Privacy Policy

1. Controller

The controller responsible for data processing on this platform is:

2. Collection and Storage of Personal Data

When using our platform, we collect the following personal data:

Registration data:

• • Name (first and last)
• • Email address
• • Company affiliation
• • Password (stored encrypted)

Usage data:

• • Login timestamps
• • Features used and interactions
• • Uploaded documents and created content
• • Chat histories and AI requests

Technical data:

• • IP address
• • Browser type and version
• • Operating system
• • Device type

3. Purpose of Data Processing

We process your data for the following purposes:

• • Provision and improvement of our services
• • User authentication and account security
• • Delivery of the agreed AI services
• • Technical support and customer service
• • Analysis and optimisation of platform usage
• • Fulfilment of legal obligations
• • Billing and contract performance
• • Product information and updates: We use your email address to inform you about new features, improvements and relevant changes to the Klaus AI Workspace. You may object to receiving these communications at any time.

4. Legal Bases

Processing of your data is based on the following legal grounds:

• • Art. 6(1)(a) GDPR: Consent
• • Art. 6(1)(b) GDPR: Performance of a contract
• • Art. 6(1)(c) GDPR: Legal obligation
• • Art. 6(1)(f) GDPR: Legitimate interests

5. Data Storage and Security

All data is processed and stored exclusively in EU data centres. We employ technical and organisational measures to protect your data:

• • Encryption of data transmission (TLS/SSL)
• • Encryption of data at rest
• • Regular security audits
• • Access control and permission management
• • Regular backups
• • Physical security measures in data centres

6. AI Processing and Sub-processors

When using our AI features, your requests and inputs are processed to deliver the desired results.

To provide our AI services, we use APIs from the following providers:

We exclusively use enterprise versions and business APIs from these providers, with contractual guarantees that your data will not be used to train AI models.

In Confidential Mode:

• • Processing takes place primarily in EU data centres (Hetzner DE)
• • Where US-based services are used, this occurs exclusively via encrypted interfaces and in compliance with the EU-U.S. Data Privacy Framework
• • Your requests are not used for AI model training
• • We prioritise EU-hosted models (Mistral, Azure EU, Google EU)

THIRD-COUNTRY TRANSFERS:
Where data is transferred to providers in the USA (OpenAI, Anthropic, Perplexity), this is done on the basis of the EU-U.S. Data Privacy Framework or through the use of EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection. Mistral AI processes data exclusively in the EU (France).

7. Data Sharing

We share your personal data only when:

• • You have given explicit consent
• • It is necessary for the performance of a contract
• • A legal obligation exists
• • A legitimate interest exists and no overriding interest of yours is present

Service providers processing data on our behalf are contractually obliged to comply with the GDPR.

Current list of sub-processors:

• • Microsoft Azure (cloud infrastructure, EU data centres)
• • OpenAI via Azure (AI models, EU preferred)
• • Anthropic (AI models, USA with DPF certification)
• • Google Cloud (AI models, EU Ireland)
• • Mistral AI (AI models, France)
• • Perplexity AI (web search, USA with SCCs)
• • Hetzner Online GmbH (server infrastructure, Germany)

All sub-processors have concluded Data Processing Agreements (DPAs) pursuant to Art. 28 GDPR.

8. Retention Period

We store your data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

• • Account data: Until account deletion
• • Chat histories: According to your settings, maximum 12 months
• • Billing data: 10 years (statutory retention period)
• • Log data: 90 days

After the retention period expires, data is deleted or anonymised.

9. Your Rights

You have the following rights regarding your personal data:

• • Right of access (Art. 15 GDPR): Find out what data we store about you
• • Right to rectification (Art. 16 GDPR): Have inaccurate data corrected
• • Right to erasure (Art. 17 GDPR): Request deletion of your data
• • Right to restriction (Art. 18 GDPR): Restrict processing of your data
• • Right to data portability (Art. 20 GDPR): Receive your data in machine-readable format
• • Right to object (Art. 21 GDPR): Object to processing
• • Right to withdraw consent: Withdraw any given consent at any time

To exercise your rights, contact us at tristan@Klaus.legal.

10. Cookies and Tracking

Our platform uses the following types of cookies:

Necessary cookies:

• • Session cookies for authentication
• • Security cookies

Optional cookies (with consent):

• • Analytics cookies for platform improvement
• • Preference cookies for user settings

You can manage cookies in your browser settings.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data infringes the GDPR.

The supervisory authority responsible for us is:

12. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as needed to reflect changes in the law or our services. The current version is always available on this page. We will notify you of material changes by email.