Privacy Policy#
Here you can find an overview of how the data you enter into the AI-Tools is processed.
Controller responsible for data protection#
External service providers#
The AI-Tools run on a server in Germany. All prompts you enter are transmitted from there to an external AI model. We use AI models from OpenAI, Anthropic, Google, Perplexity, and ElevenLabs in the USA, as well as from Microsoft, Mistral AI, Assembly AI, OVHcloud, and Black Forest Labs in Europe. The data is not used for training purposes. Sensitive data, such as phone numbers or bank account information, should nevertheless not be included in a prompt.
OpenAI
OpenAI Ireland Limited, “The Liffey Trust Centre”, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland. OpenAI Privacy Policy
Anthropic
Anthropic Ireland Limited, 27/29 Orwell Road, Rathgar, Dublin 6, Ireland. Anthropic Privacy Policy
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Privacy Policy
Perplexity
Perplexity AI, Inc., 575 Market St. Fl. 4, San Francisco, CA 94105, USA. Perplexity Privacy Policy
ElevenLabs
Eleven Labs Poland sp. z o.o., Lipska 27/22 Street, 03-908, Warsaw, Poland. ElevenLabs Privacy Policy
Microsoft
Konrad-Zuse-Str.1, 85716 Unterschleißheim. Microsoft Privacy Policy
OVH
OVH GmbH, Christophstraße 19, 50670 Köln. Privacy Policy OVH
Black Forest Labs
Sedanstraße 7, 79098 Freiburg im Breisgau. BFL Privacy Policy
Mistral AI
15 rue des Halles, 75001 Paris, France. Mistral AI Privacy Policy
Assembly AI
EU Member Representative: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.
Transcripts are deleted after 90 days. Assembly AI Privacy Policy
Fireworks AI
2317 Broadway St, Redwood City, California 94063, Redwood City, California, United States
AI-Tools statistics#
To improve the AI-Tools, we want to know how often specific prompts or assistants are used. We therefore store the username and the time of access together with the selected prompt category, the name of the prompt, the selected model, the tokens used, and the time the AI model needed to generate the response. We do not store what you entered into the prompt or the AI’s response. Statistical data is automatically deleted after 366 days.
You can view your own usage statistics in the Prompt Assistant with the following prompt: “What is my usage?” Your usage is visible only to you. The anonymized company statistics are visible to all users in your organization.
Log files#
We store data in log files to test new features, fix errors, or optimize the system. The log files are automatically deleted after 30 days.
Uploaded files#
You can upload files in the AI-Tools to have them processed by the language model. The following happens:
The file is uploaded to our server, the text contained in the file is extracted and transmitted to the AI model. The file is then immediately deleted from our server.
Transcription#
You can upload audio files or voice recordings in the AI-Tools to have them transcribed. The following happens:
The audio file is uploaded to our server and transcribed by a speech model. The audio and the transcribed text are stored for up to 14 days and then deleted. On the transcript card, you can decide for each file whether it can be used only by you or by everyone in your organization.
History#
In the Assistants, Workflows, and Images modules, your chats and generated images from the past 14 days are stored. You can open the history with the History button and browse through the last 14 days. You can reopen or delete any chat. Chats older than 14 days are automatically deleted.
Generated files#
With the AI-Tools, you can generate different types of files, such as images, graphics, and PDFs. These files remain available for download for 90 days. After that, they are automatically deleted.
Use of the AI-Tools website#
Description and scope of data processing#
Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected: the URL accessed, information about the browser type and version used, the user’s operating system, the user’s internet service provider, the user’s IP address, and the date and time of access. The described data is anonymized and stored in our system’s log files. This data is not stored together with any other personal data of the user.
Purpose and legal basis for data processing#
The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, the data helps us ensure the security of our information technology systems. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 sentence 1 lit. f GDPR. The collection of personal data for the provision of the AI-Tools and the storage of the data in log files is strictly necessary for the operation of the website. Therefore, the user has no option to object.
Storage period#
The data is deleted as soon as it is no longer required for the purpose for which it was collected. If your data is collected to ensure the provision of the website, it is deleted when the respective session ends. If your data is stored in log files, it is deleted no later than after seven days.
Data transfer outside the EU#
The GDPR ensures an equally high level of data protection throughout the European Union. When selecting our service providers, we therefore use European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that your data may then only be processed on the basis of specific safeguards, such as an adequacy decision officially recognized by the European Commission or compliance with officially recognized specific contractual obligations, the so-called “Standard Contractual Clauses”.
Rights of the data subject#
Under the EU General Data Protection Regulation, you as a data subject have the rights listed below. You can exercise these rights at: Datenschutz@FFH.de
Right of access#
You have the right to obtain information from us, as the controller, as to whether and which personal data relating to you is being processed by us, as well as further information in accordance with the statutory requirements under Art. 13 and 14 GDPR.
Right to rectification#
If the personal data concerning you that we process is inaccurate or incomplete, you have the right to request rectification and/or completion. The rectification will be made without undue delay.
Right to restriction of processing#
You have the right to obtain restriction of the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR). If the grounds set out in Art. 17 GDPR apply, you may request that the personal data concerning you be deleted without undue delay. Please note that the right to erasure does not apply insofar as processing is necessary for one of the exceptions listed in Art. 17(3).
Right to notification#
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom personal data concerning you has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
Right to object#
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR.
Right to lodge a complaint with a supervisory authority#
If you believe that the processing of personal data concerning you violates the GDPR, you also have the right to lodge a complaint with a supervisory authority.