Skip to content
Open app ↗

Privacy Policy

Draft

This policy is adapted from the Possehl Digital Services privacy template and the documented Wissenstifter architecture. Review and confirm the product-specific processing details with legal before publishing.

1. Controller

Data controller pursuant to the GDPR is:

Possehl Digital Services GmbH Wilhelm-Schickard-Straße 9 76131 Karlsruhe, Germany Managing Directors: Dr. Thomas Rieger, Stephan Brauckmann Phone: +49 721 619 00 590 www.possehl-digital.services

Data Protection Officer: Info@BullProtect.de

PurposeDescriptionLegal Basis
Technical deliveryUse of the website and application without storing personal data beyond what is technically required.GDPR Art. 6(1)(f)
Diagnostics & misuse preventionStorage of IP address & user agent for 30 days for security and debugging.GDPR Art. 6(1)(f)
Account & authenticationSign-in and tenant resolution via our identity provider to give you access to your organization's workspace.GDPR Art. 6(1)(b)
Use of the serviceForwarding of interview text, uploaded files and audio to our AI processors to generate transcripts, summaries and knowledge documents.GDPR Art. 6(1)(b)
IP-based rate limitingTemporary processing of IP addresses to prevent excessive or abusive requests and ensure availability.GDPR Art. 6(1)(f)

3. Technologies Used

We use a strictly necessary session cookie for authentication and browser LocalStorage for preferences. We do not use tracking or advertising cookies.

KeyPurposeTransmittedLegal Basis
sessionKeeps you signed in to your tenant workspaceyesGDPR Art. 6(1)(b)
theme preferenceStores your light/dark mode preferencenoGDPR Art. 6(1)(f)
tenantRemembers your last tenant so you can sign in fasternoGDPR Art. 6(1)(f)

4. Recipients & Processors

  • Hosting (Microsoft Azure, EU regions): Infrastructure is hosted within EU regions (Germany, Sweden and France).
  • Azure OpenAI Service (Microsoft, EU regions): Processes interview input and uploaded files under a data processing agreement in accordance with Art. 28 GDPR. All data is transmitted securely using encryption. Input data is not used to train foundation models.
  • Google Vertex AI (EU regions): Used for selected AI processing under a data processing agreement in accordance with Art. 28 GDPR; input data is not used to train foundation models.
  • Technical partner (with administrative access): Access is restricted to maintenance and support, contractually regulated under Art. 28 GDPR.

5. Retention Period

  • IP address & user agent: Stored for 30 days for diagnostics and abuse prevention.
  • IP address (for rate limiting): Temporarily processed and automatically deleted after a few minutes.
  • Interview content and knowledge documents: Retained within your organization's workspace for as long as your organization maintains its account, and deleted in accordance with your contract or upon request.
  • LocalStorage data: Remains in your browser until manually deleted.

6. No Disclosure & No Profiling

  • No personal data is shared with third parties beyond the named processors.
  • No profiling or automated decision-making as defined in Art. 22 GDPR is performed.

7. Your Rights

RightDescription
AccessInformation about your processed personal data
RectificationCorrection of inaccurate data
ErasureDeletion of your data under certain conditions
RestrictionRestriction of processing
Data portabilityTransfer of your data in a structured format
ObjectionTo processing based on legitimate interests
Withdrawal of consentAt any time, with effect for the future
ComplaintTo a supervisory authority, e.g., in Baden-Württemberg (Germany)

8. Supervisory Authority

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg Königstraße 10a 70173 Stuttgart, Germany Phone: +49 (0)711 615541-0 www.baden-wuerttemberg.datenschutz.de

9. Technical and Organizational Measures (TOMs)

  • TLS encryption for all connections (HTTPS)
  • Server-side access protection (firewalls, network segmentation)
  • IP-based rate limiting to safeguard availability
  • Role-based access control for administrators
  • Logging of access to infrastructure
  • Data processing agreements with all service providers
  • Regular system updates and security patches
  • Tenant isolation so each organization's knowledge stays separate

10. AI Processing

Interview input, uploaded files and audio are processed by our AI providers (Azure OpenAI and Google Vertex AI) solely to deliver the service: generating transcripts, summaries and knowledge documents. Processing occurs exclusively within the EU. Your content is not used to train foundation models and remains within your organization's workspace.

11. Contact

For questions about this policy or to exercise your rights, contact support@wissenstifter.ai.

12. Changes to this Policy

This privacy policy may be amended, for example due to changes in legal requirements or technical processes. The latest version is always available on this page. Last updated: June 2026.