Privacy Policy

Last updated: April 2026

1. Controller

SoftAM UG (haftungsbeschränkt)
Mergenthalerallee 15-21
65760 Eschborn, Germany
Geschäftsführer: Andreas Tarakanov
Email: info@soft-am.com

We take your privacy seriously. This policy explains what data we collect, how we use it, the legal basis for processing, and your rights under the GDPR and applicable data protection laws.

2. Data we collect & legal basis

Account data (email address, display name, avatar): Collected when you create an account. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

Usage data (feature usage counts for subscription limit enforcement, e.g. number of AI runs per month): We do not use third-party analytics or tracking scripts. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

On-device AI: AI features that run locally on your device do not send any data to our servers. Cloud AI features (optional, paid plans) process data on our servers and do not store prompts or responses beyond the request lifecycle. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

Payment data: Billing information is processed by Stripe and RevenueCat. We do not store credit card numbers. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

3. Cookies

We use strictly necessary cookies for authentication and session management. These cookies are essential for the application to function and cannot be disabled. We do not use analytics, marketing, or tracking cookies. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — ensuring the security and functionality of the service.

4. How we use your data

We use your data solely to provide and improve the Companyverse service. We do not sell your data to third parties. We do not run third-party advertising.

5. Third-party services & data transfers

We use the following third-party processors:

  • Stripe Stripe (payment processing) — may process data in the US under the EU-US Data Privacy Framework.
  • RevenueCat RevenueCat (subscription management) — may process data in the US under Standard Contractual Clauses (SCCs).
  • Infrastructure Infrastructure providers (hosting, databases) — data is stored on servers in the European Union.

All third-party processors process data on our behalf under data processing agreements (Auftragsverarbeitungsverträge) in accordance with Art. 28 GDPR.

6. Data retention

Your account data is retained for as long as your account is active. After account deletion, personal data is permanently deleted within 90 days. Payment records may be retained longer where required by tax or commercial law (§ 147 AO, § 257 HGB).

7. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain a copy of your stored data.
  • Right to rectification (Art. 16) — correct inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your data.
  • Right to restrict processing (Art. 18) — limit how we use your data.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interest.

You can delete your account at any time from the app settings. For all other data requests, contact us at info@soft-am.com.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for our company is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden
https://datenschutz.hessen.de

9. Contact

SoftAM UG (haftungsbeschränkt)
Mergenthalerallee 15-21
65760 Eschborn, Germany
Email: info@soft-am.com