aeoly

Last updated: 2026-03-30

Privacy Policy

1. Data Controller

Infinity Synaptics GmbH
Schnabelbrunnengasse 7, 67059 Ludwigshafen
Germany

Email: datenschutz@infinitysynaptics.de

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account data: email address, display name, and authentication credentials (managed via Hanko passkey authentication).
  • Business information: brand name, website URL, business description, topics, and competitor information you submit for AI audits.
  • Audit results: AI visibility scores, analysis reports, and recommendations generated by the service.
  • Payment data: payment transactions are processed by Mollie B.V. We store transaction references and subscription status but do not store credit card numbers or bank account details.
  • Usage data: timestamps of account creation, audit runs, feature usage, and cookie-free website analytics events (for example page views and selected product interaction events) for service operation and improvement.

3. Why We Collect It (Purposes of Processing)

  • To provide the AI Audit service, including running audits and generating reports.
  • To process payments and manage subscriptions.
  • To authenticate users and secure accounts.
  • To understand aggregated website usage, improve the service, and fix technical issues.
  • To comply with legal obligations (e.g., tax and accounting requirements).

4. Legal Basis (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b) GDPR): processing your account data, business information, and payment data is necessary to provide the AI Audit service you requested.
  • Legitimate interest (Art. 6(1)(f) GDPR): usage data and cookie-free website analytics are processed to maintain, secure, and improve the service. Our legitimate interest does not override your rights.
  • Consent (Art. 6(1)(a) GDPR): where applicable, we rely on your explicit consent (e.g., for optional communications). You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): retention of payment records as required by German tax law.

5. Third-Party Processors

We use the following third-party service providers to operate the AI Audit service:

  • Hanko (Germany): passkey-based authentication.
  • Coolify / Self-hosted (EU): application hosting and PostgreSQL data storage.
  • Mollie B.V. (Netherlands): payment processing. Mollie is a licensed EU payment service provider subject to PSD2. See Mollie's Privacy Policy.
  • AI API providers — OpenAI (USA), Google/Gemini (USA), Anthropic (USA), Perplexity (USA): used solely to run audit queries about your brand and website. No personal data (email, name, payment info) is sent to these providers — only the business information you submit (brand name, website URL, topics). Transfers are based on EU Standard Contractual Clauses.
  • Configured Umami Analytics instance: cookie-free website analytics for aggregated page-view and product-usage measurement. We do not send form inputs, entered domains or URLs, audit IDs, crawl IDs, email addresses, or payment data through this analytics setup.

6. Data Retention

  • Account and audit data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Payment records: retained for 10 years as required by German commercial and tax law (§ 147 AO, § 257 HGB).
  • Server logs: automatically deleted after 90 days.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — obtain a copy of your data.
  • Right to rectification (Art. 16 GDPR) — correct inaccurate data.
  • Right to erasure (Art. 17 GDPR) — request deletion of your data.
  • Right to data portability (Art. 20 GDPR) — receive your data in a machine-readable format.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.
  • Right to lodge a complaint with a supervisory authority. The competent authority is the data protection authority of the German federal state where our company is registered.

To exercise your rights, contact us at datenschutz@infinitysynaptics.de.

8. Cookies

We use only essential cookies required for Hanko authentication (session management) and a preference cookie for sidebar state. We also use Umami in a cookie-freeconfiguration to measure page views and selected product interactions. This analytics setup does not set analytics or advertising cookies and respects browser Do Not Track signals. No cookie banner is used for strictly necessary cookies and this cookie- free analytics setup under the current implementation.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. Data is stored in Google Cloud infrastructure with ISO 27001 certification.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users at least 30 days before taking effect. The "last updated" date at the top of this page indicates the most recent revision.

11. Contact

For questions about data protection or to exercise your rights:

Infinity Synaptics GmbH
Data Protection Officer
Email: datenschutz@infinitysynaptics.de

Impressum | Terms of Service

© 2026 Infinity Synaptics GmbH·Privacy Policy·Terms of Service·Impressum