© 2026 barrierefrAI – Agents

Privacy Policy

Data Controller

The data controller responsible for processing personal data is:

Dr. Markus Paulußen
Detmolder Str. 145, 33604 Bielefeld, Germany
Email: info@barrierefrai.com

Categories of Data Processed

We process the following categories of personal data:

  • Account data (name, email address, payment information)
  • Content data (uploaded PDF files, images, texts, structural information)
  • Communication data (support requests by email or contact form)
  • Technical data (IP address, log files, time and type of use)

Hosting and Server Location

Our platform runs on a dedicated server provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in the Falkenstein (Saxony) data center. This ensures that storage, user accounts, and billing data are processed exclusively within the Federal Republic of Germany and therefore within the European Union. Hetzner is certified to ISO 27001. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.

Collection and Processing of Personal Data

We process personal data when you register, purchase a plan, contact support, or use the tool. This includes, in particular, uploaded PDF files that are processed automatically to generate accessible content.

Purpose of Processing

Personal data is processed for the provision of contractually agreed services, for communication, for billing via Stripe, and for compliance with legal obligations.

Legal Bases

Processing is based on Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interest in a secure and functional system) and, where applicable, Art. 6(1)(c) GDPR (legal obligation). Where you have given consent (e.g. for newsletters), processing is based on Art. 6(1)(a) GDPR.

AI Processing via Google Cloud Vertex AI (Gemini)

For our AI-supported features (in particular image descriptions, text structuring, and language simplification) we use the Vertex AI / Gemini API provided by Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland (sub-processor: Google LLC, USA).

Processing Region

Processing takes place in Google Cloud’s EU data centers (primarily Frankfurt am Main, Germany — region europe-west3).

Data Transmitted

The contents of your uploaded PDF files (texts, images, structural information) are transmitted to the Vertex AI API for the purpose of AI-supported processing.

No Use for Training

Google contractually guarantees that content submitted via Vertex AI is not used to train or improve its models.

Retention by Google

By default, Vertex AI does not persistently store inputs and outputs. Short-term caching (up to 24 hours) for abuse prevention may occur.

Data Processing Agreement

A data processing agreement (Data Processing Addendum) pursuant to Art. 28 GDPR including standard contractual clauses pursuant to Art. 46 GDPR is in place with Google Cloud. Google LLC is also certified under the EU-U.S. Data Privacy Framework (European Commission decision of 10 July 2023).

For further information: policies.google.com/privacy and cloud.google.com/terms/data-processing-addendum.

Optional Local AI Processing

On request and for an additional fee, we offer AI processing via open-source models hosted locally on our servers at Hetzner. In this configuration, no content data is transmitted to third parties (in particular, not to Google). This option is intended for customers with elevated requirements regarding data sovereignty (e.g. public sector, healthcare). Pricing on request.

Payment Service Provider Stripe

For payment processing we use Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Your payment information (e.g. credit card details, SEPA mandate) is processed exclusively by Stripe and is not visible to us in clear text. Stripe is certified under the EU-U.S. Data Privacy Framework.

For further information: stripe.com/privacy.

Data Sharing and Processors

Your data is shared with third parties only:

  • for the purpose of payment processing (Stripe),
  • for the purpose of technical operation (Hetzner Online GmbH),
  • for the purpose of AI processing (Google Cloud Vertex AI — unless the local AI variant has been booked),
  • where we are required to do so by law.

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors who handle data on our behalf.

International Data Transfers

When using Google Cloud Vertex AI and Stripe, despite EU-based processing, a legal data transfer to the United States may occur (US parent companies). The protection of your data is ensured by:

  • certification of the participating US companies under the EU-U.S. Data Privacy Framework (adequacy decision of the European Commission),
  • complemented by standard contractual clauses pursuant to Art. 46(2)(c) GDPR.

Cookies and Tracking

We do not use any tracking tools or marketing cookies. Only strictly necessary cookies required for the functionality of the service (e.g. login session) are used. Pursuant to Section 25(2) TTDSG, no consent is required for these.

Retention Period

We store your data for as long as necessary to fulfill the contract and to comply with legal requirements (e.g. commercial and tax retention obligations of up to 10 years). Uploaded PDF files are automatically deleted from our servers after processing, unless you have explicitly requested longer storage. Account and billing data is retained beyond the end of the contract in accordance with statutory retention periods and is then deleted or anonymized.

Your Rights as a Data Subject

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent with effect for the future (Art. 7(3) GDPR)

Complaints may be lodged with the competent data protection supervisory authority. The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, Germany.

Security

We use technical and organizational measures (TOMs) pursuant to Art. 32 GDPR to protect your data against loss, misuse, or unauthorized access. These include, among others, TLS encryption of data transmission, encrypted storage, access restrictions, and regular security updates.

Contact for Data Protection Inquiries

If you have any questions regarding data protection or wish to exercise your rights as a data subject, please contact us at: privacy@barrierefrai.com

© 2026 barrierefrAI – Agents. Created with ❤ using WordPress and Kubio