Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

If you have questions about data protection, please contact our Data Protection Officer or reach us at support@ucited.ai.

2. Overview of Data Processing

We process personal data only to the extent necessary to provide and improve the ucited Service, to fulfill contractual obligations, and to comply with legal requirements. This Privacy Policy applies to the websites ucited.ai and ucited.de and the ucited SaaS platform (collectively, the "Service").

The Service is intended exclusively for business customers (Unternehmer) within the meaning of Section 14 BGB. We do not knowingly collect personal data from consumers using the Service.

3. Legal Bases for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Art. 6(1)(b) GDPR – Performance of a contract: Processing necessary to provide the Service, manage your account, and fulfill our contractual obligations.
• Art. 6(1)(f) GDPR – Legitimate interests: Processing necessary for our legitimate interests (e.g., improving the Service, ensuring security, preventing fraud), provided these interests are not overridden by your rights.
• Art. 6(1)(a) GDPR – Consent: Where you have given explicit consent to specific processing activities (e.g., analytics cookies). You may withdraw consent at any time.
• Art. 6(1)(c) GDPR – Legal obligation: Processing necessary to comply with applicable laws (e.g., tax and accounting requirements).

4. Data We Collect

4.1 Account Registration Data

When you register for the Service, we collect:

• Full name and job title
• Business email address
• Company name and address
• Phone number
• VAT identification number (USt-IdNr.)
• Password (stored in hashed form only)

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Retention: For the duration of the contractual relationship and as required by statutory retention periods (typically 6–10 years under German commercial and tax law).

4.2 Payment Data

We use Stripe, Inc. as our payment processor. When you subscribe to a paid plan, Stripe collects and processes your payment information (e.g., credit card number, billing address). We do not store full credit card numbers on our servers. We receive from Stripe only a truncated card reference, transaction confirmations, and billing details necessary for invoicing.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

4.3 Usage Data and Service Input

When you use the Service, we process:

• Keywords, brand names, URLs, and prompts you enter into the platform ("Input")
• Results, reports, and analytics generated by the Service ("Output")
• Feature usage patterns, timestamps, and interaction logs

This data is processed solely to provide and improve the Service. We do not use your Input or Output for purposes unrelated to the Service without your consent.

Legal basis: Art. 6(1)(b) GDPR (contract performance); Art. 6(1)(f) GDPR (legitimate interest in service improvement) for anonymized and aggregated usage analytics.

4.4 Server Log Data

When you access the Service, our hosting infrastructure automatically collects:

• IP address (anonymized where technically feasible)
• Date and time of access
• Browser type and version
• Operating system
• Referring URL
• Pages accessed

Server logs are deleted or anonymized after 30 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and system stability).

5. Cookies and Analytics

5.1 Essential Cookies

We use cookies that are strictly necessary for the operation of the Service, including session and authentication cookies. These cookies do not require your consent under § 25(2) TTDSG.

5.2 Analytics – Vercel Web Analytics

We use Vercel Web Analytics to measure usage of the Service. Vercel Web Analytics collects aggregated, anonymized usage data such as page views, visitor counts, and performance metrics. Vercel may set a cookie to distinguish unique visitors. Because a cookie is set, we obtain your consent before activating Vercel Analytics.

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

Legal basis: Art. 6(1)(a) GDPR (consent).

We do not use Google Analytics or any other third-party tracking or advertising tools.

6. Data Recipients and Sub-processors

We share personal data only with the following categories of recipients, and only to the extent necessary:

All US-based processors maintain appropriate safeguards for international data transfers (see Section 7).

We do not sell, rent, or otherwise share your personal data with third parties for their own marketing purposes.

7. International Data Transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR
• Adequacy decisions by the European Commission, where applicable
• Additional technical and organizational measures as appropriate

You may request a copy of the applicable safeguards by contacting us at support@ucited.ai.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law:

• Account data: For the duration of the contract plus statutory retention periods (6–10 years under §§ 147 AO, 257 HGB).
• Payment records: 10 years (§ 147 AO).
• Server logs: 30 days.
• Usage analytics (Vercel): Aggregated and anonymized; no personal data retained.
• Customer Data (Input/Output): For the duration of the contract. After termination, Customer Data is available for export for 30 days, then deleted (see Terms of Use, Section 9.5).

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – You may request information about the personal data we hold about you.
• Right to rectification (Art. 16 GDPR) – You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) – You may request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18 GDPR) – You may request that we restrict processing of your data under certain conditions.
• Right to data portability (Art. 20 GDPR) – You may request to receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR) – You may object to processing based on legitimate interests at any time. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent (Art. 7(3) GDPR) – Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@ucited.ai. We will respond within one month of receiving your request.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for our company is:

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include encryption of data in transit (TLS), access controls, regular security reviews, and secure password hashing.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will notify registered users of material changes via email or in-app notification. The current version is always available at https://ucited.ai/privacy.

13. Contact