Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy listed below.
2. Controller
The controller responsible for data processing on this website is:
tech reform GmbH
Niederurseler Allee 8-10
65760 Eschborn
Phone: +49 6196 9215922
Email: [email protected]
3. Data Collection on This Website
Cookies
Our website uses cookies. Cookies are small text files that are stored on your device when you visit our website. Some cookies are technically necessary for the operation of our website (essential cookies), e.g. for session management and security. Functional cookies (e.g. theme preferences) are only set with your consent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) for essential cookies, Art. 6(1)(a) GDPR (consent) for functional cookies.
Server Log Files
The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us. These are: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical provision and security). Retention period: Server log files are automatically deleted after 30 days.
Account Registration
You can register for a user account on our website. The data entered during registration is used for the purpose of using our platform. You may be informed by email about changes relevant to the scope of the offering or technical modifications. The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. An informal message by email to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.
4. Your Rights
You have the right to receive information about your stored personal data, its origin, recipients, and the purpose of the data processing free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances.
You have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information (Hessischer Beauftragter für Datenschutz und Informationsfreiheit), Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
5. Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated through a website.
We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a CDN and security provider. Cloudflare may set cookies for security purposes and to distinguish human visitors from automated traffic. Data transfers to the USA are based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision). As origin host, Render Services, Inc. (525 Brannan St, San Francisco, CA 94107, USA) is used; data transfers are also based on SCCs.
6. Third-Party Services
Authentication Providers
We offer the option of signing in through third-party authentication providers. Currently supported providers include GitHub (GitHub, Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA; privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) and Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; privacy policy: https://policies.google.com/privacy). When you use this option, the provider transmits profile data (such as name and email address) to us, which we use to create or link your user account. Legal basis: Art. 6(1)(b) GDPR (performance of contract). Data transfers to the USA are based on Standard Contractual Clauses (SCCs).
AI Services
Our application offers an AI-assisted chat feature. Depending on the configuration, the data you enter (such as process descriptions) is transmitted to one of the following AI service providers: Anthropic, PBC (548 Market St, San Francisco, CA 94104, USA; provider of Claude), OpenAI, LLC (3180 18th St, San Francisco, CA 94110, USA), or Mistral AI (15 rue des Halles, 75001 Paris, France). The data is processed solely for providing the AI functionality and is not used to train AI models. Legal basis: Art. 6(1)(b) GDPR (performance of contract). Data transfers to the USA (Anthropic, OpenAI) are based on Standard Contractual Clauses (SCCs). We recommend not entering any personal data in the AI chat. Retention period: AI chat histories are deleted 90 days after the last interaction.
Payment Service Provider
For payment processing, we use Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA). When subscribing to a paid plan, payment data (credit card details, billing address) is processed directly by Stripe; we only store a reference ID and subscription status. Legal basis: Art. 6(1)(b) GDPR (performance of contract). Data transfers to the USA are based on Standard Contractual Clauses (SCCs). Stripe's privacy policy: https://stripe.com/privacy. Retention period: Billing data is retained for 10 years in accordance with commercial and tax law retention requirements (§ 257 HGB, § 147 AO).
7. Third-Country Transfers
Some of the service providers we use are based in the USA or other third countries outside the European Economic Area (EEA). Where data is transferred to third countries, we ensure that appropriate safeguards pursuant to Art. 46 GDPR are in place, in particular through the conclusion of Standard Contractual Clauses (SCCs) of the European Commission. This applies in particular to Cloudflare, Render, Stripe, GitHub, Google, Anthropic, and OpenAI.
8. Retention Periods
We store personal data only for as long as necessary for the respective processing purposes or as required by statutory retention obligations. Specifically: User accounts and profile data are stored until the user deletes their account. Server log files are deleted after 30 days. Billing and payment data is retained for 10 years (§ 257 HGB, § 147 AO). AI chat histories are deleted 90 days after the last interaction. Session data (cookies) expires after 7 days of inactivity.