Start your audit

LEGAL

Privacy Policy

Last updated: 03-06-2026

1. Controller

The controller responsible for data processing on this website is:

Helkyn Coello Costa
Neunkirchner Str. 5
81379 Munich, Germany
Email: [email protected]

2. Overview

We process personal data only where necessary and in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law. This policy explains what data we collect, why, on what legal basis, and what rights you have.

3. Hosting and infrastructure

This website is hosted on Cloudflare. When you access the site, Cloudflare automatically processes technical data required to deliver it, including your IP address. Cloudflare acts as our processor under a data processing agreement (Art. 28 GDPR). Because Cloudflare may process data in the USA, such transfers are safeguarded via the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, reliable hosting).

4. Server log files

When you visit the site, technical information your browser transmits is automatically processed, such as browser type and version, operating system, referrer URL, hostname/IP address, and the time of the request. This data is used only to ensure the operation, security, and stability of the site and is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR. Retention: log data is deleted after 30 days.

5. Cookies

This website uses technically necessary cookies for core site functionality. We also use Google Analytics cookies only after you have given explicit consent. Legal basis: Art. 6(1)(f) GDPR for necessary cookies, and Art. 6(1)(a) GDPR for analytics cookies with consent. Section 9 explains how analytics cookies are handled.

6. Contact (form and email)

If you contact us via the contact form or by email, we process the data you provide (e.g. name, email address, and the content of your message) in order to handle your inquiry. This data is stored in our database (Cloudflare D1) and transmitted by email. Legal basis: Art. 6(1)(b) GDPR where your inquiry relates to our services or pre-contractual steps, otherwise Art. 6(1)(f) GDPR (legitimate interest in responding). Retention: until your inquiry is resolved and any applicable statutory retention periods have expired, after which the data is deleted.

7. AI Workflow Audit

If you use our AI Workflow Audit, we process the information you submit (e.g. your responses and, where provided, your email address) in order to generate and deliver your assessment and report. To generate the report, your submitted content may be processed by our AI provider, Anthropic PBC (USA), via an AI gateway, acting as our processor. Anthropic processes this data in the USA; such transfers are safeguarded via Standard Contractual Clauses and/or the EU-US Data Privacy Framework, and the data is not used to train AI models. The report is delivered to you by email. Legal basis: Art. 6(1)(b) GDPR (performance of a service you requested) and, where you provide your email for delivery, Art. 6(1)(a) GDPR (consent). Retention: 30 days.

8. Email delivery

We use Cloudflare Email ([email protected]) to deliver reports and responses. The provider processes the recipient address and message content as our processor.

9. Web analytics

We use Google Analytics for website performance and usage reporting. Google Analytics collects data via cookies only after you have given explicit consent through our cookie banner. The data collected is aggregated and used to improve the site. Legal basis: Art. 6(1)(a) GDPR (consent). If you withdraw consent, Google Analytics cookies are disabled and no analytics data is collected.

10. Your rights

Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing (Art. 21). Where processing is based on consent, you may withdraw that consent at any time with effect for the future. To exercise any of these rights, contact us at [email protected].

11. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Promenade 18, 91522 Ansbach, Germany.

12. SSL/TLS encryption

This site uses SSL/TLS encryption to protect the transmission of data between your browser and the server.

13. Changes to this policy

We may update this policy to reflect changes in our processing activities or legal requirements. The version published here is the one that applies.