© 2026 barrierefrAI – Agents

Privacy Policy – barrierefrAI

Privacy Policy

Data Controller

The data controller responsible for processing personal data is:

Dr. Markus Paulußen
Detmolder Str. 145, 33604 Bielefeld, Germany
Email: info@barrierefrai.com

Categories of Data Processed

We process the following categories of personal data:

  • Account data (name, email address, payment information)
  • Content data (uploaded PDF files, images, texts, structural information)
  • Communication data (support requests by email or contact form)
  • Technical data (IP address, log files, time and type of use)

Hosting and Server Location

Our platform runs on a dedicated server provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in the Falkenstein (Saxony) data center. Local hosting, user accounts and application data are therefore processed in Germany, unless this privacy policy describes specific external services separately. Hetzner is certified to ISO 27001. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.

Collection and Processing of Personal Data

We process personal data when you register, purchase a plan, contact support, or use the tool. This includes, in particular, uploaded PDF files that are processed automatically to generate accessible content.

Purpose of Processing

Personal data is processed for the provision of contractually agreed services, for communication, for billing via Stripe, and for compliance with legal obligations.

Legal Bases

Processing is based on Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interest in a secure and functional system) and, where applicable, Art. 6(1)(c) GDPR (legal obligation). Where you have given consent (e.g. for newsletters), processing is based on Art. 6(1)(a) GDPR.

AI Processing via Google Gemini / Google Cloud

For AI-supported features, in particular image descriptions, text recognition, structuring, language simplification and quality improvement, content from uploaded files may be transmitted to Google services. Depending on the technical configuration, this is done via the Google Gemini API or Google Cloud Vertex AI. The provider may be Google Ireland Limited or Google Cloud EMEA Limited, each with affiliated companies such as Google LLC in the United States.

Data Transmitted

The data transmitted is limited to the content required for the requested processing, such as text excerpts, images, structural information, file context, language settings and technical request data.

Training and Product Improvement

For paid API or cloud use, Google states in its current terms that prompts and responses are not used to improve its products. Free, experimental or differently configured Google services may be subject to different data-use terms. We therefore use configurations with appropriate contractual data protection terms for personal or confidential content, or offer a local processing option.

Data Processing Agreement

Where Google acts as processor, a data processing agreement including standard contractual clauses pursuant to Art. 46 GDPR is in place. Google LLC is also certified under the EU-U.S. Data Privacy Framework.

For further information: policies.google.com/privacy and cloud.google.com/terms/data-processing-addendum.

Optional Local AI Processing

On request and for an additional fee, we offer AI processing via open-source models hosted locally on our servers at Hetzner. In this configuration, no content data is transmitted to third parties (in particular, not to Google). This option is intended for customers with elevated requirements regarding data sovereignty (e.g. public sector, healthcare). Pricing on request.

Payment Service Provider Stripe

For payment processing we use Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Your payment information (e.g. credit card details, SEPA mandate) is processed exclusively by Stripe and is not visible to us in clear text. Stripe is certified under the EU-U.S. Data Privacy Framework.

For further information: stripe.com/privacy.

Data Sharing and Processors

Your data is shared with third parties only:

  • for the purpose of payment processing (Stripe),
  • for the purpose of technical operation (Hetzner Online GmbH),
  • for the purpose of AI processing (Google Gemini / Google Cloud unless the local AI variant has been booked),
  • where we are required to do so by law.

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors who handle data on our behalf.

International Data Transfers

When using Google Gemini / Google Cloud, Stripe, reCAPTCHA or external resources, data may be transferred to third countries, in particular the United States. The protection of your data is ensured by:

  • certification of the participating US companies under the EU-U.S. Data Privacy Framework (adequacy decision of the European Commission),
  • complemented by standard contractual clauses pursuant to Art. 46(2)(c) GDPR.

Contact Forms, reCAPTCHA, Cookies and Tracking

When you use contact forms, we process the information you provide in order to handle your request. Google reCAPTCHA may be used on form pages to prevent spam and automated attacks. This may involve the transmission of IP address, browser and device data, referrer, interaction data and technical verification data to Google.

We use technically necessary cookies, for example for login sessions, security, checkout functions and storing your consent preferences. Non-essential cookies and comparable access to your device are used only with consent pursuant to Section 25(1) TDDDG and Art. 6(1)(a) GDPR.

Google Site Kit / Analytics: Google Site Kit must not load Analytics, Google Tag Manager or marketing tracking on this website unless valid prior consent and technically reliable blocking before consent are in place. The plugin is hardened to block known Site Kit and gtag frontend scripts by default. If Google Analytics or Tag Manager is introduced in the future, this privacy policy will be updated before activation.

Retention Period

We store your data for as long as necessary to fulfill the contract and to comply with legal requirements (e.g. commercial and tax retention obligations of up to 10 years). Uploaded PDF files are automatically deleted from our servers after processing, unless you have explicitly requested longer storage. Account and billing data is retained beyond the end of the contract in accordance with statutory retention periods and is then deleted or anonymized.

Your Rights as a Data Subject

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent with effect for the future (Art. 7(3) GDPR)

Complaints may be lodged with the competent data protection supervisory authority. The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, Germany.

Security

We use technical and organizational measures (TOMs) pursuant to Art. 32 GDPR to protect your data against loss, misuse, or unauthorized access. These include, among others, TLS encryption of data transmission, encrypted storage, access restrictions, and regular security updates.

Contact for Data Protection Inquiries

If you have any questions regarding data protection or wish to exercise your rights as a data subject, please contact us at: privacy@barrierefrai.com

© 2026 barrierefrAI – Agents. Created with ❤ using WordPress and Kubio