Privacy Policy & Data Protection Declaration

Last updated: August 19, 2025

Effective from: August 19, 2025

Privacy Summary

We are committed to protecting your privacy and ensuring GDPR compliance:

  • • We collect only data necessary for providing our AI audit services
  • • Your data is stored securely in EU data centers (Germany)
  • • You have full control over your personal data and can delete your account anytime
  • • We use minimal third-party services, all GDPR-compliant
  • • No data is sold or shared for marketing purposes
Data Controller & Contact Information

Responsible Entity

MOVING TARGETS CONSULTING GMBH

Managing Director: Arne Krüger

Arndtstrasse 34

10965 Berlin, Germany

Phone: +49 (0) 30 – 20 99 438 – 0
Email: kontakt@mtc.berlin
Website: www.mtc.berlin
GEO Audit: www.geoaud.it

Business Registration:
Register Court: Amtsgericht Berlin Charlottenburg
Register number: HRB 92619
VAT ID: DE 2 35 14 11 67

Data Protection Officer

Email: ds-beauftragter@streit-online.de

Supervisory Authority:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin, Germany
www.datenschutz-berlin.de

Legal Basis for Data Processing

Applicable Laws

This privacy policy complies with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

Legal Bases Used

  • Art. 6 (1) lit. b GDPR: Processing necessary for contract performance (user accounts, service delivery)
  • Art. 6 (1) lit. c GDPR: Processing for legal compliance (tax records, data retention requirements)
  • Art. 6 (1) lit. f GDPR: Legitimate interests (security, fraud prevention, service improvement)
  • Art. 6 (1) lit. a GDPR: Your explicit consent (marketing communications, optional features)
Data Collection and Processing

User Account Data

Data Collected:

  • • Email address (required for account creation and communication)
  • • Password (encrypted with bcrypt, never stored in plain text)
  • • Account preferences and settings
  • • Subscription status and billing information
  • • Usage statistics and feature interactions

Purpose: Account management, service provision, user support, billing

Legal Basis: Art. 6 (1) lit. b GDPR (contract performance)

Retention: Until account deletion or 3 years after last login

Website Audit Data

Data Collected:

  • • URLs submitted for analysis
  • • Technical audit results and recommendations
  • • AI analysis outputs and scores
  • • Monitoring data and brand mention tracking
  • • Historical performance data

Purpose: Service delivery, historical comparisons, monitoring

Legal Basis: Art. 6 (1) lit. b GDPR (contract performance)

Retention: Audit data retained permanently (with anonymization option), monitoring data for 2 years

Technical Data

Data Collected:

  • • IP address (automatically anonymized after 24 hours)
  • • Browser type and version
  • • Operating system information
  • • Pages visited and timestamps
  • • Referrer URLs
  • • Session duration and interactions

Purpose: Security, fraud prevention, service optimization

Legal Basis: Art. 6 (1) lit. f GDPR (legitimate interests)

Retention: 7 days for security logs, 90 days for performance analytics

Third Party Services & Data Processors

Hosting & Infrastructure

Hetzner Online GmbH (Primary Hosting)

Location: Germany (EU) • Purpose: Web hosting, database storage • DPA: Yes

Payment Processing

Stripe, Inc.

Location: Ireland (EU operations) • Purpose: Payment processing, subscription management

Data shared: Email, billing information • DPA: Yes • Privacy Policy: stripe.com/privacy

Analytics

Plausible Analytics

Location: Estonia (EU) • Purpose: Website analytics • Privacy-focused, no personal data

GDPR compliant, no cookies, anonymized data only • Privacy Policy: plausible.io/privacy

Error Monitoring

Sentry

Location: USA • Purpose: Error monitoring and performance tracking

Data shared: Error logs, performance data • DPA: Yes • Privacy Policy: sentry.io/privacy

AI Processing Services

Anthropic (Claude API)

Location: USA • Purpose: AI content analysis and optimization

Data shared: Website content for analysis • DPA: Yes • Privacy Policy: anthropic.com/privacy

Perplexity AI

Location: USA • Purpose: AI-powered search and content analysis

Data shared: Search queries and content for analysis • DPA: Yes • Privacy Policy: perplexity.ai/privacy

OpenAI (ChatGPT API)

Location: USA • Purpose: AI content analysis and recommendations

Data shared: Website URLs and content • Retention: 30 days • DPA: Yes • Privacy Policy: openai.com/privacy

Google LLC (AI Services)

Location: USA • Purpose: AI services (Gemini, Vertex AI)

Data shared: Content for AI analysis • DPA: Yes • Privacy Policy: policies.google.com/privacy

Email Services

Resend

Location: USA • Purpose: Email delivery and notifications

Data shared: Email addresses, notification content • DPA: Yes • Privacy Policy: resend.com/privacy

International Data Transfers

Transfers Outside EU

We primarily process data within the EU. Limited transfers to third countries occur only with adequate safeguards:

  • Sentry (USA): Error monitoring, EU Standard Contractual Clauses
  • Anthropic (USA): AI services, EU Standard Contractual Clauses
  • Perplexity AI (USA): AI search services, EU Standard Contractual Clauses
  • OpenAI (USA): AI services, EU Standard Contractual Clauses
  • Google LLC (USA): AI services, EU Standard Contractual Clauses
  • Resend (USA): Email services, EU Standard Contractual Clauses

All third-country transfers are covered by appropriate safeguards under GDPR Art. 46 and include data processing agreements.

Automated Decision Making & AI Processing

AI Analysis Systems

Our service uses automated systems to analyze website content and generate recommendations:

  • Technical Scoring: Automated evaluation of SEO and technical factors
  • Content Analysis: AI-powered assessment of website content quality
  • Brand Monitoring: Automated tracking of brand mentions and sentiment
  • Recommendation Engine: AI-generated suggestions for improvements

Your Rights: You can request human review of any automated decisions. These systems do not make legally binding decisions affecting you.

Data Security Measures

Technical Safeguards

  • • End-to-end SSL/TLS encryption (HTTPS) for all data transmission
  • • Password encryption using bcrypt with salt (never stored in plain text)
  • • Database encryption at rest using AES-256
  • • Regular automated security updates and vulnerability scanning
  • • Network-level firewalls and intrusion detection systems
  • • Two-factor authentication available for user accounts

Organizational Measures

  • • Access controls based on principle of least privilege
  • • Regular staff training on data protection procedures
  • • Data processing agreements with all third-party providers
  • • Incident response procedures and breach notification protocols
  • • Regular security audits and penetration testing
  • • Secure development practices and code reviews

Data Minimization

We collect and process only the minimum data necessary for service provision. Personal data is automatically deleted when no longer needed, and we regularly review data retention practices.

Your Data Protection Rights

GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

Request information about stored personal data and receive a copy

Right of Rectification (Art. 16 GDPR)

Correction of inaccurate or incomplete personal data

Right of Erasure (Art. 17 GDPR)

Deletion of personal data ("right to be forgotten")

Right to Restrict Processing (Art. 18 GDPR)

Limitation of data processing in certain circumstances

Right to Data Portability (Art. 20 GDPR)

Receive personal data in structured, machine-readable format

Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests

Rights Regarding Automated Decision-Making (Art. 22 GDPR)

Not to be subject to solely automated decision-making

Right to Withdraw Consent

Withdraw consent at any time for consent-based processing

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: ds-beauftragter@streit-online.de
Subject: "Data Protection Request - [Your Request Type]"

We will respond to your request within one month. In complex cases, we may extend this period by two additional months.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. The competent authority for our company is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin, Germany
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de

Cookies and Tracking Technologies

Cookie Usage

Our website uses minimal cookies in accordance with the TTDSG (German cookie law):

Essential Cookies (No consent required)

  • • Session management and user authentication
  • • Security and fraud prevention
  • • Shopping cart and form data persistence

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interests)

Analytics Cookies (Plausible)

  • • Privacy-focused analytics without personal data collection
  • • No cross-site tracking or user profiling
  • • Data anonymized and aggregated only

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interests) - No consent required

Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. Our analytics cookies are privacy-friendly and do not require consent under current EU guidelines.

Special Provisions

Children and Minors

Our services are intended for users aged 18 and older. We do not knowingly collect personal data from children under 18 years of age. If you are under 18, please do not use our services or provide personal information. If we become aware that we have collected personal data from someone under 18, we will delete such information immediately.

Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, in accordance with GDPR requirements. We will provide information about the nature of the breach, the data involved, and the measures we are taking to address it.

Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, user data may be transferred as part of the transaction. We will provide notice before personal data is transferred and becomes subject to a different privacy policy. You will have the option to delete your account before any such transfer.

Research and Development

We may use aggregated, anonymized data for research and development purposes to improve our AI algorithms and services. This processing is based on our legitimate interests and involves no personal data identification.

Data Retention Periods

Retention Schedule

User Account Data

Retained until account deletion or 3 years after last login

Audit Results

Retained permanently (with anonymization option available)

Monitoring Data

Retained for 2 years from creation date

Security Logs

7 days for access logs, 90 days for security events

Billing Data

10 years as required by German tax law

Support Communications

3 years after case closure

Automated Deletion

We have implemented automated systems to ensure data is deleted according to these retention periods. You can request early deletion of your data at any time by exercising your right to erasure.

Policy Updates and Changes

How We Handle Updates

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • • Minor changes: Updated policy published with new effective date
  • • Material changes: Email notification to registered users 30 days before effective date
  • • Significant changes affecting rights: Additional consent may be required
  • • Version history: Previous versions available upon request

Staying Informed

We recommend reviewing this privacy policy periodically. The "Last updated" date at the top indicates when changes were last made. Continued use of our services after policy updates constitutes acceptance of the revised policy.

Contact and Questions

Data Protection Inquiries

Email: ds-beauftragter@streit-online.de
Response Time: Within 1 business day
Languages: German, English

General Support

Email: hello@geoaud.it
Response Time: Within 24 hours
Languages: English, German

This privacy policy is also available in German upon request. For related legal information, see also: Legal Notice (Imprint) | Terms of Service

This privacy policy complies with GDPR, BDSG, and TTDSG requirements.
Document version: 2.0 | Last updated: August 19, 2025 | Effective: August 19, 2025