Privacy Policy
Effective date: January 2026
1. Controller
Oliver Weiss
Wetternstr. 38
21720 Steinkirchen
Germany
2. Scope
This Privacy Policy applies to (a) our website at guidedpathnavigator.com and (b) our platform and design partner application process, where available.
3. Website Access Data (Server Logs)
When you visit our website, our servers process technical access data (e.g., IP address, date/time, requested page, referrer, user agent, status code) to deliver the website securely, troubleshoot issues, and prevent abuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Retention: We delete or anonymize server logs after 365 days unless required for security investigations.
4. Cookies and Similar Technologies
We use cookies and similar technologies. Storage of information on your device or access to information already stored on your device generally requires your prior consent under Section 25(1) TDDDG. Consent must meet the GDPR standard and can be withdrawn at any time. Strictly necessary cookies are exempt under Section 25(2) TDDDG.
Cookie Details
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| _ga | Google LLC | Distinguishes unique users by assigning a randomly generated number as a client identifier | Analytics | 2 years |
| _ga_* | Google LLC | Used to persist session state and track page views | Analytics | 2 years |
| _gid | Google LLC | Distinguishes users for analytics purposes | Analytics | 24 hours |
5. Contacting Us
If you contact us (e.g., via email), we process the data you provide to respond to your request.
Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) and/or Art. 6(1)(f) GDPR.
Retention: We delete correspondence once it is no longer required, subject to statutory retention obligations.
6. Design Partner Applications
If you apply as a Design Partner, we process the information you submit (e.g., contact details, company, role, markets of interest, and your described goals/challenges) to evaluate your application and manage onboarding.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.
Retention: 12 months after the end of the application process, unless longer retention is required.
7. Platform Use (Accounts, Authentication, Usage Data)
If you use our platform, we process account and usage data to provide the service, ensure security, and maintain auditability.
Legal basis: Art. 6(1)(b) GDPR; for security: Art. 6(1)(f) GDPR.
8. AI Processing and Model Providers (Model Optionality / BYOM)
Our platform processes user inputs (e.g., prompts, uploaded content, configuration data) to generate outputs such as analyses and recommendations. Depending on workspace configuration, processing may involve third-party AI model providers or customer-hosted/on-prem model endpoints.
Please do not submit sensitive personal data unless strictly necessary.
Where we use third-party providers, we apply appropriate contractual and technical safeguards, including data processing agreements where applicable.
Automated Decision-Making
We do not use automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.
9. Recipients and Service Providers
We use carefully selected service providers (processors) to operate our website and services, including:
| Category | Provider | Location |
|---|---|---|
| Hosting / Infrastructure | Hetzner Online GmbH | Germany (EU) |
| Database | Supabase Inc. (AWS eu-central-1) | Germany (EU) |
| Email / Notifications | Resend Inc. | USA |
| Analytics | Google LLC (Google Analytics, EU data storage) | EU |
| CRM / Internal Workflows | Notion Labs, Inc. | USA |
| AI Model Providers | OpenAI, LLC | USA |
| AI Model Providers | Anthropic, PBC | USA |
| AI Model Providers | Google LLC (Vertex AI / Gemini) | USA |
| AI Model Providers | Hugging Face, Inc. | USA |
| AI Model Providers | Meta Platforms, Inc. (Llama models) | USA |
| Payment / Billing (if applicable) | Stripe Payments Europe, Ltd. | Ireland (EU) |
10. International Transfers
If personal data is transferred to service providers outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCC), and implement additional measures where required.
11. Retention and Deletion
We keep personal data only as long as necessary for the purposes described above or as required by law. Details:
- Server logs: 365 days
- Contact inquiries: 12 months
- Design partner applications: 12 months
- Platform account data: duration of contract + 24 months
12. Your Rights
You have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. Where processing is based on consent, you can withdraw consent at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The effective date at the top indicates when it was last revised.
Questions?
If you have questions about this Privacy Policy, please contact us at: privacy@guidedpathnavigator.com