Privacy Policy
Last updated: May 1, 2024
Table of Contents
This Privacy Notice explains how Arelis AI processes your personal data when you visit our website or use our platform.
1. Controller and Contact Details
- Controller: Arelis AI UG
Im Zollhafen 18, 3rd Floor, 50678 Cologne, Germany
Email: privacy@arelis.digital
Phone: +49 178 4082174
2. Categories of Data, Purposes, and Legal Bases
| Processing Activity | Personal Data | Purpose | Legal Basis |
|---|---|---|---|
| Website access & server logs | IP address, date/time, URL, referrer, user‑agent | Ensure technical delivery, security (Art. 32 GDPR) | Art. 6 (1) f GDPR (legitimate interest) |
| Cookie preferences | Opt‑in status, chosen categories | Store consent decisions | Art. 6 (1) c GDPR (legal obligation) & Art. 6 (1) a (consent) |
| Web analytics (Matomo, self‑hosted, cookieless IP anonymised) | Anonymised IP hash, events | Improve website & marketing | Art. 6 (1) f GDPR |
| Contact forms / email | Name, email, content | Respond to enquiries | Art. 6 (1) b GDPR |
| Newsletter | Email, engagement metrics | Send updates | Art. 6 (1) a GDPR (consent) |
| Account registration | Email, name, company, password hash | Create and manage account | Art. 6 (1) b GDPR |
| Platform usage telemetry | User ID, API calls, model prompts/metadata (pseudonymised), performance metrics | Provide service, billing, security | Art. 6 (1) b & f GDPR |
| Payment processing (Stripe) | Billing address, payment token, transaction IDs | Process payments & prevent fraud | Art. 6 (1) b GDPR |
| Marketing (LinkedIn Insight Tag) † | Page views, hashed LinkedIn ID | Measure campaigns | Art. 6 (1) a GDPR |
† Marketing cookies load only after explicit consent via our banner.
3. Cookies and Similar Technologies
We use strictly‑necessary cookies to operate the Website (e.g., session, consent‑storage). Optional statistics or marketing cookies load only if you click "Accept all" on our banner. You can adjust preferences anytime via the "Cookie Settings" link in the footer.
4. Recipients and International Transfers
We share data with service providers under data‑processing agreements (Art. 28 GDPR), including:
- Google Cloud – hosting and cloud services;
- OpenAI – LLM inference (only if Customer selects this provider);
- Stripe Payments Europe, Ltd. (Ireland/USA) – payments;
- Anthropic – LLM Provider.
- Meta – LLM Provider;
Where recipients are located outside the EEA we rely on an adequacy decision (e.g., UK) or Standard Contractual Clauses (SCCs) combined with supplementary measures.
5. Retention Periods
| Data Category | Retention |
|---|---|
| Server logs | 30 days roll‑over |
| Account data | Life of account + 12 months |
| Financial records | 10 years (German Commercial & Tax law) |
| Newsletter list | Until you unsubscribe |
| Platform telemetry | 24 months (aggregated thereafter) |
6. Automated Decision‑Making
We do not carry out decisions producing legal or similarly significant effects based solely on automated processing within the meaning of Art. 22 GDPR.
7. Security Measures
We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR, including ISO 27001‑aligned policies, TLS 1.3 encryption in transit, AES‑256 at rest, role‑based access controls, and annual penetration tests.
8. Your Rights under the GDPR
You have the right to:
- Access (Art. 15),
- Rectification (Art. 16),
- Erasure (Art. 17),
- Restriction (Art. 18),
- Data portability (Art. 20),
- Object to processing based on legitimate interests or direct marketing (Art. 21),
- Withdraw consent at any time (Art. 7 (3)).
To exercise your rights, email privacy@arelis.digital. We will respond within one month.
9. Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement occurred. Our lead authority is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen (LDI NRW).
10. Obligation to Provide Data
Providing personal data is generally voluntary. However, certain data (e.g., account email, payment details) are necessary to conclude or perform a contract. Without such data the service may be unavailable.
11. Third‑Party Links
Our Website may contain links to external sites. We do not control those sites and are not responsible for their privacy practices.
12. Changes to This Notice
We may update this Notice to reflect legal, technical, or business developments. We will post the new version with a revised "Last updated" date and notify registered users by email if changes are material.
13. Contact
For any questions regarding data protection at Arelis AI, contact us or our DPO at privacy@arelis.digital.
© 2025 Arelis AI UG – All rights reserved.