1. Controller

ADD ideas UG (haftungsbeschränkt)
Blumenstraße 36
69115 Heidelberg
Germany

Email: kontakt@add-ideas.de

1a. Data protection officer

A data protection officer has not been appointed because this is not legally required.

2. Collection and storage of personal data and the nature and purpose of processing

a) When visiting the website

When you access our website, the browser used on your device automatically sends information to the server. This information may be temporarily stored in log files.

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested file
• Website from which access occurs, if transmitted
• Browser, operating system and access provider information, if transmitted

The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in secure and reliable operation of the website.

b) When contacting us

If you contact us by email or through a contact form or ticket system, the data you provide is processed to handle your request.

The legal basis is Art. 6(1)(b) GDPR where the request relates to pre-contractual or contractual communication, and otherwise Art. 6(1)(f) GDPR.

c) When registering and logging in

For additional functions such as API access, dashboard use or organization management, we process account data provided during registration and use.

• Email address
• Password hash
• Optional organization and role information
• Account status and confirmation information

The legal basis is Art. 6(1)(b) GDPR for account and service use.

d) When using the API

When the API is used, technical usage data may be processed, such as API key reference, timestamp, endpoint, status code and request metadata necessary for security, abuse prevention, usage limits, support and billing.

The legal basis is Art. 6(1)(b) GDPR where processing is necessary for service provision, and Art. 6(1)(f) GDPR for secure and reliable operation.

3. Cookies

We use technically necessary session cookies that are required for operation, login and CSRF protection. We do not use tracking or advertising cookies unless explicitly stated elsewhere and, where required, consent has been obtained.

4. Disclosure of data

Personal data is only disclosed where this is legally permitted or required.

• With consent, Art. 6(1)(a) GDPR
• For contract performance, Art. 6(1)(b) GDPR
• Due to legal obligations, Art. 6(1)(c) GDPR
• To safeguard legitimate interests, Art. 6(1)(f) GDPR

4a. Processors

• Hosting and infrastructure: data centers in the EU, primarily Germany
• Support or ticket system, if used: EU-based instance or processor
• Payment service providers, if paid services are ordered

5. Storage duration

• Customer data and contract documents: according to statutory retention periods, usually up to 10 years where applicable
• Server log files: usually up to 6 months, unless longer storage is necessary for security or legal reasons
• Support and ticket data: usually up to 3 years after completion, unless statutory retention duties apply
• API usage records: according to operational, security, billing and contractual requirements

6. Rights of data subjects

You have the right to access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent and the right to lodge a complaint with a supervisory authority.

7. Data security

We use TLS encryption and technical and organizational measures such as role-based access, encrypted backups, monitoring and access controls to protect personal data.

8. Status and changes to this Privacy Policy

This Privacy Policy is currently valid as of May 2026. We may update it if the service, legal requirements or processing activities change.

9. Contact for privacy requests

ADD ideas UG (haftungsbeschränkt) – Data protection
datenschutz@add-ideas.de