How we handle your data.
§ 01Who we are
kontoros is based in Leverkusen, Germany. We are the data controller for the personal data you and your clients provide when you use the service. Questions about this policy can go to mail@awotschel.de.
§ 02What we collect
From you (the account holder)
- Email address, name, and authentication tokens (via Clerk).
- Brand profile — company name, logo, address, accent colour, email signature.
- Subscription and billing data (via Stripe; we never see card numbers).
- Product usage signals — pages viewed, features used, agent invocations — for reliability and product work.
From your clients (data subjects you introduce)
- Name, email, company, and addresses you enter into CRM or proposals.
- Content of proposals, contracts, and invoices you prepare for them.
- Signature metadata when a contract is signed (name, email, timestamp, IP address).
§ 03How we use it
We use your data only to deliver and improve the service: authentication, generating the AI outputs you asked for, sending the documents you send, processing the payments you request, and diagnosing problems. We do not sell your data. We do not build advertising profiles. We do not use client data to train AI models.
§ 04AI processing & structured outputs
When you ask an agent to generate a proposal, contract, invoice, lead reply, or report, we send the relevant context to our AI provider (Anthropic) under a signed Data Processing Agreement. The provider is contractually prohibited from using your inputs or outputs for model training. Every generation runs against a strict structured-output schema — the model can only emit fields we’ve defined — so generations cannot contain arbitrary free-form data.
§ 05Where your data lives
Your primary data is stored in a Postgres database hosted in Germany. Encrypted backups run nightly to storage in the same jurisdiction. Data leaves the EU only when an AI request is in-flight to our US-based provider — and returns immediately; it is never stored at rest outside the EU.
§ 06Third-party subprocessors
- Clerk — authentication & session management (US).
- Stripe — payments, invoicing rails, Checkout (US + EU).
- Anthropic — AI generation for structured outputs (US, under DPA, no training).
- Hetzner Online GmbH — primary database, file storage, compute (Germany).
- Resend — transactional email delivery (EU).
§ 07Your rights (GDPR Art. 15–22)
You can access, correct, delete, restrict, object to, or export any of your data at any time — most of it directly from Settings → Privacy & data inside the product. For anything we can’t expose in-product, write to mail@awotschel.de and we’ll respond within 30 days.
§ 08Data retention
We retain account data for the life of your subscription plus 30 days after cancellation, so you can reactivate without losing work. After 30 days, all personal data is deleted unless we are legally required to retain it (e.g. invoices for tax purposes, which we retain for 10 years per German commercial law).
§ 09Cookies & tracking
We use only essential cookies required for authentication and session management. We do not run advertising or analytics cookies that track you across the web.
§ 10Security
TLS in transit, encrypted at rest, strict access controls, signed audit logs. No method of transmission is 100% secure — if you see something that looks off, tell us at mail@awotschel.de.
§ 11Changes to this policy
When we make material changes, we update the date at the top of this page and notify account holders by email before the changes take effect. The current version number is shown below the title.
§ 12Contact & complaints
For any privacy question, email mail@awotschel.de. If you’re unhappy with our response, you have the right to lodge a complaint with your local data protection authority. In Germany, that’s the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen.