Privacy Policy
Last updated: March 2026
1. Controller
The controller responsible for data processing on this website is:
Dub(e)AI — Andreas Dube
Bad Homburg, Germany
Email: GRC4AI@dube.eu
2. Data We Collect
Contact Form Data: When you submit a demo request or contact form, we collect your name, company name, email address, phone number (optional), and message content. This data is processed to respond to your enquiry and, where applicable, to initiate a business relationship.
Server Log Files: Our hosting provider (GitHub Pages / Cloudflare) automatically collects technical data such as IP address, browser type, referring URL, date and time of access, and pages viewed. This data is used for security and performance purposes and is not linked to individual users.
Third-Party Services: Our contact form uses Formspree (Formspree, Inc., USA) to process submissions. Formspree processes the data you submit in the form. For details, see Formspree's Privacy Policy.
3. Legal Basis for Processing
We process your personal data on the following legal bases under the GDPR:
Art. 6(1)(b) GDPR — Processing necessary for the performance of a contract or pre-contractual measures (e.g., responding to your demo request, preparing a proposal).
Art. 6(1)(f) GDPR — Processing based on our legitimate interest in operating and securing our website, and in communicating with prospective clients.
Art. 6(1)(a) GDPR — Where you have given consent (e.g., subscribing to updates), which you may withdraw at any time.
4. Data Retention
Contact form submissions are retained for the duration of the business relationship or enquiry, plus any applicable statutory retention periods (typically 6–10 years for commercial and tax records under German law). Data is deleted once retention obligations expire and the data is no longer required for its original purpose.
Server log files are typically retained for 30 days by our hosting provider.
5. Data Transfers
Where data is transferred to processors outside the European Economic Area (e.g., Formspree, Inc. in the USA), we ensure appropriate safeguards are in place, such as the EU–US Data Privacy Framework or Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.
6. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15) — You may request information about the personal data we hold about you.
Right to Rectification (Art. 16) — You may request the correction of inaccurate data.
Right to Erasure (Art. 17) — You may request the deletion of your data, subject to legal retention obligations.
Right to Restriction (Art. 18) — You may request that processing be restricted under certain circumstances.
Right to Data Portability (Art. 20) — You may request your data in a structured, machine-readable format.
Right to Object (Art. 21) — You may object to processing based on legitimate interests at any time.
Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence. The relevant authority for Hesse, Germany is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit.
To exercise these rights, please contact us at AI4GRC@dube.eu.
7. Cookies
This website does not use cookies for tracking, analytics, or advertising purposes. No third-party tracking scripts are embedded. Only technically necessary data may be processed by our hosting infrastructure (see Section 2).
8. Security
We employ appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website is served over HTTPS to ensure encrypted data transmission.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available on this page. Significant changes will be communicated through appropriate channels.