Privacy Policy

The controller responsible for data processing on this website is:

This privacy policy explains how Aithera GmbH collects, uses, stores, and processes personal data in connection with the aithera.ai website. It applies to all visitors of this website under the General Data Protection Regulation (GDPR).

This website is hosted by third-party infrastructure providers within the European Union. When you visit this website, your browser automatically transmits certain technical data to our servers. This includes:

• IP address
• Browser type and version
• Operating system
• Referring URL
• Date and time of access

This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in ensuring the security and functionality of the website). Server log files are automatically deleted after 30 days.

This website uses strictly necessary cookies and local storage to ensure core functionality, such as session management and security. No advertising, marketing, or tracking cookies are used.

The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in providing a functional website).

If you contact us by email, the personal data you provide (e.g. name, email address, content of the message) will be stored and processed for the purpose of handling your enquiry. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries) or Art. 6(1)(b) GDPR if the enquiry relates to a contractual relationship.

Your data will be deleted once the purpose of storage no longer applies, unless statutory retention obligations require otherwise.

We may use privacy-focused, pseudonymised analytics to understand how visitors use our website. This includes aggregated data such as page views, session duration, and navigation behaviour. No personally identifiable information is collected for analytics purposes. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving the website).

This website may use the following categories of third-party services:

• Hosting: Infrastructure providers within the EU
• Email: For processing contact enquiries
• Fonts: Google Fonts, loaded from Google servers (transfers data to the US; legal basis: Art. 6(1)(f) GDPR)

Where data is transferred outside the EEA, appropriate safeguards such as standard contractual clauses (SCCs) are in place.

We process personal data on the following legal bases:

• Art. 6(1)(a) GDPR: Consent, where explicitly given
• Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures
• Art. 6(1)(c) GDPR: Compliance with legal obligations
• Art. 6(1)(f) GDPR: Legitimate interests (website security, functionality, improvement)

Personal data is retained only as long as necessary for the purposes for which it was collected. Server logs are deleted after 30 days. Contact enquiries are deleted once the conversation has concluded, unless statutory retention periods apply (e.g. 6–10 years for tax-related records).

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise any of these rights, please contact privacy@aithera.ai. We will respond within one month.

You have the right to lodge a complaint with a data protection supervisory authority. The responsible authority for Aithera GmbH is:

We may update this privacy policy from time to time to reflect changes in regulatory requirements or our data processing practices. Material changes will be communicated via this page. The date at the top of this policy indicates the latest revision.