Controller

The controller responsible for processing your personal data on this website is:

What data we process

We process personal data only to the extent necessary to operate this website, respond to requests, and keep the service secure. We do not use automated decision-making or profiling.

• Website access (server logs): IP address, date/time, requested URL, referrer, user agent, and related technical data to deliver pages and protect against abuse.
• Contact requests: name, email address, organization, message content, and your confirmation of data processing when you submit the contact form or email us.
• Scheduling (Calendly): data you enter when you open and use the embedded booking calendar (e.g., name, email, meeting details).
• Cookie preferences: your consent choices stored in a cookie or local storage so we can respect your settings.

Legal bases (GDPR Art. 6)

• Art. 6(1)(f): legitimate interests in operating a secure, reliable website (e.g., server logs, fraud prevention).
• Art. 6(1)(b): steps prior to entering a contract and responding to your demo/request inquiries.
• Art. 6(1)(a): consent for non-essential cookies/technologies, if and when enabled.
• Art. 6(1)(c): storing your cookie consent preferences to meet legal obligations.

Recipients & processors

• Hosting/CDN: this website may be hosted and delivered via a hosting provider (e.g., Vercel); visit Vercel's privacy policy for details.
• Contact form delivery: the contact form submits via Resend (resend.com) to email recipients configured by us.
• Scheduling: Calendly (calendly.com) processes booking requests when you choose to open the booking calendar; Calendly acts as an independent controller. See Calendly's privacy policy for details.
• Social media embeds: LinkedIn Corporation may load embedded social media posts and set cookies when you view them; refer to LinkedIn's privacy policy for details.

International transfers

Some service providers (Vercel, Resend, Calendly) are located in the United States or other non-EEA countries and may process data outside the EEA/UK. We ensure transfers are safeguarded by recognized mechanisms such as EU Standard Contractual Clauses (SCCs) and execute Data Processing Agreements (DPAs) as required by law. Additional safeguards include technical and organizational security measures.

Retention

• Server logs: retained for up to 30–90 days for security, troubleshooting, and abuse prevention purposes, then automatically deleted.
• Contact requests: kept for up to 2 years if a business relationship is established or if required for legal compliance; otherwise deleted or anonymized within 30 days of final response.
• Scheduling data: retained according to the respective Calendly provider's retention settings and our operational needs (typically up to 1 year).
• Cookie preferences: stored for up to 1 year or until you delete them.

Your rights

Depending on the circumstances, you have the right to access, rectification, erasure, restriction, data portability, and to object to processing. Where processing is based on consent, you may withdraw consent at any time with effect for the future. To exercise your rights, contact us by email; we will respond within 30 days and may request proof of identity to protect your data.

• Right to lodge a complaint with the German supervisory authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Data Protection Authority), Friedrichstr. 219, 10969 Berlin, Germany, or with your local EU Member State supervisory authority.
• Right to object to processing based on legitimate interests (Art. 21 GDPR).

Cookies policy

We use a minimal set of cookies and similar storage technologies. Strictly necessary cookies (for functionality and security) are always enabled. Optional cookies (analytics, marketing) are only used if you explicitly enable them. Note: Third-party services like LinkedIn or Calendly may set their own cookies when you interact with their embedded content.

How to manage cookies

• Use “Cookie settings” on this page or in the footer to change or withdraw your choices.
• You can also delete cookies via your browser settings; this may reset your preferences.
• If you withdraw consent, optional cookies are disabled and will not be set going forward.

Contact & Data Protection Officer

For privacy-related requests, data subject rights inquiries, or general questions about our data processing, please contact us by email. We may ask for information to verify your identity before responding, and we respond within 30 days as required by GDPR Art. 12. Our Data Protection Officer (DPO) is also available to address any data protection concerns.

Changes to this policy

We may update this policy to reflect changes to the website or legal requirements. The “Last updated” date indicates the most recent revision.