Privacy Policy
Updated: February 25, 2026
1. Data Controller
The data controller under the General Data Protection Regulation (GDPR) is:
Auditera.ai UG (haftungsbeschränkt) i. Gr.
[Address to be added after incorporation]
Managing Directors: Anil Colak, Jannik Wienecke
Email: hello@auditera.ai
Website: www.auditera.ai
2. Data Protection Officer
For data protection inquiries, contact our Data Protection Officer:
Email: hello@auditera.ai
3. Data We Collect and Why
3.1 Account Registration Data (Legal Basis: Contract Performance - GDPR Art. 6(1)(b))
When you register for Auditera, we collect:
Name and email address
Organization name and size
Password (hashed)
Billing information
This data is necessary to provide our services and communicate with you.
3.2 Uploaded Compliance Documents (Legal Basis: Contract Performance - GDPR Art. 6(1)(b))
When you upload compliance documents, policies, or other files:
We store them securely encrypted (AES-256) on AWS servers in EU
These files remain under your full control
You can view, modify, or delete them at any time
3.3 AI Processing via AWS Bedrock (Legal Basis: Contract Performance - GDPR Art. 6(1)(b))
Our platform uses AWS Bedrock in Frankfurt to analyze your documents with AI Assistant "Era":
Your documents are transmitted to AWS Bedrock for analysis against compliance frameworks
CRITICAL: Your documents are NEVER used for AI model training or improvement
AWS is bound by Standard Contractual Clauses (SCCs) for GDPR compliance
All data is encrypted in transit and at rest
3.4 Payment Data (Legal Basis: Contract Performance - GDPR Art. 6(1)(b))
Payments are processed securely via Stripe or Polar:
We never directly receive credit card information
Stripe uses Standard Contractual Clauses for data transfer compliance
We store only your Stripe customer ID and last 4 digits
3.5 Website Analytics (Legal Basis: Consent - GDPR Art. 6(1)(a))
On www.auditera.ai, we use:
Essential cookies for authentication and functionality
Optional analytics (Google Analytics) only with your consent
Website hosting via Framer (US-based with Standard Contractual Clauses)
4. Data Retention
We retain your data as follows:
Active accounts: During contract term plus 3 years (for tax/invoice requirements)
Uploaded documents: As long as you keep them; you can delete anytime
Cookies: Session cookies deleted on logout; analytics cookies up to 26 months
Deleted account data: Retained 1 year for fraud prevention
5. Your Rights
Under GDPR, you have the right to:
Access: Request what data we hold about you (Art. 15 GDPR)
Rectification: Correct inaccurate data (Art. 16 GDPR)
Erasure: Request deletion of your data (Art. 17 GDPR)
Restrict Processing: Limit how we use your data (Art. 18 GDPR)
Data Portability: Receive your data in structured format (Art. 20 GDPR)
Object: Oppose certain processing (Art. 21 GDPR)
Not Be Subject to Automated Decisions: See AI Processing section (Art. 22 GDPR)
To exercise your rights, email: hello@auditera.ai
6. International Data Transfers
Since we use AWS and Stripe and Polar (US-based), your data may be transferred to the United States:
Standard Contractual Clauses (SCCs) are in place with all processors
Additional technical and organizational safeguards (TOM) are implemented
We regularly review compliance with applicable data protection laws
7. AI and Automated Decision-Making
Our AI Assistant "Era" analyzes your compliance documents:
Data Protection Impact Assessment (DPIA) has been conducted
No binding automated decisions: AI recommendations are advisory only
You can request manual review at any time
Results are stored only for your organization
Your data is NEVER used for AI model training
8. Security Measures
We protect your data with:
AES-256 encryption at rest
TLS 1.2+ encryption in transit
AWS security: Physical and logical controls
Access controls: Role-based access for staff
Monitoring and regular security audits
9. Contact & Complaints
For privacy questions:
Email: hello@auditera.ai
You have the right to lodge a complaint with your local data protection authority.
10. Policy Changes
We may update this Privacy Policy. Changes will be posted on this page with updated effective date.
