Privacy Policy / Datenschutzerklaerung
Last updated / Letzte Aktualisierung: 05.05.2026
Controller / Verantwortlicher: See provider details in /impressum. For privacy requests: demo-privacy@example.com
1. Scope
This policy explains how Digraph processes personal data when you use our website and SaaS platform for AI brand visibility monitoring.
2. Personal Data We Collect
2.1 Data You Provide
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address | Account creation, authentication |
| Payment data | Billing address, payment method (processed by Stripe) | Process subscriptions |
| Client/campaign data | Brand names, keywords, ad copy inputs | Provide the service |
| Communications | Emails, support requests | Customer support |
2.2 Data Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage data | Pages visited, features used, timestamps | Service improvement |
| Device data | IP address, browser type, OS | Security, troubleshooting |
| Cookies | Session, preference, analytics (with consent) | Functionality, analytics |
3. Legal Basis for Processing (GDPR Art. 6)
| Processing Activity | Legal Basis |
|---|---|
| Account creation & service delivery | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| Essential cookies | Legitimate interest (Art. 6(1)(f)) |
| Analytics cookies | Consent (Art. 6(1)(a)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention | Legitimate interest (Art. 6(1)(f)) |
4. How We Use Your Data
- Provide, maintain, and improve our services
- Process payments and manage subscriptions
- Send transactional emails (confirmations, password resets)
- Respond to support requests
- Detect and prevent fraud or abuse
- Comply with legal obligations
- Send marketing communications (only with consent)
5. Data Sharing & Sub-processors
We share personal data only where needed to provide the service:
| Recipient | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase | Database, authentication, storage | EU/USA (project dependent) | DPA + SCCs where required |
| Stripe (if billing is active) | Payment processing and invoicing | USA | DPA + SCCs where required |
| Resend | Transactional emails (alerts, support replies) | USA | DPA + SCCs where required |
| OpenAI | LLM processing for analysis jobs | USA | DPA + SCCs where required |
| Anthropic | LLM processing for analysis jobs | USA | DPA + SCCs where required |
| Google Cloud | Hosting, infrastructure, observability | EU/USA (service dependent) | DPA + SCCs where required |
| Google (OAuth) | Optional sign-in provider | USA | DPA + SCCs where required |
We do not sell personal data.
6. International Data Transfers
Your data may be transferred to countries outside the EU/EEA, including the USA. We protect such transfers using:
- EU Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs)
- Technical and organizational security measures
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Payment records | 10 years (German tax law) |
| Support communications | 3 years |
| Server logs | 90 days |
| Analytics data | 14 months |
8. Your Rights (GDPR)
You have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability – receive your data in a structured format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time (Art. 7(3))
- Lodge a complaint with a supervisory authority
To exercise your rights: Email demo-privacy@example.com
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW
https://www.ldi.nrw.de
9. Cookies
We use cookies and similar technologies:
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Site functionality, security | No |
| Preferences | Remember your settings | No |
| Analytics | Understand usage patterns | Yes |
| Marketing | Targeted advertising | Yes |
Manage preferences in our cookie banner or browser settings.
10. Security
We implement appropriate technical and organizational measures:
- HTTPS/TLS encryption
- Access controls and authentication
- Regular security assessments
- Data minimization
- Employee confidentiality obligations
11. Children's Privacy
Our services are not directed to individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact demo-privacy@example.com.
12. Data Subject Requests
To request access, correction, deletion, restriction, portability, or objection, email demo-privacy@example.com. We may need to verify identity before fulfilling requests.
13. Changes to This Policy
We may update this Privacy Policy. Material changes will be notified via email or website notice. Continued use after changes constitutes acceptance.
14. Contact
For privacy inquiries and GDPR requests:
Email: demo-privacy@example.com