Privacy notice

Ellunium AI Solutions GmbH (Ellunium) — Independent AI consulting practice for SMEs.

Managing directors & controller: Vassil Dimov, Fabian Denker

Ellunium AI Solutions GmbH

Altrottstraße 31

69190 Walldorf, Germany

Phone: available on request (please reach out via email to avoid spam calls).

Email for privacy enquiries: kontakt@ellunium.de

Data Protection Officer: Vassil Dimov (contact: dimov@ellunium.de))

Register court: Amtsgericht Mannheim.

Registration number: HRB 757037.

VAT ID (Section 27a UStG): DE – pending issuance.

These notices apply to https://www.ellunium.de and the services offered there (AI Quick Check, report requests, contact, and appointment booking).

Embedded third-party services (e.g., Microsoft Bookings) are governed by their own privacy notices.

When you access the website, we process technical access data that is required to deliver and secure the site.

• IP address, date/time, requested page/file, HTTP status, referrer, user agent.
• Purposes: website delivery, error analysis, IT security, and abuse prevention.

We process the information you submit to create and deliver your AI Quick Check report.

• AI Quick Check responses (company profile, goals, infrastructure, free text) are stored to generate the report.
• Report requests store your email address and the originating IP to send the file and enforce basic rate limits.
• The generated report JSON plus your email is passed to our n8n workflow solely to deliver the report.
• We use OpenAI for automated text generation; AI Quick Check content may be processed for this purpose.
• OpenAI does not use API data for training. Abuse monitoring logs (including prompts/responses and metadata) are retained for up to 30 days and then deleted unless legal retention is required.
• We use Gamma.app for automated presentation generation; AI Quick Check content may be processed for this purpose.
• Gamma processes content in the cloud only (hosting e.g. via AWS/Google Cloud). The content is not used to train AI models. Processing in third countries (especially the US) is possible and relies on appropriate safeguards (e.g. Standard Contractual Clauses). Data is stored only as long as necessary for the respective purpose and then deleted or anonymized.

If you contact us via email or the contact form, we process your details to handle your request.

• We process, for example, name, email address, company, phone number, and message.
• Communication runs through our Microsoft 365 infrastructure.

We use Microsoft Bookings for scheduling. The service loads only when you open the appointment booking modal or visit the appointment booking page.

• Microsoft acts as an independent controller for the data entered there.

We use privacy-friendly analytics and store technical states locally in the browser.

• Vercel Web Analytics loads only after your consent and provides aggregated page metrics.
• Your language preference and an unfinished AI Quick Check state are stored in your device's localStorage only with consent; clearing browser storage removes this data locally.
• Completed AI Quick Check data is cached locally so you can submit the report request.

Depending on the processing activity, we rely on the following GDPR legal bases:

• Art. 6(1)(b) GDPR to provide the AI Quick Check and deliver the requested report.
• Art. 6(1)(f) GDPR for website operations, abuse prevention (rate limits), and IT security.
• Art. 6(1)(a) GDPR if you opt into optional preferences, analytics, or further communication.
• Sec. 25(1) TTDSG for optional storage/analytics on your end device.
• Sec. 25(2) TTDSG where access to end devices is required to provide the AI Quick Check and report request.

We only share data with selected service providers that support service delivery:

• Supabase (EU data center) stores AI Quick Check responses and report requests under a DPA.
• n8n Cloud (EU region) receives report payloads plus your email to execute the delivery workflow.
• Vercel hosts the website (Frankfurt region, eu-central-1/fra1) and provides cookieless Web Analytics.
• OpenAI processes content for automated text generation in the report workflow.
• Microsoft 365 provides our email infrastructure.
• Microsoft Bookings loads on demand; Microsoft is an independent controller for data entered there.

Some providers may transfer data to third countries (in particular the United States), e.g., OpenAI, Microsoft, or Vercel.

OpenAI may process abuse monitoring logs in the United States; Microsoft and Vercel may process technical data in the United States.

Where applicable, we rely on appropriate safeguards such as EU Standard Contractual Clauses and/or participation in the EU-US Data Privacy Framework, where available.

We process personal data only as long as required for the respective purpose.

• AI Quick Check data and report requests are deleted or anonymized on request or when no longer needed for service delivery.
• Communication data is stored until your request is completed and in line with statutory retention requirements.
• Server log data is typically deleted after a short period, at the latest after 30 days.
• Rate-limit metadata (email + IP) is retained for up to 30 days to detect abuse.
• OpenAI abuse monitoring logs are retained for up to 30 days and then deleted unless legal retention is required.
• LocalStorage entries remain in your browser until you delete them; the progress state is removed when you complete the AI Quick Check.

Required fields are marked in our forms. Without this information we cannot provide the requested report or handle your inquiry.

Report creation is partially automated. We do not perform solely automated decisions with legal effects.

You have the right to access, rectification, deletion, restriction of processing, and data portability.

You can object to processing based on Art. 6(1)(f) GDPR at any time and withdraw consent with effect for the future.

Please email kontakt@ellunium.de with the address you used during the AI Quick Check so we can identify your record. We respond within three days.

You also have the right to lodge a complaint with the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information, Königstraße 10a, 70173 Stuttgart, Germany (https://www.baden-wuerttemberg.datenschutz.de/).

Of course you can always contact us first via kontakt@ellunium.de and we will seek to resolve any issue promptly.