The legally binding version of this document is in German.
← Back to homepageLast updated: 3. Juli 2026
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Raphael Stedler
Martin-Opitz-Straße 22
13357 Berlin
Deutschland
E-Mail: kognicode@proton.me
A data protection officer has not been appointed, as there is currently no legal obligation under § 38 (1) BDSG.
This privacy policy applies to the website https://esg-assistent.de and the planned web application ESG-Fragebogen-Assistent. We process personal data exclusively within the framework of legal provisions, in particular the GDPR and BDSG.
Core processing (hosting, database, authentication, storage, AI) takes place exclusively on servers in the EU — with no data path to US AI providers. The application runs on our own infrastructure at Hetzner (Germany); database, authentication, and file storage are self-hosted on this server.
Server log files
When you access our websites, our hosting provider Hetzner Online GmbH (data center in Germany) collects the following data in server log files: IP address, date and time of the request, referrer URL, browser type and version, operating system. This data is stored temporarily to ensure functionality and security, and deleted or anonymized after no more than 30 days.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in stable and secure provision).
Reach measurement (Plausible CE, self-hosted)
To anonymously analyze usage of our website, we use Plausible Analytics (Community Edition), operated on our own infrastructure at Hetzner. Plausible collects aggregated page views (e.g. visited URL, referrer, browser type, operating system, approximate country-level location). No cookies are set and no personal profiles are created. Consent via a cookie banner is not required.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in reach measurement and optimization of our offering).
Cookies
This marketing website does not use tracking cookies. Plausible does not set tracking cookies. Where technically necessary cookies are required for operating the application (e.g. session cookies after launch), these are not subject to consent under § 25 (2) no. 2 TDDDG. We do not use cross-site advertising tracking.
When you sign up via the waitlist or contact us by email, we process the information you provide (e.g. name, email address, company) to handle your request and inform you about the product launch.
Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).
Data is deleted once the request has been fully processed and no statutory retention obligations apply, at the latest after 24 months without further interest in the waitlist.
ESG-Fragebogen-Assistent will use AI models to automatically fill ESG customer questionnaires:
Legal basis: Art. 6 (1) lit. b GDPR (contract performance). Human-in-the-loop is built in: no questionnaire is exported without review by a responsible person.
Data processing agreements pursuant to Art. 28 (3) GDPR exist or will be concluded with the following service providers:
| Service provider | Purpose | Location | Third-country transfer |
|---|---|---|---|
| Hetzner Online GmbH | App hosting; self-hosted database, authentication, and file storage | Germany | No (EU/EEA) |
| IONOS SE | AI generation (primary) | Germany | No (EU/EEA) |
| Scaleway SAS | AI generation (failover) | France | No (EU/EEA) |
| OVH SAS | AI generation (failover) | France | No (EU/EEA) |
For core processing (hosting, database, authentication, storage, AI), no transfer to third countries outside the EU/EEA takes place.
You have the following rights regarding your personal data:
To exercise your rights, simply send a message to kognicode@proton.me.
You also have the right to lodge a complaint with a data protection supervisory authority. The Berlin Commissioner for Data Protection and Freedom of Information is among those with jurisdiction.
We reserve the right to adapt this privacy policy so that it always meets current legal requirements or reflects changes to our services. The updated privacy policy applies on subsequent visits.