Privacy Policy

Last updated: May 13, 2026

This privacy policy explains how we collect, use, and protect personal data when you visit our website chatbyte.ai (the 'Website'). The controller within the meaning of the GDPR is:

Chatbyte GmbH
Gertigstraße 69
22303 Hamburg, Germany
Commercial Register: HRB 187972
Register Court: Amtsgericht Hamburg
VAT ID: DE452019271
Email: contact@chatbyte.ai

Data Protection Officer: A data protection officer is currently not legally required. For data protection questions, please contact: contact@chatbyte.ai

1. Overview

This Website is our public marketing website where we provide information about our products and services. We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

When you visit our Website, we collect the following types of personal data:

2.1 Automatically Collected Data

When you access our Website, your browser automatically transmits certain information to our web server:

  • IP address (anonymized or truncated after processing)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL (the website from which you accessed our site)
  • Pages visited on our Website
  • Device type and screen resolution

Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR) to ensure the functionality and security of our Website and to improve user experience.

Storage Duration: Log files are automatically deleted after 14 days.

2.2 Contact Forms and Email Communication

If you contact us via email or contact form, we collect:

  • Name
  • Email address
  • Company name (if provided)
  • Message content
  • Any other information you voluntarily provide

Legal Basis: Processing is necessary to respond to your inquiry (Art. 6 para. 1 lit. b GDPR for pre-contractual measures) or based on your consent (Art. 6 para. 1 lit. a GDPR).

Storage Duration: We store this data until your inquiry has been fully processed or until you request deletion, unless we have legal obligations to retain the data longer (e.g., for tax or commercial record-keeping purposes).

3. Cookies and Similar Technologies

3.1 Essential Cookies

We use technically necessary cookies that are essential for the Website to function properly. These cookies do not require your consent as they are strictly necessary for the provision of the service.

Examples:

  • Session cookies to maintain your browsing session
  • Security cookies to prevent cross-site request forgery

Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR).

Storage Duration: These cookies are typically deleted when you close your browser (session cookies) or after a limited time period.

3.2 Analytics and Marketing Cookies

We use analytics tools to understand how visitors use our Website and to improve our services. These cookies require your consent under § 25 TDDDG (German Telecommunications-Telemedia Data Protection Act) and Art. 6 para. 1 lit. a GDPR.

Before placing non-essential cookies, we will ask for your consent via our cookie consent banner. You can withdraw your consent at any time with future effect.

4. Third-Party Services

4.1 PostHog (Product Analytics)

With your consent, we use PostHog for website analytics to understand user behavior and improve our Website.

Data Processed:

  • Pseudonymous usage events (e.g., page views, button clicks)
  • Device and browser information
  • Anonymized or truncated IP addresses

Purpose: To analyze website usage, improve user experience, and identify technical issues.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG).

Data Location: We use PostHog EU Cloud. Website analytics events are processed through our /ingest proxy or directly in PostHog's EU region.

Data Recipient: PostHog, Inc. (https://posthog.com/privacy)

Opt-Out: You can withdraw your consent at any time through our cookie consent banner or by disabling cookies in your browser settings.

4.2 Chatbyte AI Chatbot ('Bit')

Our Website features an AI-powered chatbot called Bit to assist you with questions and provide information.

Data Processed:

  • Messages you send to the chatbot
  • Session data (for conversation continuity)
  • Technical data (device type, browser)

Purpose: To provide customer support, answer questions, and assist with navigation.

Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR) to provide customer service, or consent (Art. 6 para. 1 lit. a GDPR) if you initiate the chat.

Data Processing: Your conversations are processed for the chatbot through Microsoft Azure OpenAI in the EU to generate responses. Data processed for use with the AI model is not used to train AI models. Microsoft states that prompts, completions, embeddings, and training data submitted to Azure OpenAI are not used to train, retrain, or improve Azure OpenAI foundation models. See Microsoft Azure OpenAI data privacy documentation.

Storage Duration: Chat conversations are typically stored for 14-30 days unless you request earlier deletion.

5. Data Sharing and Recipients

We do not sell your personal data to third parties. We only share your data with the following categories of recipients:

  • Service Providers: We use trusted third-party service providers to operate our Website (e.g., hosting providers and CDN). These providers act as data processors and are contractually bound to process data only according to our instructions and in compliance with the GDPR.
  • Legal Obligations: We may disclose your data if required by law, court order, or legal process, or to protect our legal rights.

6. International Data Transfers

We use EU regions for the Website, analytics, and AI processing described above. Chat content, prompts, generated responses, embeddings, and product-related logs are processed in the EU in the standard setup.

Where separate operational activities involve non-product data, such as payment processing, security and abuse prevention, support communication, or legally required communication with third-party providers, individual service providers may be located outside the European Economic Area (EEA) or have access options from third countries. In such cases, we limit the data to what is necessary and ensure appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission to ensure adequate protection.
  • Adequacy Decisions: We rely on adequacy decisions by the European Commission where applicable.
  • Data Minimization: We minimize transfers outside the EEA and separate product-related processing from separate operational activities.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to access the data and receive information about the processing.

7.2 Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data if one of the legal grounds applies (e.g., data no longer necessary, unlawful processing, withdrawal of consent).

7.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in certain cases (e.g., if you contest the accuracy of the data).

7.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

7.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests (Art. 6 para. 1 lit. f GDPR) on grounds relating to your particular situation.

For Direct Marketing: You have an absolute right to object to processing for direct marketing purposes at any time.

7.7 Right to Withdraw Consent (Art. 7 para. 3 GDPR)

Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.

7.8 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Supervisory Authority for Chatbyte GmbH:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22
20459 Hamburg, Germany
Phone: +49 40 428 54-4040
Email: mailbox@datenschutz.hamburg.de

8. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

Email: contact@chatbyte.ai
Mail: Chatbyte GmbH, Gertigstraße 69, 22303 Hamburg, Germany

We will respond to your request without undue delay and within one month of receipt. If necessary, this period may be extended by two further months, taking into account the complexity and number of requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest where applicable
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection

10. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected or as required by law:

  • Log files: 14 days
  • Contact inquiries: Until the inquiry is resolved or you request deletion
  • Analytics data: Typically 12-24 months in anonymized/pseudonymized form
  • Legal obligations: Where we are subject to legal retention periods (e.g., tax laws, commercial law), we retain data for the required duration (typically 6-10 years)

After the retention period expires, we will securely delete or anonymize your data.

11. Children's Privacy

Our Website is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will delete the data immediately.

12. Links to Other Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting a prominent notice on our Website
  • Sending you an email (if you have provided your email address)

The updated privacy policy will indicate the 'Effective Date' at the top. We encourage you to review this privacy policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us:

Chatbyte GmbH
Gertigstraße 69
22303 Hamburg, Germany
Email: contact@chatbyte.ai