Last Updated: 15.09.2025

1. Who We Are

This Privacy Policy describes how 913.ai UG (haftungsbeschränkt) ("913.ai", "we", "us", or "our") collects and processes personal data when you visit our websites at https://913.ai and https://chat.913.ai, interact with our services and domain‑specific AI agents (the "Platform"), or communicate with us.

• Legal entity: 913.ai UG (haftungsbeschränkt)

• Address: Am Sandtorkai 32, 20457 Hamburg, Germany

• Contact email: contact@913.ai

• Managing directors: Immo Ait Stapelfeld; Maveen Mushtaq

• For privacy inquiries, contact us at contact@913.ai.

2. Scope and Roles

• We act as a controller for personal data processed on our websites and for account, billing, support, and community operations on the Platform.

• For certain customer‑directed processing performed within our AI agents where we handle customer data under a data processing agreement (e.g., enterprise deployments), we act as a processor. Details, including subprocessors, are listed on our Trust page.

3. What We Collect

We collect and process the following categories of personal data:

• Account and profile: name, business email, company/organization, phone number (optional), password/credential hashes, 2FA setup data, roles/permissions.

• Usage and interaction: prompts and other inputs you provide to the Platform; outputs generated by the AI agents; feedback, ratings, comments; community posts and messages.

• Device and log data: IP address, device identifiers, browser type/version, OS, language settings, referrer, date/time, pages viewed, session IDs, error and performance logs.

• Transaction and billing: billing contact, plan, purchase history, Stripe identifiers (tokenized), last 4 digits/expiration of payment card (where applicable), VAT/tax information.

• Communications: inquiries sent to us (email or forms), support tickets, and related correspondence.

We do not knowingly target or allow use by children or minors. The Platform is intended for business users only.

4. Sources of Data

• Directly from you: when you register, use the Platform, participate in the community, or contact us.

• Automatically: via cookies, pixels, SDKs, and similar technologies on our sites and apps.

• From service providers and partners: e.g., payment processors, analytics, identity providers, CRM.

• Public or customer‑provided data: where you instruct the Platform to retrieve or process publicly available information.

5. Purposes and Legal Bases

We process personal data for the purposes and legal bases below (Art. 6 GDPR):

• Provide and operate the Platform; create and manage accounts; enable authentication (including SSO) and 2FA; deliver AI agent functionality; maintain security and prevent abuse — performance of a contract (Art. 6(1)(b)) and our legitimate interests (Art. 6(1)(f)).

• Process transactions, invoicing, and tax records via Stripe — contract (Art. 6(1)(b)) and legal obligations (Art. 6(1)(c)).

• Customer support, incident response, and service communications — contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).

• Analytics, product improvement, and marketing attribution (Google Analytics, Google Tag Manager, HiROS) — consent where required (Art. 6(1)(a)); otherwise legitimate interests (Art. 6(1)(f)) for strictly necessary, non‑marketing measurements.

• Marketing communications (HubSpot, Mailchimp) — consent (Art. 6(1)(a)); or legitimate interests for B2B direct marketing where permitted, with opt‑out (Art. 6(1)(f)).

• Community operation and moderation — contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).

• Compliance with law, enforcement of terms, prevention of fraud, protection of rights — legal obligations (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)).

6. Cookies and Similar Technologies

We use cookies, tags, and similar technologies (including via Framer, Google Tag Manager, Google Analytics, HiROS, and native ad pixels from Meta/Google) to operate the site, enable preferences, perform analytics, and measure marketing. Details are provided in our separate Cookie Policy, which also explains how to manage your preferences via our consent banner.

• See: Cookie Policy [link placeholder — update to your actual URL]

7. Subprocessors and Service Providers

We use vetted service providers to operate the Platform. Key categories and examples include:

• Hosting/infrastructure and databases: Google Cloud Platform (EU regions), Pinecone (EU deployment), and related managed services.

• AI model providers: OpenAI (configured with zero data retention for approved use cases); other providers as listed on our Trust page.

• Payments: Stripe (tokenized processing; we do not store full card PANs).

• Analytics and marketing: Google Analytics, Google Tag Manager, HiROS, HubSpot, Mailchimp.

• Logging, monitoring, and security: Datadog, PostHog [verify], platform log files.

• Identity and authentication: Email/password, optional SSO (e.g., Google) and 2FA.

• Community and support: [Name of community platform/tool, if applicable], email support.

Our current list of subprocessors and data transfers is maintained at our Trust page: https://trust.913.ai.

8. International Data Transfers

Our primary hosting locations are in the EU. Where service providers are located outside the EEA/UK or access data from third countries (e.g., the United States), we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs), the UK IDTA/UK Addendum, and supplementary technical/organizational measures. Where applicable, we may also rely on adequacy decisions (e.g., EU‑US Data Privacy Framework for certified entities).

9. Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, including providing the Platform and complying with legal, accounting, or reporting requirements. Typical retention periods:

• Account data: for the life of the account, then deleted or anonymized within a defined period.

• Contract, invoicing, and tax records: retained per statutory requirements (generally 10 years in Germany/EU).

• Support and incident records: retained for operational needs and compliance.

• Marketing data: until you withdraw consent or object; we periodically purge inactive contacts.

10. Your Rights (EEA/UK)

Subject to legal conditions, you have the right to:

• Access, rectification, erasure, and restriction of processing

• Data portability

• Object to processing based on legitimate interests and to direct marketing at any time

• Withdraw consent at any time (without affecting prior processing)

• Lodge a complaint with a supervisory authority

To exercise rights, contact us at contact@913.ai. The competent authority at our seat is typically: Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).

11. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, least‑privilege policies, monitoring and alerting, secure software development practices, and third‑party vendor reviews. Further details and certifications, controls, and subprocessors are available on our Trust page at https://trust.913.ai.

12. Children

We do not target or permit use of the Platform by children. The Platform is intended solely for business users. If we learn that personal data of a minor has been submitted, we will delete it.

13. Do Not Track; Automated Decision‑Making

Our services do not respond to browser Do‑Not‑Track signals. We do not engage in automated decision‑making producing legal or similarly significant effects without human involvement.

14. Third‑Party Links and Embedded Content

Our sites may include links to third‑party sites and embedded content (e.g., YouTube videos). Interactions with such content are governed by the third party’s privacy policies and terms.

15. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date indicates the most recent changes. Significant changes will be communicated via the Platform or by email where appropriate.

16. Contact

If you have questions or requests about this Policy or our data practices, please contact:

913.ai UG (haftungsbeschränkt), Am Sandtorkai 32 20457 Hamburg, Germany

Email: contact@913.ai

Annex A — Detailed Tracking and Cookies (Optional, cross‑referenced in Cookie Policy)

• Google Analytics 4 via Google Tag Manager — analytics/measurement; consent‑based where required.

• Hyros: marketing attribution; consent‑based where required.

• Meta/Google ad pixels: remarketing/measurement; consent‑based where required.

• Framer essential cookies: strictly necessary for site operation; legitimate interests/contract.

  
  

Users can manage preferences via our cookie banner and browser settings. See our Cookie Policy for details.