Privacy Policy

Last updated: 27. August 2025

913.ai UG (haftungsbeschränkt) (“913.ai”, “we”, “us”, “our”) is committed to complying with applicable data protection laws, in particular the General Data Protection Regulation (EU) 2016/679 (“GDPR”). We take appropriate technical and organizational measures to ensure that personal data is collected, processed, used, disclosed, transferred, and deleted in accordance with applicable law.

Contents

1. Purpose

2. Scope

3. Roles and Responsibilities

4. Legal Bases for Processing

5. Data Protection Principles

6. Categories of Data, Sources, and Purposes

7. Recipients and Processing on Our Behalf

8. International Data Transfers

9. Retention

10. Security (Technical and Organizational Measures)

11. Cookies and Similar Technologies

12. Your Rights (Data Subject Rights)

13. Children’s Data

14. Complaints and Supervisory Authority

15. Changes to this Policy

16. Contact

1. Purpose

We recognize our responsibility to protect the personal data of employees, customers, suppliers, and users, and to respect and enable their rights under applicable data protection law. This Policy explains how we process personal data, for what purposes, on which legal bases, with whom we share it, and which rights individuals have.

2. Scope

This Privacy Policy applies to:

• All processing activities involving personal data where 913.ai acts as a data controller, including personal data in physical form stored in a relevant filing system.

• All employees, contractors, and third‑party processors who may access, process, or handle personal data on our behalf.

• Our websites and online services, including chat.913.ai and related self‑sign‑up or click‑wrap flows.

This Policy does not replace EU or national laws; it supplements applicable data protection legislation.

3. Roles and Responsibilities

• Data Controller: 913.ai UG (haftungsbeschränkt), Am Sandtorkai 32, 20457 Hamburg, Germany.

• Data Privacy Officer (DPO): Immo Ait Stapelfeld, Email: immo@913.ai.

The DPO oversees our data protection strategy and supports ongoing compliance. You may contact the DPO for questions about this Policy or to exercise your rights.

4. Legal Bases for Processing

We process personal data only where a GDPR legal basis applies, including:

• Contract performance or pre‑contractual steps at your request (Art. 6(1)(b) GDPR).

• Compliance with legal obligations (Art. 6(1)(c) GDPR).

• Legitimate interests (Art. 6(1)(f) GDPR), unless overridden by your interests or fundamental rights.

• Consent (Art. 6(1)(a) GDPR), where required and obtained.

• Protection of vital interests (Art. 6(1)(d) GDPR) in rare cases.

Special categories of data (Art. 9 GDPR) are processed only with explicit consent or under a specific legal permission.

5. Data Protection Principles

We adhere to the GDPR principles of lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability. We maintain records of processing activities and regularly assess the effectiveness of our measures.

6. Categories of Data, Sources, and Purposes

• Identification and contact data: name, email, company, role, postal address, user/account ID.

  • Purpose: account setup and administration, contract management, customer support, communications.

  • Source: provided by you or your organization; generated through account use.

  • Basis: Art. 6(1)(b), (f) GDPR.

• Usage and service data: login events, feature usage, device/browser data, interaction logs.

  • Purpose: service provision, security, troubleshooting, product analytics where permitted.

  • Basis: Art. 6(1)(b), (f) GDPR; consent for non‑essential analytics where required (Art. 6(1)(a)).

• Billing data: transaction details, payment status, invoice information.

  • Purpose: billing, accounting, compliance with tax laws.

  • Basis: Art. 6(1)(b), (c), (f) GDPR.

• Support content: messages, files, and context you submit to support or within the platform.

  • Purpose: issue resolution, quality assurance; improvement where permitted.

  • Basis: Art. 6(1)(b), (f) GDPR; consent where required.

We will provide additional notices for new purposes where legally required.

7. Recipients and Processing on Our Behalf

We disclose personal data only as permitted by law and with appropriate safeguards:

• Processors (service providers) for hosting, operations, customer support, communications, billing, and security, bound by contracts compliant with Art. 28 GDPR.

• Professional advisors, auditors, and authorities where legally necessary.

• Corporate transactions (e.g., merger, acquisition), subject to appropriate safeguards.

We do not sell personal data.

8. International Data Transfers

By default, and unless explicitly agreed otherwise, service data is hosted and processed exclusively within the European Union/European Economic Area (EU/EEA). We do not transfer service data to third countries. If exceptional transfers of other personal data were necessary (e.g., communications tools), we would implement safeguards per Chapter V GDPR (e.g., adequacy decisions, Standard Contractual Clauses, and supplementary measures) and provide prior notice where legally required.

9. Retention

We retain personal data only as long as necessary for the purposes described or as required by law. After expiry of retention periods, data is deleted or anonymized in accordance with our retention schedule. Typical periods include:

• Account and contract data: for the term of the agreement plus statutory limitation/retention periods.

• Billing and tax records: per applicable commercial/tax law.

• Support tickets: for the resolution period plus a reasonable archiving window.

10. Security (Technical and Organizational Measures)

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or loss. Measures include access controls, encryption in transit and at rest (where applicable), network safeguards, logging and monitoring, least‑privilege access, vendor due diligence, employee training, incident response, and regular testing and evaluation. Hosting is restricted to EU/EEA locations as described above.

11. Cookies and Similar Technologies

We use essential cookies necessary to provide the service. Non‑essential cookies (e.g., analytics) are used only with your consent via our cookie banner or settings. You can withdraw consent at any time through the same settings. For details, please see our Cookie Notice [insert link].

12. Your Rights (Data Subject Rights)

Subject to conditions and exceptions under the GDPR, you have the right to:

• Access your personal data (Art. 15).

• Rectify inaccurate or incomplete data (Art. 16).

• Erase data (“right to be forgotten”) (Art. 17).

• Restrict processing (Art. 18).

• Data portability (Art. 20).

• Object to processing based on legitimate interests, including direct marketing (Art. 21).

• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3)).

To exercise your rights, contact our DPO at immo@913.ai. We will respond without undue delay and within one month, subject to extension under Art. 12(3) GDPR where necessary.

13. Children’s Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, please contact us and we will take appropriate steps.

14. Complaints and Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or alleged infringement. Our local supervisory authority is likely the Hamburg Commissioner for Data Protection and Freedom of Information: https://datenschutz-hamburg.de

15. Changes to this Policy

We may update this Policy from time to time. We will post any changes on this page and indicate the “Last updated” date. Where required, we will notify you and, if necessary, request your consent.

16. Contact

Controller and DPO:
913.ai UG (haftungsbeschränkt)
Am Sandtorkai 32, 20457 Hamburg, Germany
Email: immo@913.ai