Privacy Policy
Effective Date: August 4, 2025
1. Controller
Max von Olfers
Celsiusweg 15
22761 Hamburg, Germany
Email: [email protected]
2. Overview of Processing
2.1 Purposes, Data Categories and Legal Bases
| Purpose | Data Categories | Legal Basis | Legitimate Interest (if Art. 6(1)(f)) |
|---|---|---|---|
| Account registration and log-in | Name, email, password hash | Art. 6(1)(b) GDPR | – |
| Chat operation | Chat content, timestamps | Art. 6(1)(b) GDPR | – |
| Personal chat summaries (profiling) | Topics, tags, embeddings | Art. 6(1)(f) GDPR | Faster navigation and user-specific functionality |
| Payment processing (Stripe) | Customer ID, billing metadata | Art. 6(1)(b) GDPR | – |
| Functional cookies | _agri1_session, cookieyes-consent | Art. 6(1)(b) GDPR | – |
| Analytics cookies (GA4, Clarity, Ahrefs) | Truncated IPs, pseudonymous IDs, heatmaps, clickpath | Art. 6(1)(a) GDPR | – |
| Marketing cookies (Facebook Pixel, YT) | Pixel ID, referrer, browser/device info | Art. 6(1)(a) GDPR | – |
| Tag Manager (GTM) | Trigger events, metadata | Art. 6(1)(a) GDPR | – |
| CDN & WAF (Cloudflare) | IP, HTTP headers, DNS info | Art. 6(1)(f) GDPR | DDoS protection, availability and performance |
2.2 No Use for LLM Training
Chat inputs are not used to train any language model. Summaries and tag-based metadata remain visible only within the user’s own account.
3. Retention Periods
- Chat messages and summaries: 24 months after last login
- User accounts: Deleted after 36 months of inactivity
- Server logs: Deleted after 90 days
- Stripe billing records: 10 years (based on German tax law)
4. Cookies and Consent
We use CookieYes for consent management. All non-essential cookies (analytics, marketing, advertisement) are disabled by default and activated only after opt-in. You can adjust or withdraw consent at any time via the footer link “Cookie Settings” or our Cookie Policy.
5. Sub-Processors (Last updated: 4 August 2025)
| Service Provider | Function | Location | Legal Safeguard |
|---|---|---|---|
| Herold Server GmbH | Hosting (Frankfurt) | Germany | Art. 28 Processing Agreement |
| Cloudflare Inc. | CDN, DDoS protection | USA / EU PoPs | EU SCC 2021/914 |
| Google Ireland / Google LLC | GA4, GTM, YouTube embeds | Ireland / USA | EU SCC + IP masking |
| Microsoft Ireland / Corp. | Session Replay (Clarity) | Ireland / USA | EU SCC |
| Meta Platforms Ireland / US | Facebook Pixel | Ireland / USA | EU SCC |
| Ahrefs Pte. Ltd. | SEO Analytics | Singapore / USA | EU SCC |
| OpenAI LLC | AI Inference (Chat model) | USA | EU SCC + Transfer Impact Assessment |
| Stripe Payments Europe Ltd. | Subscription Billing | Ireland / USA | EU SCC |
| CookieYes Ltd. | Consent Management | UK | UK Addendum to SCC |
6. International Transfers
Transfers to countries outside the EU/EEA (e.g. USA or Singapore) are secured through EU Standard Contractual Clauses (SCC). You may request a copy at [email protected].
7. Your Rights under GDPR
- Access your personal data (Art. 15 GDPR)
- Rectify incorrect data (Art. 16 GDPR)
- Erase your data (Art. 17 GDPR)
- Restrict processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to certain processing activities (Art. 21 GDPR)
To exercise these rights, email: [email protected]
You may also lodge a complaint with the Hamburg Data Protection Authority:
Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany.
8. Security Measures
- TLS 1.3 encrypted traffic
- AES-256 encrypted data at rest
- Multi-Factor Authentication (MFA) for admin accounts
- Daily encrypted server backups
- Cloudflare WAF and bot protection
9. Profiling Information
The platform automatically creates summaries and topic-tags based on your chats. These profiles:
- Are visible only within your account
- Are not used for marketing
- Have no legal or contractual effect
You may object to this profiling at any time under Art. 21 GDPR.
10. Data Protection Officer (DPO)
We are not legally required to appoint a Data Protection Officer under Art. 37 GDPR and §38 BDSG, because:
- Fewer than 20 individuals regularly process personal data
- No large-scale processing of special categories occurs
This is re-evaluated periodically.
11. Changes to This Policy
We may update this Privacy Policy in response to legal, technical or operational developments. The most recent version is always available on this page and applies from the “Effective Date” above.
Join thousands of farmers
& agribusinesses
Join agri1.ai: Use AI technology custom-trained to meet the specific needs of your farming operation, enhancing efficiency.
agri1 is a chat-based AI solution for agriculture, delivering customized insights that transform your specific farm data and context into effective strategies to enhance efficiency.
© 2025 agri1.ai - All rights reserved.