The legally binding version of this document is in German.

← Back to homepage

Privacy policy

Last updated: 3. Juli 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Raphael Stedler
Martin-Opitz-Straße 22
13357 Berlin
Deutschland
E-Mail: kognicode@proton.me

A data protection officer has not been appointed, as there is currently no legal obligation under § 38 (1) BDSG.

2. General information

This privacy policy applies to the website https://esg-assistent.de and the planned web application ESG-Fragebogen-Assistent. We process personal data exclusively within the framework of legal provisions, in particular the GDPR and BDSG.

Core processing (hosting, database, authentication, storage, AI) takes place exclusively on servers in the EU — with no data path to US AI providers. The application runs on our own infrastructure at Hetzner (Germany); database, authentication, and file storage are self-hosted on this server.

3. Data collection when visiting the website

Server log files

When you access our websites, our hosting provider Hetzner Online GmbH (data center in Germany) collects the following data in server log files: IP address, date and time of the request, referrer URL, browser type and version, operating system. This data is stored temporarily to ensure functionality and security, and deleted or anonymized after no more than 30 days.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in stable and secure provision).

Reach measurement (Plausible CE, self-hosted)

To anonymously analyze usage of our website, we use Plausible Analytics (Community Edition), operated on our own infrastructure at Hetzner. Plausible collects aggregated page views (e.g. visited URL, referrer, browser type, operating system, approximate country-level location). No cookies are set and no personal profiles are created. Consent via a cookie banner is not required.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in reach measurement and optimization of our offering).

Cookies

This marketing website does not use tracking cookies. Plausible does not set tracking cookies. Where technically necessary cookies are required for operating the application (e.g. session cookies after launch), these are not subject to consent under § 25 (2) no. 2 TDDDG. We do not use cross-site advertising tracking.

4. Waitlist and contact by email

When you sign up via the waitlist or contact us by email, we process the information you provide (e.g. name, email address, company) to handle your request and inform you about the product launch.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).

Data is deleted once the request has been fully processed and no statutory retention obligations apply, at the latest after 24 months without further interest in the waitlist.

5. AI-powered features (planned application)

ESG-Fragebogen-Assistent will use AI models to automatically fill ESG customer questionnaires:

  • Primary: IONOS AI Model Hub (Germany)
  • Failover: Scaleway Generative APIs (France) and OVH (France)
  • Processed data: uploaded questionnaires, stored company data, and generated answer suggestions
  • Storage at provider: not used for model training; deleted after processing

Legal basis: Art. 6 (1) lit. b GDPR (contract performance). Human-in-the-loop is built in: no questionnaire is exported without review by a responsible person.

6. Processors and third-party providers

Data processing agreements pursuant to Art. 28 (3) GDPR exist or will be concluded with the following service providers:

Service providerPurposeLocationThird-country transfer
Hetzner Online GmbHApp hosting; self-hosted database, authentication, and file storageGermanyNo (EU/EEA)
IONOS SEAI generation (primary)GermanyNo (EU/EEA)
Scaleway SASAI generation (failover)FranceNo (EU/EEA)
OVH SASAI generation (failover)FranceNo (EU/EEA)

For core processing (hosting, database, authentication, storage, AI), no transfer to third countries outside the EU/EEA takes place.

7. Your rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, simply send a message to kognicode@proton.me.

You also have the right to lodge a complaint with a data protection supervisory authority. The Berlin Commissioner for Data Protection and Freedom of Information is among those with jurisdiction.

8. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always meets current legal requirements or reflects changes to our services. The updated privacy policy applies on subsequent visits.