One page with everything a legal team, IT admin, or DPO needs to know about our processing. No glossy promises, just facts. No login required — you can forward this URL as-is.
This English version is provided for convenience. The German version remains the controlling version if wording differs.
TL;DR
Your data and our AI inference stay inside the EU. We delete workshop content automatically after 90 days. In the event of a breach, we notify the supervisory authority within 72 hours.
Where your data lives
- Hetzner Falkenstein — application and database server. Region: Germany.
- AWS Bedrock Frankfurt (eu-central-1) — AI inference. Cross-region inference is explicitly disabled.
- AWS SES Frankfurt (eu-central-1) — transactional email (invitations, login links, delivery reports).
- AWS Transcribe Frankfurt (eu-central-1) — optional speech-to-text processing for dictation; audio is not stored.
- Stripe Payments Europe (Ireland) — payment processing, invoicing. Individual operational activities in the US are covered by Standard Contractual Clauses.
The full, always-current list lives at /legal/processors.
Encryption & access
- TLS 1.3 with HSTS preload on every endpoint.
- Server access only via SSH with public-key authentication. No password login.
- SQLite file on the application server with
0600permissions under the app user; no remote admin access. - Daily, AES-encrypted restic backups to a second Hetzner region.
Retention & deletion
Workshop content is deleted automatically 90 days after the participation window ends. Managers can request immediate deletion at any time. After deletion, encrypted backups retain the data for up to 30 more days (grace period), then it is gone from backups as well.
Invoicing data is retained for 10 years per § 147 AO (German tax code). Audit logs and Stripe webhook events are retained for 90 days.
What the manager never sees
The post-workshop report is always aggregated. Neither the manager surface nor any internal admin access exposes individual answers, transcripts, or personal participant materials. There is no override.
The manager sees the email addresses they invited because those addresses are needed for invitation status and follow-up. Nothing downstream of the invitation is shown as attributable to one participant.
This guarantee is anchored in the type system: the synthesis module takes a documented ParticipantDocumentForSynthesis that, via Omit, carries no identity. Any attempt to reintroduce identity fails at compile time.
Incident notification
We notify the competent supervisory authority (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg) within 72 hours of becoming aware of a personal-data breach, if there is a risk to the rights and freedoms of the people concerned.
Security contact: security@v9labs.de.
Subprocessor list
Full, always-current overview at /legal/processors. We announce changes at least 30 days in advance.
DPA (Data Processing Agreement)
Our standard DPA per Art. 28 GDPR: /legal/dpa (inline version) and /legal/dpa.pdf (download, byte-stable with the inline version, version 2026-04-27).
Data subject requests (Art. 15–22 GDPR)
Access, rectification, erasure, portability, and objection requests go through the form at /legal/data-request. We acknowledge within three business days and answer within 30 days (Art. 12(3) GDPR).
What we don't have
We prefer honesty over certificate collecting. What we currently do not hold:
- No ISO 27001 certification.
- No SOC 2 Type II certification.
- No TISAX assessment.
If any of these is a hard blocker for you, let us know — it feeds into our roadmap.
Last updated
April 27, 2026. This page is updated in lock-step with the privacy notice.