Long Do We Keep Your Data?

We store personal information for no longer than necessary for the purposes for which it was processed, including for legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests.

To determine appropriate retention periods, we consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure; the purposes of processing; and applicable legal requirements.

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, and we may use this anonymized information indefinitely.

10. What Are My Rights Under Data Protection Laws?

Under applicable data protection laws, you have the right to:

Access your personal data (also known as a "subject access request"); correct incomplete or inaccurate data; erase personal data we hold about you; restrict our handling of your personal data; portability — ask us to transfer your data to a third party; object to how we use your personal data; and withdraw consent to our handling of your personal data.

You also have the right to lodge a complaint with your relevant supervisory authority.

We do not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. Questions, Comments and More Details

Your feedback and suggestions on this notice are welcome.

If you feel we have overlooked an important perspective or used language we could improve, please let us know by email at [privacy email].