Privacy Policy

1. Data Controller

Kintellica GmbH
Hofweg 81
22085 Hamburg
Germany

Email: info@kintellica.com
Website: https://kintellica.com

Represented by the Managing Directors: Alborz Tarrahi and Carlos Bosch Meyer

2. General Information on Data Processing

We, Kintellica GmbH ("Kintellica", "we" or "us"), process personal data in accordance with applicable data protection regulations, in particular the General Data Protection Regulation ("GDPR"), the German Federal Data Protection Act ("BDSG") and the German Telecommunications-Telemedia Data Protection Act ("TDDDG").

Personal data means any information relating to an identified or identifiable natural person.

This Privacy Policy informs you about how we process personal data, in particular when:

• visiting our website,
• contacting us,
• using our platform,
• using our AI-powered features,
• entering into and performing contracts,
• sending newsletters,
• visiting our company profiles on social networks.

3. Visiting Our Website

When you access our website, information is automatically transmitted to our servers by the browser of your device. This information is temporarily stored in so-called log files.

The following data may be processed in particular:

• IP address
• Date and time of access
• Browser type and version
• Operating system used
• Referrer URL
• Pages and files accessed
• Hostname of the accessing computer

This data is processed for the following purposes:

• Ensuring a smooth connection setup,
• Ensuring comfortable use of the website,
• Evaluating system security and stability,
• Detecting abuse and attacks,
• Technical administration of the website.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and efficient provision of our website. Where the website visit is connected with the initiation or performance of a contract, Art. 6(1)(b) GDPR may additionally serve as the legal basis.

4. Cookies and Similar Technologies

We use cookies and comparable technologies on our website.

4.1 Technically Required Cookies

Technically necessary cookies and similar technologies are used to ensure the functionality and security of our website.

The legal basis for accessing information on the device is § 25(2) TDDDG. The subsequent processing of personal data is based on Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR.

4.2 Optional Cookies, Tracking and Analytics

Where we use analytics, statistics, personalization or marketing technologies, this is only done on the basis of your consent.

The legal basis for accessing the device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

4.3 Cookie Notice

The specific cookies, services, storage periods and providers used can be found in our current consent management tool or cookie banner on the website.

5. Contacting Us

If you contact us, for example by email, contact form, phone or other means, we process the data you provide to handle your inquiry.

This may include in particular:

• Name
• Email address
• Phone number
• Company
• Content of the message
• Other voluntarily provided information

The processing is carried out:

• for the performance of pre-contractual measures or for contract performance on the basis of Art. 6(1)(b) GDPR, or
• to safeguard our legitimate interest in the proper handling of inquiries on the basis of Art. 6(1)(f) GDPR.

6. Newsletter

If you subscribe to our newsletter, we use your email address to send you information about our products, services, developments and offers.

Registration is generally carried out using a double opt-in procedure. For proof of consent, we store in particular:

• Email address,
• Time of registration,
• Time of confirmation,
• IP address,
• Consent status.

The legal basis is Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with effect for the future, in particular via the unsubscribe link in the newsletter or by contacting us.

7. Company Profiles on Social Networks

We maintain company profiles on social networks, in particular on LinkedIn.

When you visit our pages there or interact with us, personal data may be processed both by us and by the respective platform operator.

The processing is carried out for the following purposes:

• Communication with prospects and customers,
• External presentation of our company,
• Reach measurement and optimization of our content,
• Analysis of interactions.

The legal basis is Art. 6(1)(f) GDPR. Where contacting is aimed at concluding or performing a contract, Art. 6(1)(b) GDPR additionally applies.

The privacy policies of the respective platform operator also apply.

8. Contract Initiation, Conclusion and Business Relationships

We process personal data of prospects, customers, business partners, suppliers, service providers and their contact persons insofar as this is necessary for the initiation, performance and settlement of contracts.

The following data may be processed in particular:

• First and last name
• Company name
• Business contact details
• Billing and payment data
• Contract data
• Communication data
• Usage data
• Support requests

The processing is carried out for the following purposes:

• Preparation of offers,
• Contract conclusion,
• Service delivery,
• Invoicing,
• Customer support,
• Support,
• Compliance,
• IT security,
• Legal enforcement.

The legal bases are Art. 6(1)(b), (c) and (f) GDPR.

9. Use of the Kintellica Platform and AI Features

9.1 Types of Data Processed

When using our platform and AI features, the following personal data may be processed in particular:

• Registration and account data
• Login and authentication data
• Organization and tenant data
• Uploaded files, documents and content
• Text inputs, prompts and queries
• Generated outputs and responses
• Usage metadata
• Support and diagnostic data

9.2 Purposes of Processing

The processing is carried out in particular for the following purposes:

• Provision and operation of our platform,
• Authentication and user management,
• Processing of requests,
• Generation of AI-powered outputs,
• Quality assurance and bug fixing,
• Ensuring IT security and abuse prevention,
• Contract performance and billing.

The legal basis is Art. 6(1)(b) GDPR. Where processing is additionally required for IT security, abuse detection, product stability or legal enforcement, it is based on Art. 6(1)(f) GDPR.

9.3 Storage Limitation for Uploaded Data

Files, documents and content uploaded by users are generally only stored by Kintellica for a limited time and deleted within 24 hours at the latest, unless:

• longer storage is technically absolutely necessary,
• a legal retention obligation exists,
• longer storage is initiated by the user, or
• security, abuse, evidence or legal enforcement purposes require longer storage in individual cases.

9.4 No Unauthorized Disclosure, No Use for Own Training Purposes

Kintellica does not disclose personal data to third parties without authorization.

Where third-party providers are technically integrated, this is done exclusively for the intended purpose, to the necessary extent and on the basis of appropriate contractual and data protection safeguards.

Kintellica does not use uploaded content, prompts, inputs, outputs and other customer data for its own advertising purposes and does not use them to train its own AI models, unless expressly agreed otherwise.

9.5 Providers and AI Partners Used

Depending on the function and configuration, the following providers may be integrated in the provision of our services:

• Microsoft Azure
• Google Cloud / Google AI
• Anthropic (Claude)
• Mistral

9.6 Role of Kintellica

Where we process data for our own contractual relationships, the provision of our platform, user management, security, support and billing, we act as controller within the meaning of Art. 4(7) GDPR.

Where we process data exclusively on behalf of a business customer, we act as processor within the meaning of Art. 28 GDPR. In this case, the processing is governed by the data processing agreement concluded with the respective customer.

10. Recipients of Personal Data

Personal data may be transmitted to the following categories of recipients insofar as this is necessary for the provision of our services:

• Hosting and cloud providers
• AI and model providers
• Payment service providers
• Email and communication services
• Authentication services
• Support and IT service providers
• Analytics and security providers
• Legal and tax advisors
• Authorities and public bodies, insofar as a legal obligation exists

Data is only shared where this is legally permissible and necessary for contract performance, technical provision, security or compliance with legal obligations.

11. Data Transfers to Third Countries

Where personal data is transferred to recipients outside the European Union or the European Economic Area, this is only done in compliance with Art. 44 et seq. GDPR.

Appropriate safeguards may include in particular:

• Adequacy decisions of the European Commission,
• Standard contractual clauses of the European Commission,
• Other legally recognized safeguards.

12. Storage Period

We store personal data only for as long as necessary for the respective purposes.

Longer storage occurs only where:

• legal retention obligations exist,
• this is necessary for the establishment, exercise or defense of legal claims,
• security or abuse reasons require it.

Subsequently, the data is deleted or anonymized.

13. Data Subject Rights

You have the following rights in accordance with applicable law:

• Right of access,
• Right to rectification,
• Right to erasure,
• Right to restriction of processing,
• Right to data portability,
• Right to object,
• Right to withdraw consent with effect for the future,
• Right to lodge a complaint with a data protection supervisory authority.

14. Right to Object

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing for the purposes of such marketing.

15. Automated Decisions

Automated decision-making within the meaning of Art. 22 GDPR does not take place unless expressly stated otherwise in individual cases.

16. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy with effect for the future, in particular in the event of changes to legal requirements, our services or the technologies used.

Last updated: April 4, 2026