This policy explains how VisionAI Platform GmbH collects, processes, stores, and protects your personal data when you use our website and services.
Last Updated: January 15, 2026
VisionAI Platform GmbH ("VisionAI," "we," "us," or "our") is the data controller responsible for your personal data collected through our website at www.visionai-platform.com and our AI-powered data analysis and automation platform. We are a company registered in Germany with our principal office located at Friedrichstraße 68, 10117 Berlin, Germany.
We are committed to protecting the privacy and security of every person who interacts with our services. This Privacy Policy describes the types of personal information we collect, why we collect it, how we process and store it, who we share it with, and the choices and rights available to you regarding your data.
This policy applies to all visitors of our website, users of our platform, recipients of our marketing communications, and anyone who contacts us through our forms, email, or phone. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any aspect of this policy, please refrain from using our website and services.
We comply with the European Union General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and other applicable data protection legislation. Where our services are used by individuals in other jurisdictions, we also take steps to comply with local data protection requirements.
We collect several categories of personal data depending on how you interact with our website and services. Below is a detailed breakdown of each category:
We collect personal data through the following methods:
You provide data directly when you fill out our contact form, subscribe to our newsletter, request a product demonstration, create an account on our platform, or communicate with us via email or phone. Every form on our website clearly indicates which fields are required and which are optional. We only ask for information that is necessary to fulfill your specific request.
When you visit our website, we automatically collect technical data using cookies, server logs, and analytics tools. Our web servers record standard access log information including your IP address, browser details, and the pages you request. Google Analytics (with IP anonymization enabled) helps us understand traffic patterns and user behavior in aggregate. If you have consented to marketing cookies, Meta Pixel may collect interaction data for advertising measurement purposes.
In limited circumstances, we may receive professional contact information from business partners or event organizers when you attend industry conferences or webinars where we are a participating company. We only process such data if there is a legitimate basis to do so, and we always inform you of the source at the first point of direct contact.
Under Article 6 of the GDPR, we process your personal data on the following legal bases:
Consent (Article 6(1)(a))
Used for newsletter subscriptions, marketing communications, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.
Contract Performance (Article 6(1)(b))
Required to deliver our platform services, process your account registration, and respond to service-related inquiries. Without this processing, we cannot provide the services you have requested.
Legitimate Interest (Article 6(1)(f))
Applied for website analytics (to improve user experience), security monitoring (to prevent fraud and unauthorized access), and responding to general inquiries submitted through our contact form. We conduct balancing tests to ensure our interests do not override your fundamental rights.
Legal Obligation (Article 6(1)(c))
Where we are required to retain certain records for tax, accounting, or regulatory compliance purposes under German and EU law.
We use the personal data we collect for the following specific purposes:
We do not use your personal data for automated individual decision-making or profiling that produces legal effects or similarly significant effects on you. Our analytics activities process data in aggregate and do not target specific individuals.
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Below are our specific retention periods by data category:
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 2 years from submission date |
| Platform account data | Duration of active account plus 12 months after closure |
| Newsletter subscription data | Until unsubscription, then deleted within 30 days |
| Website analytics data | 14 months (Google Analytics default with anonymization) |
| Cookie data | Up to 13 months depending on cookie type (see Section 10) |
| Server access logs | 90 days |
| Invoicing and billing records | 10 years (German commercial and tax law requirement) |
| Support ticket records | 3 years from resolution |
When data reaches the end of its retention period, it is securely deleted or irreversibly anonymized so that it can no longer be associated with an identifiable individual. We conduct regular reviews of our data holdings to ensure compliance with these retention schedules.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share personal data only with the following categories of recipients, and only to the extent necessary for the purposes described in this policy:
All third-party service providers are contractually bound to handle your data securely and in accordance with applicable data protection laws. We conduct regular reviews of our vendor relationships and their security practices.
We primarily process and store personal data within the European Economic Area (EEA). However, some of our service providers may process data in countries outside the EEA. When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data to the same standard required by European data protection law.
These safeguards include:
You may request a copy of the relevant safeguards or information about the countries where your data is processed by contacting us using the details provided in Section 13.
Under the GDPR (Articles 15 through 22), you have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions and exceptions as set out in the applicable law:
Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you, along with information about how we process it, the purposes of processing, the categories of recipients, and the retention periods applicable to your data.
Right to Rectification (Article 16)
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion without undue delay.
Right to Erasure (Article 17)
You may request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no overriding legitimate ground for continued processing. Note that we may need to retain certain data for legal compliance purposes.
Right to Restriction of Processing (Article 18)
You can request that we restrict the processing of your data in certain circumstances, such as when you contest the accuracy of data or object to processing based on legitimate interest, pending verification.
Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interest, including profiling. You also have an absolute right to object to direct marketing at any time.
Right to Withdraw Consent
Where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal. You can withdraw consent by contacting us or, for email marketing, using the unsubscribe link in any marketing message.
To exercise any of these rights, please contact our privacy team at [email protected] or write to us at the address listed in Section 13. We will respond to your request within 30 days. If your request is complex or if we receive a large number of requests, we may extend this period by a further 60 days, and we will inform you of any such extension within the initial 30-day period.
If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. For individuals in Germany, the relevant authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Friedrichstr. 219, 10969 Berlin. You also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.
Our website and platform services are designed for business professionals and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected].
Upon verification, we will promptly delete any personal data that has been collected from a child under 16. We take this obligation seriously and have internal procedures in place to handle such situations with appropriate urgency.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will update the "Last Updated" date at the top of this page and take reasonable steps to notify affected individuals.
For significant changes that affect how we process your data or your rights, we will provide prominent notice through one or more of the following methods:
We encourage you to review this page periodically to stay informed about our data protection practices. Your continued use of our website and services after changes are posted constitutes your acknowledgment of the revised policy. If you do not agree with any changes, you may exercise your rights as described in Section 9, including requesting the deletion of your data.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us using the following details:
For privacy-specific inquiries, please use the [email protected] email address to ensure your request is routed to our data protection team promptly.
We aim to acknowledge all privacy-related inquiries within 5 business days and to provide a substantive response within 30 days, as required by the GDPR. If you are not satisfied with our response, you have the right to escalate your concern to the relevant data protection supervisory authority as described in Section 9.