Legal Document

Privacy Policy

This Privacy Policy explains how DataMind AI GmbH collects, uses, stores, shares, and protects your personal data when you visit our website or use our platform.

Last Updated: January 15, 2026

1. Introduction

DataMind AI GmbH ("DataMind AI," "we," "our," or "us") is the data controller responsible for your personal data. We are a company registered in Germany with our principal office located at Friedrichstraße 100, 10117 Berlin, Germany. Our company registration number is HRB 217894 B at the Amtsgericht Charlottenburg.

We are committed to protecting the privacy and security of your personal information. This Privacy Policy describes the types of personal data we collect through our website (datamindai.com), our AI-powered analytics platform, and related services. It also explains how we process, store, and share that data, as well as your rights regarding the information we hold about you.

This policy applies to all individuals who visit our website, create an account, use our platform, subscribe to our communications, contact our sales or support teams, or otherwise interact with our services. By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy.

If you have questions about this policy or wish to exercise your data protection rights, please contact our Data Protection Officer at [email protected] or write to us at the address above.

2. What Data We Collect

We collect several categories of personal data depending on how you interact with our website and services. Below is a detailed breakdown of the types of information we may gather:

2.1 Identity and Contact Data

  • Full name (first name and last name)
  • Email address
  • Phone number (when voluntarily provided)
  • Company name, job title, and department
  • Billing address and shipping address (for paid subscriptions)

2.2 Account and Authentication Data

  • Username and encrypted password
  • Single sign-on (SSO) identifiers when you authenticate through a third-party provider
  • Two-factor authentication preferences and backup codes (stored in hashed format)
  • Account creation date and account status

2.3 Technical and Device Data

  • IP address (anonymized for analytics purposes within the EU)
  • Browser type, version, and language settings
  • Operating system and device type (desktop, mobile, tablet)
  • Screen resolution and viewport dimensions
  • Referring URL and exit pages

2.4 Usage and Behavioral Data

  • Pages visited, features accessed, and time spent on each page
  • Click patterns, scroll depth, and navigation paths
  • Search queries entered within our platform
  • Feature adoption metrics and workflow configurations
  • Error logs and crash reports generated during platform use

2.5 Communication Data

  • Content of emails, chat messages, and support tickets you send to us
  • Records of your communication preferences (opt-in and opt-out history)
  • Feedback, survey responses, and testimonial submissions

3. How We Collect Data

We collect personal data through several mechanisms:

Direct interactions: When you fill out forms on our website (contact forms, demo request forms, newsletter subscription forms, account registration), submit support tickets, or communicate with our sales and customer success teams via email or phone, you directly provide us with personal data.

Automated technologies: As you navigate our website and use our platform, we automatically collect technical data through cookies, server logs, and similar technologies. We use Google Analytics (with IP anonymization enabled for visitors in the European Economic Area) to understand website traffic patterns and user engagement. We may also use the Meta Pixel for measuring the effectiveness of our advertising campaigns on Facebook and Instagram, but only when you have given explicit consent for marketing cookies.

Third-party sources: We may receive data about you from third-party services you use to authenticate into our platform (such as Google Workspace or Microsoft Azure Active Directory SSO providers). We may also receive business contact information from partner organizations or professional networking platforms when you have expressed interest in our services through those channels.

Platform telemetry: Our platform collects anonymized usage telemetry to improve product performance, identify bugs, and measure feature adoption. This telemetry does not include the content of your data or analytical results and is processed in aggregate form.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data only when we have a lawful basis to do so. The specific legal basis depends on the purpose of processing:

Consent (Article 6(1)(a))

We rely on your explicit consent for sending marketing emails, placing non-essential cookies (analytics and marketing cookies), and processing data collected via the Meta Pixel. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Contract Performance (Article 6(1)(b))

We process your account data, billing information, and usage data as necessary to provide you with our platform services, manage your subscription, deliver customer support, and fulfill our contractual obligations to you.

Legitimate Interest (Article 6(1)(f))

We rely on legitimate interest for website analytics (using anonymized data), fraud prevention, security monitoring, product improvement based on aggregated usage patterns, and responding to inquiries from prospective customers. We conduct balancing tests to ensure our interests do not override your fundamental rights.

Legal Obligation (Article 6(1)(c))

We process certain data to comply with legal obligations, including tax reporting requirements, responding to lawful requests from public authorities, and maintaining records as required by German commercial law (Handelsgesetzbuch).

5. How We Use Your Data

We use the personal data we collect for the following specific purposes:

  • Service delivery: To create and manage your account, provide access to our AI analytics platform, process data through your configured models, generate dashboards and reports, and deliver the features you have subscribed to.
  • Customer support: To respond to your inquiries, troubleshoot technical issues, process support tickets, and provide onboarding assistance during your initial setup period.
  • Billing and payments: To process subscription payments, generate invoices, manage renewals, and handle refund requests. Payment card details are processed by our third-party payment processor and are never stored on our servers.
  • Communication: To send transactional emails (account confirmations, password resets, service notifications), and with your consent, to send marketing communications about product updates, new features, industry insights, and educational content.
  • Platform improvement: To analyze aggregated usage patterns to improve our platform features, fix bugs, optimize performance, and develop new capabilities that serve our user base.
  • Security and fraud prevention: To monitor for unauthorized access attempts, detect suspicious activity, protect against security threats, and maintain the integrity of our systems and your data.
  • Legal compliance: To fulfill our legal and regulatory obligations, respond to lawful data requests, and maintain required business records.
  • Analytics: To understand how visitors interact with our website, measure the effectiveness of our content, and improve user experience based on behavioral insights derived from anonymized data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Below are our specific retention periods for different categories of data:

Data Category Retention Period
Account and profile data Duration of active account + 90 days after deletion request
Contact form submissions 24 months from submission date
Newsletter subscriber data Until unsubscribe + 30 days for processing
Billing and transaction records 10 years (German tax law requirement under AO §147)
Support ticket history 36 months from ticket resolution
Website analytics data (anonymized) 26 months (Google Analytics default)
Cookie consent records 13 months from consent date
Server and security logs 12 months for security purposes
Platform usage telemetry (aggregated) Indefinitely (fully anonymized, non-personal)

When the retention period expires, we securely delete or anonymize the data so that it can no longer be associated with you. In cases where deletion is not technically feasible immediately (such as data in backup systems), we isolate the data from further processing and schedule it for deletion during the next backup rotation cycle.

7. Data Sharing and Third-Party Recipients

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share personal data only with the following categories of recipients, and only to the extent necessary for the stated purposes:

  • Cloud infrastructure providers: Our platform is hosted on servers located in the European Union (Frankfurt, Germany data centers). Our hosting provider processes data strictly under our instructions and in accordance with a Data Processing Agreement (DPA) that complies with GDPR Article 28.
  • Payment processors: Subscription payments are processed by certified PCI DSS Level 1 compliant payment providers. They receive only the billing data necessary to complete transactions and do not have access to your platform data or usage information.
  • Analytics services: We use Google Analytics with IP anonymization to understand website traffic. When you consent to marketing cookies, the Meta Pixel may collect limited data to measure advertising performance. Both services operate under their own privacy policies and our DPAs.
  • Communication tools: We use email delivery services to send transactional and marketing emails. These providers process your email address and name solely to deliver messages on our behalf and are contractually prohibited from using your data for any other purpose.
  • Customer support platforms: Our support ticketing system stores your name, email, and the content of support interactions to help us resolve your inquiries efficiently.
  • Legal and regulatory authorities: We may disclose personal data when required by law, court order, or government regulation, or when necessary to protect our legal rights, safety, or property.
  • Professional advisors: Our legal counsel, auditors, and accountants may access personal data in the course of providing professional services to us, subject to confidentiality obligations.

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users before any such transfer and provide an opportunity to object or request deletion of their data.

8. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). However, some of our third-party service providers (such as Google and Meta) may transfer data to servers located in the United States or other countries outside the EEA.

When data is transferred outside the EEA, we ensure adequate protection through one or more of the following safeguards:

  • The European Commission has issued an adequacy decision for the destination country, confirming it provides an adequate level of data protection.
  • We have entered into Standard Contractual Clauses (SCCs) approved by the European Commission with the data recipient, supplemented by additional technical and organizational measures where necessary following the requirements of the Schrems II ruling.
  • The recipient has binding corporate rules approved by a competent supervisory authority.

For transfers to the United States specifically, we rely on the EU-U.S. Data Privacy Framework where applicable, and Standard Contractual Clauses as a supplementary safeguard. You may request a copy of the safeguards we use by contacting our Data Protection Officer.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (Articles 15 through 22), you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how and why we process it. We will respond to your request within 30 days.

Right to Rectification (Article 16)

If your personal data is inaccurate or incomplete, you may request that we correct or update it. You can also update most account information directly through your platform settings.

Right to Erasure (Article 17)

You may request that we delete your personal data when it is no longer necessary for the original purpose, when you withdraw consent, or when you object to processing. Certain data may be retained where we have a legal obligation (such as billing records required by tax law).

Right to Restriction of Processing (Article 18)

You may request that we restrict processing of your data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification of our legitimate grounds.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller without hindrance.

Right to Object (Article 21)

You may object to processing based on legitimate interest at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You may object to direct marketing at any time, and we will stop immediately.

Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not make automated decisions about individual users without human oversight.

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will verify your identity before processing your request and respond within 30 calendar days. If your request is complex, we may extend this period by an additional 60 days and will notify you of the extension within the initial 30-day period.

If you believe that we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority. For Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information).

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts (with your consent). A cookie is a small text file placed on your device that helps us recognize your browser and remember certain information.

10.1 Types of Cookies We Use

Essential Cookies (Strictly Necessary)

These cookies are required for the website to function properly. They enable core functionalities such as page navigation, secure area access, and cookie consent preference storage. You cannot opt out of essential cookies as the website will not function correctly without them.

Duration: Session-based or up to 13 months for consent records.

Analytics Cookies

We use Google Analytics (with IP anonymization for EEA visitors) to collect anonymized data about how visitors interact with our website, including pages visited, time on site, bounce rates, and traffic sources. This data helps us improve our content and user experience. These cookies are only placed with your consent.

Duration: Up to 13 months.

Marketing Cookies

When you consent, the Meta Pixel and similar technologies may place cookies to measure the effectiveness of our advertising campaigns on social media platforms. These cookies track conversions from ads and help us understand which marketing channels are most effective. They may also be used to build audience segments for remarketing purposes.

Duration: Up to 13 months.

10.2 Managing Your Cookie Preferences

When you first visit our website, a cookie consent banner appears allowing you to accept or reject non-essential cookies. You can change your preferences at any time by clearing your browser cookies and revisiting our site, which will trigger the consent banner again.

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect the functionality of certain website features. For more information on managing cookies, visit your browser's help documentation or allaboutcookies.org.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

Upon receiving such notification, we will take prompt steps to delete the child's personal data from our systems. If we discover that we have inadvertently collected personal data from a child under 16, we will delete that data as quickly as possible and take measures to prevent future collection.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational needs. When we make material changes, we will take the following steps:

  • Update the "Last Updated" date at the top of this page.
  • Post the revised policy on our website with a summary of changes.
  • For registered users, send an email notification at least 14 days before material changes take effect, describing the changes and providing a link to the updated policy.
  • For changes that require renewed consent (such as new data processing purposes), we will request your consent before applying the changes to your data.

We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after changes are posted constitutes your acknowledgment of the updated policy, except where renewed consent is required.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us using any of the following methods:

Data Controller

DataMind AI GmbH

Registered Address

Friedrichstraße 100, 10117 Berlin, Germany

Data Protection Officer

Email: [email protected]

General Inquiries

Email: [email protected]

Phone: +49 30 1234 5678

Supervisory Authority

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219, 10969 Berlin, Germany
Website: datenschutz-berlin.de

This Privacy Policy was last updated on January 15, 2026, and applies to all data collected from that date forward. For the previous version of our Privacy Policy, please contact our Data Protection Officer.