Privacy Policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

Per Article 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the „controller“) for purposes of data protection law is:

Thomas Surmann
earlymate
Friesickestr. 29
13086 Berlin, Germany
info (at) earlymate (dot) com

The contact details published here and in the legal notice must not be used to send us unsolicited advertising or information material. We hereby expressly object to this.

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing and copies of the data (cf. also Article 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Article 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Article 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Article 17 Para. 3 GDPR, to restrict said processing per Article 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Article 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Article 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions or restrictions placed on processing the same per Article 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Article 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Article 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

The service involves automated processing of user-defined inputs. No automated decision-making within the meaning of Article 22 GDPR takes place that produces legal effects concerning users or similarly significantly affects them.

Hosting

The operation of this website requires the use of an external service provider (host). All data collected by this website may be stored and processed by the host. This includes in particular data relating to website access, communication data, IP addresses and other data arising when visiting this website.

Our legitimate interest lies in providing a technically secure, stable and accessible website (Article 6 Para. 1 lit. f) GDPR).

The host used for this website is "Heroku", a service by salesforce.com, inc. (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA). Heroku's server locations are exclusively within the European Union.

A data processing agreement (Data Processing Addendum) has been concluded with Heroku to ensure GDPR-compliant processing in accordance with Article 28 GDPR. Further information on Salesforce's privacy practices can be found at https://www.salesforce.com/company/privacy/.

Database hosting

The service "Supabase" is used for storing and managing data of this website. The provider is Supabase Inc., 970 Toa Payoh North, #07-04, Singapore 318992, with European server locations. Supabase serves as a hosted PostgreSQL database platform through which entered or technically collected data (e.g. form entries or log data) can be stored and processed.

Processing is based on Article 6 Para. 1 lit. f) GDPR, as there is a legitimate interest in secure, stable and performant data storage. Insofar as storage occurs in connection with a request, Article 6 Para. 1 lit. b) GDPR (pre-contractual measures) may additionally apply.

A data processing agreement (Data Processing Agreement) pursuant to Article 28 GDPR has been concluded with Supabase, ensuring an adequate level of data protection within the European Union. Further information on Supabase’s privacy practices can be found at https://supabase.com/privacy.

DNS hosting

We use Cloudflare, Inc. as a DNS service provider to ensure reliable domain name resolution. In the course of DNS requests, technical connection data such as IP addresses may be processed by Cloudflare. Cloudflare acts as a data processor on our behalf. The processing is based on Article 6 para. 1 lit. f) GDPR (legitimate interest in secure and efficient operation of our website). Cloudflare’s privacy policy is available at https://www.cloudflare.com/privacypolicy/.

Processing may also take place in third countries. Where required, appropriate safeguards (e.g. Standard Contractual Clauses) are used pursuant to Article 46 GDPR.

Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data or IP address.

This processing makes our website more user-friendly, efficient and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Article 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Article 6 Para. 1 lit. f) GDPR. When you close your browser, these session cookies are deleted.

b) Persistent cookies

We use persistent cookies where technically necessary to ensure the functionality and security of our service. Further details, including purposes and legal bases, are provided in the sections below.

c) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Customer account/registration

When you create a customer account on our website using your email address and a password, we process the data you provide during registration to set up and manage your customer account and to provide the requested services, including account-related support.

The legal basis is Article 6 Para. 1 lit. b) GDPR (performance of a contract / pre-contractual measures).

The data will be deleted as soon as processing is no longer necessary, unless statutory retention obligations (e.g. under tax or commercial law) require longer storage.

Authentication and session persistence

We use persistent cookies to maintain authenticated sessions and enable continued access to our platform. This is necessary for the provision of our service, as users must be logged in to use core functionalities.

The processing is based on Article 6 Para. 1 lit. b) GDPR (performance of a contract).

These mechanisms are used exclusively for authentication and security purposes and do not involve tracking or marketing. Sessions may expire after a defined period or require re-authentication for security reasons. Users can log out at any time.

Service-related data (user input)

Users may define individual topics, keywords or comparable content to be monitored by the service. The data entered by the user is processed exclusively for the purpose of providing the agreed monitoring functionality, including the analysis of specified sources, the generation of notifications or results and the technical operation, maintenance and improvement of the service (e.g. error analysis and troubleshooting).

Depending on the configuration chosen by the user, the entered content may contain personal data. Such processing is carried out pursuant to Article 6 Para. 1 lit. b) GDPR (performance of a contract), as it is necessary for the provision of the requested service. Users are responsible for ensuring that the content they define complies with applicable data protection laws.

The user-provided data is not used for advertising, profiling or any purposes unrelated to the operation of the service. Depending on the selected functionality, user input may be processed by different AI service providers acting as data processors on our behalf.

User-defined monitoring configurations and related results are stored for the duration of the active user account and deleted upon account termination, unless statutory retention obligations require longer storage. Users may delete or modify their monitoring configurations at any time.

Use of AI Services (OpenAI)

For the analysis of text content entered by users, we use an AI service provided by OpenAI, L.L.C., United States. The processing is carried out exclusively for the purpose described within the application, such as thematic analysis, summarization or structuring of the user-provided text.

The submitted content is not used to create user profiles. According to OpenAI’s contractual commitments, the transmitted data is not used to train or improve OpenAI’s models. Processing is performed on the basis of a data processing agreement (Data Processing Addendum) concluded with OpenAI, including the EU Commission’s Standard Contractual Clauses pursuant to Article 46 GDPR.

Users are instructed not to enter personal data of third parties or special categories of personal data (e.g. health data, financial data) into the text fields. Responsibility for the content entered lies with the user.

Further information on data processing by OpenAI can be found at: https://openai.com/policies/privacy-policy

Use of AI Services (xAI / Grok)

In certain cases, we use AI services provided by xAI Corp., United States (including Grok), to process and analyze text content entered by users. Processing is limited to the specific functionality described within the application, such as thematic or contextual analysis of user-provided input.

Users are instructed not to enter personal data of third parties or special categories of personal data (e.g. health or financial data). Responsibility for the content entered lies with the user.

Where personal data is processed on our behalf, such processing is based on the applicable contractual arrangements with xAI, including a Data Processing Addendum (DPA) and appropriate safeguards for international data transfers in accordance with Article 46 GDPR. Processing may take place outside the European Union.

Further information on data processing by xAI can be found at: https://x.ai/legal/privacy-policy, https://x.ai/legal/europe-privacy-policy-addendum, https://x.ai/legal/data-processing-addendum

Use of third-party data sources and APIs

The service integrates external third-party data sources and APIs (e.g. search engines or social media platforms) in order to retrieve publicly available information relevant to the monitoring topics defined by the user.

Queries sent to such third-party services are generated by the system based on user-defined topics or AI-derived keywords. No direct user input, account credentials or personal identifiers are transmitted to these third-party providers.

Third-party providers may process data under their own responsibility in accordance with their privacy policies and terms of service (as independent controllers where applicable).

Monitoring results and external content

Monitoring results may include references, excerpts, summaries or links to external third-party content. Such content originates from publicly available sources and remains the responsibility of the respective third-party providers.

When users follow external links, they leave our service and the data processing practices of the respective third-party providers apply. We have no influence over the content or processing carried out on external websites.

Order Processing

Order processing and payment handling are carried out by Paddle.com Market Ltd., which acts as Merchant of Record and processes personal data under its own responsibility. For the purpose of initiating the order, the customer's email address is transferred to Paddle. Any further data required for payment and billing is collected directly by Paddle. The processing is based on Article 6 para. 1 lit. b) GDPR (performance of a contract) and Article 6 para. 1 lit. c) GDPR (legal obligations). Paddle’s privacy policy is available at https://www.paddle.com/legal/privacy.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Article 6 Para. 1 lit. b) GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

Server data

For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Article 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Plausible Analytics

We use the privacy-friendly analytics service Plausible Analytics (operated by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia). Plausible does not use cookies and does not process personal profiles.

The analysis is based on anonymised information, e.g. URLs of visited pages, referrers, browser and operating system used, as well as an approximate geographical assignment of the visit (e.g. country or city). This data does not allow any conclusion about individuals and serves exclusively for anonymous statistics to optimise our website.

The legal basis is Article 6 para. 1 lit. f) GDPR. Our legitimate interest lies in GDPR-compliant web analysis and the improvement of our website.

All processing takes place exclusively within the European Union. Further information can be found in Plausible's privacy policy: https://plausible.io/data-policy.

Model Data Protection Statement for Anwaltskanzlei Weiß & Partner