Privacy Policy - We value your privacy

Introduction

We ("we," "us," "our") take the protection of the data of users ("users" or "you") of our website and/or mobile app (the "website" or the "mobile app") very seriously and are committed to safeguarding the information that users provide to us in connection with their use of our website and/or mobile app (collectively: "digital assets"). Furthermore, we are committed to protecting and using your data in accordance with applicable laws.

This privacy policy explains our practices regarding the collection, use, and disclosure of your data when you access our digital assets (the "services") through your devices.

Please read this privacy policy carefully and ensure that you fully understand our practices regarding your data before using our services. If you have read and fully understood this policy and do not agree with our approach, you must stop using our digital assets and services. By using our services, you acknowledge the terms of this privacy policy. Continued use of the services constitutes your consent to this privacy policy and any updates to it.

How we collect data
Which data we collect
Why we collect this data
Who we share the data with
Where the data will be stored
How long the data is retained
How we protect the data
How we handle minors
Updates or changes to the privacy policy

Which data do we collect

Below is an overview of the data we may collect:

Non-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our services ("non-personal data"). Non-personal data does not allow any conclusions to be drawn about the individual from whom it was collected. The non-personal data we collect primarily consists of technical and aggregated usage information, as well as project data used by the user.

This includes, in particular (but not exclusively):

- General platform usage data of the user.
- User inputs and project descriptions.
- Uploaded data source structures of the user.
- Data source documentation and URLs.
- Created and modified APICHAP project configurations.
Individually identifiable information, meaning any data that can identify you or could reasonably be used to identify you ("personal data"). The personal data we collect through our services may include information that is requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses, and more. If we combine personal data with non-personal data, we treat the combined data as personal data for as long as they remain linked.

This includes, in particular (but not exclusively):

-Email address
-First and last name of the user
-Company information
-Payment data and credit card information of the user

How we collect data

Below are the main methods we use to collect data:

We collect data when you use our services. When you visit our digital assets and use our services, we may gather, record, and store usage, session, and related information.
We collect data that you provide to us directly, for example, when you contact us via a communication channel (e.g., an email with a comment or feedback).
We may collect data from third-party sources as described below.

Why we collect this data

We may use your data for the following purposes:

To provide and operate our services;
To further develop, customize, and improve our services, as well as to enhance our AI models;
To respond to your feedback, inquiries, and requests, and to provide assistance;
To analyze usage patterns and requirements;
For other internal, statistical, and research purposes;
To enhance our data security measures and fraud prevention capabilities;
To investigate violations and enforce our terms and policies, as well as to comply with applicable laws, regulations, and governmental orders;
To send you updates, notifications, promotional materials, and other information related to our services. For promotional emails, you can choose whether to continue receiving them. If you prefer not to, simply click the unsubscribe link in these emails.

Who we share the data with

For the purposes outlined in 'Why We Collect This Data,' we may share your data with our service providers to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).

For marketing and operational purposes, data may specifically be shared with the following service providers:

-Pipedrive OÜ
-Google Analytics
-Langfuse (https://langfuse.com/)
-LLM providers such as Mistral (https://mistral.ai), Claude (https://claude.ai), and OpenAI (https://openai.com/)

We may also disclose your data under the following circumstances:
(i) To investigate, detect, prevent, or take action against illegal activities or other misconduct;
(ii) To establish or exercise our right to defend against legal claims;
(iii) To protect our rights, property, or personal safety, as well as that of our users or the public;
(iv) In the event of a change of control within our company or one of our affiliated companies (e.g., through a merger, acquisition, or sale of substantially all assets);
(v) To collect, store, and/or manage your data through authorized third-party providers (e.g., cloud service providers) as reasonably necessary for business purposes;
(vi) To collaborate with third parties in enhancing your user experience.

For clarity, we reserve the right to share, transfer, or otherwise use non-personal data at our discretion.

Cookies and similar technologies

When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services (“tracking technologies”). These tracking technologies may allow third parties to automatically collect your data to enhance navigation on our digital assets, optimize performance, and provide a personalized user experience, as well as for security and fraud prevention purposes.

To learn more, please refer to our Cookie Policy.

Where the data will be stored

Non-personal data

Please note that our company, as well as our trusted partners and service providers, are located worldwide. For the purposes outlined in this privacy policy, we store and process all non-personal data we collect in various jurisdictions.

How long the data is retained

Please note that we retain the collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements.

We may correct, supplement, or delete inaccurate or incomplete data at our discretion at any time.

How we protect the data

The hosting service for our digital assets provides us with the online platform through which we offer our services to you. Your data may be stored through our hosting provider’s data storage, databases, and general applications. It is stored on secure servers behind a firewall, and the provider offers secure HTTPS access to most areas of its services.

Despite the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection or security of the data you upload, publish, or otherwise share with us or others.

For this reason, we encourage you to set strong passwords and, whenever possible, avoid sharing confidential information with us or others if its disclosure could cause you significant or lasting harm. Additionally, as email and instant messaging are not considered secure communication methods, we advise against sharing confidential information through these channels.

How we handle minors

Our services are not intended for users who have not yet reached the legal age of majority. We do not knowingly collect data from children. If you are underage, you should not download or use our services or provide us with any information.

We reserve the right to request proof of age at any time to verify whether minors are using our services. If we become aware that a minor is using our services, we may deny and restrict their access and delete any data stored about them. If you believe that a minor has provided us with data, please contact us as outlined below.

We use your personal data only for the purposes outlined in this privacy policy and only when we are convinced that:

the use of your personal data is necessary to fulfill or enter into a contract (e.g., to provide you with the services themselves or to offer customer support or technical assistance);
the use of your personal data is necessary to comply with applicable legal or regulatory obligations, or
the use of your personal data is necessary to support our legitimate business interests (provided that this is done in a manner that is proportionate and respects your privacy rights at all times).

As EU-citizen you can:

request confirmation as to whether personal data concerning you is being processed, and request access to your stored personal data along with certain additional information;
request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format;
request the correction of your personal data stored by us;
request the deletion of your personal data;
object to the processing of your personal data by us;
request the restriction of the processing of your personal data, or
lodge a complaint with a supervisory authority.

Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below.

As part of providing our services, we may transfer data across borders to affiliated companies or other third parties, from your country/jurisdiction to other countries/jurisdictions worldwide. By using our services, you consent to the transfer of your data outside the EEA.

If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we believe that an adequate or comparable level of personal data protection exists. We will take appropriate steps to ensure that we have suitable contractual agreements with our third parties, guaranteeing that proper security measures are in place to minimize the risk of unlawful use, modification, deletion, loss, or theft of your personal data and that these third parties always act in compliance with applicable laws.

Rights Under the California Consumer Privacy Act (CCPA)

If you use the services as a California resident, you may be entitled under the California Consumer Privacy Act ("CCPA") to request access to and deletion of your data.

To exercise your right to access or delete your data, please see below for how to contact us.

We do not sell users’ personal data for the purposes and intents of the CCPA.

Updates or Changes to the Privacy Policy

We may revise this Privacy Policy at our discretion from time to time. The version published on our website is always the most current (see the "Last Updated" date). We encourage you to review this Privacy Policy regularly for any changes.

In the event of significant changes, we will post a notice on our website. Your continued use of the services after being notified of changes on our website will be considered as your acknowledgment and acceptance of the updated Privacy Policy and your agreement to be bound by its terms.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is typically transmitted to and stored on a Google server in the USA.

If IP anonymization is activated on this website, your IP address will first be shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, please note that in this case, you may not be able to fully use all features of this website.

Contakt

If you have general questions about the services or the data we collect about you and how we use it, please contact us at:

Name: Dominik Rampelt
Adress: Peter-Behrens-Platz 10, 4020 Linz
E-Mail-Adress: dominik.rampelt@apichap.com