convaise

Privacy Terms

Thank you for your interest in these privacy terms. Below we inform you about which personal data is collected when using this AI assistant, how it is processed, for what purposes and on what legal basis, and what rights you have.

These privacy terms may be supplemented by agent-specific privacy notices. Any agent-specific privacy notices will be made available to you as links within the respective agents.

I. Collection and Processing of Your Personal Data

1. Controller

The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR is the operator of this assistant [hereinafter "Operator"]. You can find the Operator's contact details in the privacy policy of the website in which this assistant is embedded. The Operator uses Convaise UG (haftungsbeschränkt), Minervaweg 4, 85586 Poing, as a processor pursuant to Art. 28 GDPR for the technical operation.

2. Data Protection Officer

If a data protection officer has been appointed, you can find their contact details in the Operator's privacy policy.

For questions regarding data processing by Convaise UG (haftungsbeschränkt) as processor, you can reach us at: datenschutz@convaise.com

3. Collection of General Data and Information

The agents collect a range of general data and information with each access. This general data and information is stored in the server's log files. The following may be collected:

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches the agents (so-called referrers),
  • the date and time of access,
  • an Internet Protocol address (IP address),
  • the Internet service provider of the accessing system.

When using this general data and information, no conclusions are drawn about the data subject. Rather, this information is needed to correctly deliver the content of the agents, to ensure the permanent functionality of the information technology systems, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This anonymously collected data and information is evaluated statistically and with the aim of increasing data protection and data security. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

4. Reach Measurement

For the agents, Plausible Analytics is used, a web analytics service from Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. Plausible Analytics collects the following data:

  • Pages visited
  • Time spent
  • Referring source (referrer)
  • Browser and operating system used

Plausible Analytics does not store personal data and does not use cookies.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in statistical analysis of user behavior for optimization purposes).

Hosting: The data is hosted exclusively in Germany and the European Union. No data transfer to third countries takes place.

More information about data processing by Plausible Analytics can be found at https://plausible.io/data-policy.

A data processing agreement has been concluded with Plausible Insights OÜ.

5. Type and Purpose of Processing

In the context of using the agents, personal data is processed to provide the functionality of the agents. This includes in particular:

  • Recording user inputs for processing inquiries
  • Storage and forwarding of inputs to client interfaces
  • Transmission to third-party systems, if required for order processing
  • Creation and processing of documents based on user inputs
  • Upload and analysis of documents provided by the user

If documents are created during use, they are provided via a protected, personalized download link with time-limited access.

Inquiries made during use are automatically analyzed to generate appropriate responses. The generated responses are stored for quality assurance. We recommend not entering personal data in inquiries unless it is necessary for processing the inquiry.

For processing, our own AI models as well as large language models (LLMs) are used. Processing is largely stateless - the model operators do not permanently store the inputs. The data is not used for training LLMs.

Data processing takes place exclusively in Germany and the European Union.

6. Storage Duration

Data collected during the use of the agents is stored as follows:

  • Generated documents: Deletion after 24 hours, unless otherwise specified for the specific agent
  • Uploaded documents: Deletion after 24 hours after processing
  • User inquiries and responses: Deletion after termination of agent operation
  • LLM-processed content: Storage for up to 30 days by model operators for abuse evaluation

Agent-specific deviations are explained in the respective agent-specific privacy notices.

7. Legal Basis

The processing of your personal data is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Consent is expressly obtained by the Operator before using the assistant and can be revoked at any time. Revocation does not affect the lawfulness of processing carried out until that point. Without consent, individual functions may be restricted.

8. Recipients of Personal Data

For the technical provision, Convaise UG (haftungsbeschränkt) as processor uses the following sub-processors:

  • Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
  • Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

The data never leaves the European Union. Data processing agreements have been concluded with all sub-processors.

The data processed during use is made available to the Operator as controller via the client interfaces. The Operator may pass on the data to their contractors (e.g. IT service providers, specialized application operators).

Agent-specific recipients are explained in the respective agent-specific privacy notices.

II. Your Data Subject Rights

Your data subject rights should be exercised with the Operator as controller. You can find the contact details in the privacy policy of the website in which this assistant is embedded.

1. Right of Access

Pursuant to Art. 15 EU-GDPR, you have the right to obtain confirmation from the Operator as controller as to whether personal data concerning you is being processed. If such processing takes place, you have the right to information about the processing purposes, the categories of data processed, the recipients and the planned storage period.

2. Right to Rectification

Pursuant to Art. 16 EU-GDPR, you have the right to request the immediate rectification of inaccurate personal data as well as the completion of incomplete personal data.

3. Right to Erasure

Pursuant to Art. 17 EU-GDPR, you have the right to request the immediate erasure of personal data concerning you, provided the data is no longer necessary for the purposes for which it was collected.

4. Right to Restriction of Processing

Pursuant to Art. 18 EU-GDPR, you have the right to request the restriction of processing, e.g. if you dispute the accuracy of the data.

5. Right to Data Portability

Pursuant to Art. 20 EU-GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, provided the processing is based on consent or a contract.

6. Right to Object

Pursuant to Art. 21 EU-GDPR, you have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 Para. 1 lit. e) or f). You may object to direct marketing at any time. You may exercise your objection by informal declaration or by email.

7. Right to Withdraw Consent

Pursuant to Art. 7 Para. 3 EU-GDPR, you have the right to withdraw your consent at any time. The lawfulness of processing carried out on the basis of consent until the withdrawal is not affected. You may exercise the withdrawal by informal declaration or by email to the Operator.

8. Right to Complain to the Supervisory Authority

Pursuant to Art. 77 EU-GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority depends on the Operator's registered office.

For data processing by Convaise UG (haftungsbeschränkt) as processor, the competent authority is:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Tel.: +49 (0)981 180093-0

III. Final Provisions

Convaise UG (haftungsbeschränkt) reserves the right to adapt these privacy terms so that they always comply with current legal requirements or to implement changes to the services in the privacy terms.

Last updated: March 2026

Privacy Notice for Agents & Assistants