Privacy Policy

Last Updated: March 2026 · ADJUDON, Germany

ADJUDON ("ADJUDON", "we", "us", "our") is committed to protecting the personal data of individuals who visit our website and use our platform. This Privacy Policy explains what data we collect, how we use it, and the rights available to you under the GDPR and applicable German data protection law.

1. Data Controller

ADJUDON, Germany, [email protected].

Where ADJUDON processes personal data on behalf of customers (trace payloads via API), ADJUDON acts as Data Processor under Art. 28 GDPR; our DPA governs that relationship. See adjudon.com/legal/dpa.

2. Data We Collect

2.1 Website Visitors

IP address (anonymized after session), browser type, referring URL, pages visited. Legal basis: Art. 6(1)(f) GDPR (legitimate interests). No profiling or targeted advertising.

2.2 Account Registration

Name, work email, company name, preferences. Legal basis: Art. 6(1)(b) GDPR (contract performance).

2.3 Platform Usage (Trace Data)

Trace payloads submitted via API. PII masking applied where configured. Processed per our Data Processing Agreement.

2.4 Communications

Email content and contact details retained 3 years for documentation. Legal basis: Art. 6(1)(f) GDPR.

3. Zero Training Policy

We do not use Customer Data (trace payloads, prompts, model outputs) to train or improve any AI model. This applies to all ADJUDON employees and sub-processors.

4. How We Use Your Data

Provision and operation of the Platform; transactional emails; customer support; security and abuse prevention; legal obligations; product updates (opt-out available).

5. Data Retention

Account data: Duration of relationship + 3 years (§§ 257 HGB, 147 AO).

Trace data: Customer-configured (7–365 days, default 90 days); automatic deletion within 30 days after expiry.

Immediate deletion: Available on request via dashboard or [email protected].

6. Data Sharing and Sub-Processors

We do not sell personal data. Sharing occurs only with:

• Sub-processors (list at adjudon.com/legal/subprocessors)
• Legal obligations
• Business transfers with equivalent protections

7. International Data Transfers

Data is stored in Frankfurt, Germany (EEA). Transfers outside the EEA occur only with adequate protection; Standard Contractual Clauses (SCCs) where applicable. Copies available on request to [email protected].

8. Security

AES-256 at rest

Encryption at rest with AES-256

TLS 1.3 in transit

Encryption in transit with TLS 1.3

SHA-256 hash chain

Audit log integrity with SHA-256 chain

RBAC and MFA

Role-based access control and multi-factor auth

Vulnerability disclosure programme: [email protected]

9. Your Rights Under GDPR

Art. 15

Access— Right to access your personal data

Art. 16

Rectification— Right to correct inaccurate data

Art. 17

Erasure— Right to deletion ("right to be forgotten")

Art. 18

Restriction— Right to restrict processing

Art. 20

Portability— Right to data portability

Art. 21

Object— Right to object to processing

Art. 77

Complain— Right to lodge a complaint with BayLDA or local DPA

Contact [email protected] to exercise your rights; response within 30 days.

10. Cookies

Minimal cookies. Dashboard uses localStorage. Stripe cookies on billing/checkout only. No advertising or tracking cookies. See Cookie Policy.

11. Changes to This Policy

Updates communicated by email at least 30 days before taking effect. Current version always available at adjudon.com/legal/privacy.

12. Contact

For privacy questions or data subject requests, contact [email protected]. Response within 2 business days.