Privacy Policy

Last updated: April 7, 2026

1. Controller

Konrad Reyhe (Einzelunternehmer)
Alfred-Kästner-Straße 84
04275 Leipzig, Germany
Email: crelvo.dev@web.de

2. Data We Collect

a) Request Data

When you submit a research request, we collect: your email address, research category, title, description, additional context, urgency preference, and any uploaded files (images, PDFs).

Legal basis: Contract performance (GDPR Art. 6(1)(b)).

b) Sensitive Data

Your research question may contain special category data (e.g., health information, legal matters) as defined by GDPR Art. 9. We process this data only with your explicit consent (GDPR Art. 9(2)(a)), which you provide when submitting a research request containing such information.

c) Payment Data

Payment is processed by Stripe, Inc. We do not store your credit card details. Stripe processes your payment data as a data processor under a Data Processing Agreement (GDPR Art. 28). Stripe's privacy policy: stripe.com/privacy.

Legal basis: Contract performance (GDPR Art. 6(1)(b)).

d) Communication Data

Messages you send through the request thread are stored to facilitate research collaboration.

Legal basis: Contract performance (GDPR Art. 6(1)(b)).

e) Server Logs

Our web server (hosted by Hetzner Online GmbH, Germany) automatically collects: IP address, browser type, pages visited, timestamps. This data is used for security and abuse prevention.

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).

3. AI Processing

Your research question is processed by Anthropic (Claude AI)to evaluate complexity and assist with research. This involves sending your question text to Anthropic's API. Anthropic processes this data under their API terms, which prohibit using API inputs for model training.

Data transfer: Anthropic is based in the USA. Transfer is covered by the EU-US Data Privacy Framework and Standard Contractual Clauses.

4. Data Recipients

• Stripe, Inc. (payment processing, USA, EU-US DPF certified)
• Anthropic PBC (AI evaluation, USA, EU-US DPF / SCCs)
• Hetzner Online GmbH (server hosting, Germany)

We do not sell, rent, or share your data with third parties for marketing purposes.

5. Retention

• Research requests and messages: Retained for 3 years after completion, then deleted.
• Payment records: Retained for 10 years per German tax law (AO § 147).
• Server logs: Deleted after 30 days.
• Uploaded files: Deleted 90 days after research completion.

6. Your Rights

Under the GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure ("right to be forgotten") (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time without affecting prior processing (Art. 7(3))

To exercise these rights, email: crelvo.dev@web.de

7. International Users

If you are located outside the EU/EEA, please note that your data is processed in Germany and the USA. By using our service, you consent to this transfer. We apply the same privacy protections regardless of your location.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal data). Contact: crelvo.dev@web.de.

8. Cookies

We use only strictly necessary session cookies for website functionality and Stripe fraud prevention. No tracking or analytics cookies are used. No consent banner is required (TDDDG § 25 Abs. 2).

9. Supervisory Authority

You have the right to lodge a complaint with a data protection authority. The competent authority is: Sächsischer Datenschutz- und Transparenzbeauftragter, Devrientstraße 5, 01067 Dresden, Germany.

10. Changes

We may update this policy at any time. Changes take effect upon posting. We will notify you of material changes via email if we have your contact details.