Privacy Policy

1. Introduction and Contact Information of the Controller

We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Marc Loeb, protime.ai / trustbytes, Wallstrasse 87, 10179 Berlin, Germany, Tel.: +4915158577991, Email: marc@protime.ai. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Data Collection When Visiting Our Website

When using our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Used browser
Used operating system
Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3. Hosting & Content-Delivery-Network

3.1 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection levels based on an adequacy decision by the European Commission.

3.3 Creating the Briefing

Our briefing generation process is hosted on Google Cloud Platform (GCP), ensuring secure, scalable, and efficient processing.

To generate personalized briefings, we access email data through OAuth authentication with the following providers:

• Gmail (Google OAuth 2.0): If you connect your Gmail account, we request access via Google OAuth 2.0. This allows us to retrieve relevant emails necessary for briefing creation. The data is processed securely on Google Cloud, and we only access the content required to generate the briefing.

• Outlook (Microsoft Azure OAuth 2.0): If you connect your Outlook or Microsoft 365 account, we use Microsoft Azure OAuth 2.0 for authentication. This allows us to access emails required for briefing generation, ensuring compliance with Microsoft's security policies.

The processing of your email data is governed by strict security measures, including encryption and GDPR-compliant data processing agreements. We do not store or share your email data beyond the necessary scope for briefing creation.

4. Cookies

To make the visit to our website attractive and enable the use of certain functions, we use cookies, i.e., small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain longer on your end device and enable the saving of page settings (so-called "persistent cookies"). In the latter case, you can find out the storage duration from the overview in the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies used by us, the processing is carried out either for the performance of the contract in accordance with Art. 6 para. 1 lit. b GDPR, in the case of granted consent in accordance with Art. 6 para. 1 lit. a GDPR, or to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit in accordance with Art. 6 para. 1 lit. f GDPR.

You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that the functionality of our website may be restricted if cookies are not accepted.

5. Processing Personal Data

5.1 Contacting us through Forms and Email

When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

5.2 Use of HubSpot for Data Management

We use HubSpot to manage your personal data. This includes utilizing HubSpot for sending emails, handling campaign management, and maintaining our customer relationship management (CRM) processes. By leveraging HubSpot's services, we can ensure efficient and secure processing of your data. HubSpot helps us personalize and optimize our communications, ensuring you receive relevant and timely information. We have entered into a data processing agreement with HubSpot to ensure compliance with GDPR standards, ensuring that your personal data is protected according to the highest standards. For more information on how HubSpot processes your data, please refer to HubSpot's Privacy Policy.

5.3 Legal Basis for Processing Personal Data

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention requirements.

6. Registration on the Portal or Forum

You can register on our website by providing personal data. Which personal data is processed for the registration results from the input mask used for registration. We use the double-opt-in procedure for registration, i.e., your registration is not complete until you confirm your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. All further information can be provided voluntarily by using our portal.

If you use our portal, we store your data required for the performance of the contract, including any details on the method of payment, until you permanently delete your access. Furthermore, we store the voluntary data you provide during the time you use the portal, unless you delete them beforehand. All information can be managed and changed in the protected customer area. The legal basis is Art. 6 para. 1 lit. f GDPR.

In addition, we store all content published by you (such as public posts, pinboard entries, guestbook entries, etc.) to operate the website. We have a legitimate interest in providing the website with the complete user-generated content. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If you delete your account, your public statements, especially in the forum, remain visible to all readers, but your account is no longer accessible. All other data will be deleted in this case.

7. Comment Function

When using the comment function on this website, your comment, the time of its creation, and the name of the commenter you have chosen will be stored and published on this website. Additionally, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the person concerned violates the rights of third parties or posts illegal content by submitting a comment. We need your email address to contact you if a third party objects to your published content as illegal.

The legal basis for storing your data is Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to as illegal by third parties.

Follow-up comments can be subscribed to by you as a user. You will receive a confirmation email to ensure that you are the owner of the specified email address (double-opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Art. 6 para. 1 lit. a GDPR. You can unsubscribe from ongoing comment subscriptions at any time with effect for the future. For more information on how to unsubscribe, please refer to the confirmation email.

8. Use of Customer Data for Direct Advertising

8.1 Founding Member Program Communications

As a founding member of the Founding Member Program, protime is authorized to send you emails with updates on progress, welcome messages, or other information pertinent to the product. You have the option to opt-out of these communications at any time. This ensures you stay informed about the development and features of the product while providing you with control over your communication preferences.

8.2 SendGrid

Our email newsletters are sent through this provider: SendGrid Inc., 1801 California St #500, Denver, CO 80202, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during newsletter registration to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that they can handle the newsletter dispatch on our behalf.

Subject to your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also performs a statistical evaluation of newsletter campaigns using web beacons or tracking pixels, which can measure open rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) may also be collected and evaluated but is not linked with other data sets.

You can withdraw your consent to newsletter tracking at any time with effect for the future.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

8.3 Google, OpenAI, and Other Language Model Providers

To generate our newsletters, we send your data to Google, OpenAI, and other language model providers for summarization. Without using these services, we cannot provide our meta newsletters. By using this service, you grant us permission to share the data you want to be summarized with the providers we choose. Additionally, we cannot guarantee where the data will be processed, and by using this service, you give us permission to accept the processing of your data in any location chosen by us and the provider. If you disagree with this data sharing and processing arrangement, please email us at data@protime.ai, and we will deactivate your account accordingly.

9. Payment Processing with Stripe

For payment processing as part of the Founding Member Program, we use the payment service provider Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA. If you choose to pay via Stripe, your payment data will be transmitted to Stripe. The payment data includes:

Your name
Your email address
Your payment information (e.g., credit card number, account number)

The transmission of your data to Stripe is based on Art. 6 para. 1 lit. b GDPR (contract processing) as well as on our legitimate interest in using a reliable and secure payment service in accordance with Art. 6 para. 1 lit. f GDPR. Stripe processes your data in the USA and has joined the EU-US Data Privacy Framework to ensure an adequate level of data protection.

For more information on data protection at Stripe, please refer to Stripe's privacy policy: Stripe Privacy Policy.

10. Web Analytics Services

10.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, cookies are set by Google (Universal) Analytics when visiting the website, which collect certain information about your use of the website. This includes your IP address, which is anonymized by Google by truncating it, thus preventing direct personal identification.

The information collected is transmitted to and processed on servers of Google. Data transfers to Google LLC in the USA are also possible.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. The data collected as part of the use of Google (Universal) Analytics is stored for a period of two months and then deleted.

All the aforementioned processing activities, in particular the setting of cookies on your device, are carried out only if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without your consent, Google (Universal) Analytics will not be used during your visit to our website. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the cookie consent tool provided on the website.

We have concluded an order processing contract with Google, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further legal information on Google (Universal) Analytics can be found at Google Privacy Policy & Google Partner Sites .

10.2 Google Search Console

We use Google Search Console, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Search Console allows us to monitor and manage our website's presence in Google search results. Certain non-personal data, such as our website URL and technical information, is transmitted to Google in this context.

Further legal information on Google Search Console can be found in the Google Privacy Policy and Partner Sites.

10.3 Demographic Characteristics

Google (Universal) Analytics uses the special "demographic characteristics" function to create statistics that contain statements about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third parties. This allows marketing activities to target specific groups. The collected data cannot be attributed to a specific person and is deleted after a storage period of two months.

10.4 Google Signals

As an extension of Google (Universal) Analytics, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can analyze your usage behavior across devices, provided you have given your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the "Personalized Advertising" function in your Google account settings. Follow the instructions on this page: Google Ads Settings. Further information on Google Signals can be found at Google Signals Help.

10.5 User IDs

As an extension of Google (Universal) Analytics, the "User IDs" function can be used on this website. If you have given your consent to the use of Google (Universal) Analytics in accordance with Art. 6 para. 1 lit. a GDPR and have created an account on this website and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

11. Tools and Miscellaneous

11.1 Cookie-Consent-Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the site, in which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. By using the tool, all consent-requiring cookies/services are only loaded if the respective user gives the corresponding consent by ticking the appropriate box. This ensures that such cookies are only placed on the respective end device of the user if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is not processed in this context.

In individual cases, personal data (such as the IP address) may be processed for the purpose of storing, assigning, or logging cookie settings. This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. If necessary, we have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

12. Rights of the Data Subject

The applicable data protection law grants you the following data subject rights (rights of access and intervention) against the controller concerning the processing of your personal data, whereby reference is made to the respective legal basis for the exercise requirements:

Right to information in accordance with Art. 15 GDPR
Right to rectification in accordance with Art. 16 GDPR
Right to erasure in accordance with Art. 17 GDPR
Right to restriction of processing in accordance with Art. 18 GDPR
Right to notification in accordance with Art. 19 GDPR
Right to data portability in accordance with Art. 20 GDPR
Right to revoke consents granted in accordance with Art. 7 para. 3 GDPR
Right to lodge a complaint in accordance with Art. 77 GDPR.

12.1 Right to Object

IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCE OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

13. Duration of Storage of Personal Data

The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and—if applicable—also based on the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on an explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the scope of legal or similar obligations based on Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiry of the retention periods, provided that they are no longer required for the performance or initiation of the contract and/or we do not have a legitimate interest in further storage.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object in accordance with Art. 21 para. 2 GDPR.

Unless otherwise stated in the specific information within this privacy policy about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

14. Data Storage and Deletion

Protime processes your emails to generate briefings. We store the processed emails for a maximum of 3 months before automatically deleting them. Summaries generated from these emails are retained.

We do not use the stored emails for any other purpose, do not sell them, and do not share them with third parties.

All processing is performed in accordance with GDPR regulations and the Google Limited Use Policy.

14.1 Automatic Data Deletion

Emails processed by Protime are automatically deleted after 3 months. This ensures that user data is not retained longer than necessary.

Summaries generated from the emails remain accessible to the user and stored securely.

14.2 Request Data Deletion

Users have the right to request early deletion of their stored data at any time.

To request the deletion of your data, please contact us at: marc@protime.ai

14.3 Revoking Access

You can revoke your authorization for Protime to access your Gmail or Outlook data at any time through your respective account settings:

Google: Manage third-party access via Google Account Permissions. Google Account Permissions
Microsoft: Manage third-party app access via Microsoft Account Permissions. Microsoft Account Permissions

Once access is revoked, we will no longer be able to retrieve email data for briefing creation.

15. Compliance with Google API Policy Protections and Limited Use Policy

Protime's use of Google user data complies with Google's Limited Use Policy. We do not use data for advertising, do not transfer it to third parties, and do not allow human access to processed emails, except as required for debugging with user consent.

15.1 No Use of Workspace API Data for Generalized AI or ML Models

We do not use any data obtained through Gmail, Google Workspace APIs, or OAuth scopes to develop, train, or improve generalized or non-personalized machine learning (ML) or artificial intelligence (AI) models. All processing of Gmail data is exclusively limited to generating personalized briefings for the authenticated user and remains within the permitted use case.

We do not retain Gmail or Workspace API data for training generalized AI/ML models.
We do not share Gmail or Workspace API data with third-party services for model training or data analysis beyond the user-specific purpose of generating briefings.
Any access to user data is conducted in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
If any processing involving AI/ML is performed, it is strictly limited to user-specific, personalized outputs (e.g., summarizing the user's own emails).

If you have concerns regarding data usage, please contact us at: marc@protime.ai

16. Business-to-Business (B2B) Communications

We may collect and process publicly available professional contact information for the purpose of B2B communication. This may include names, job titles, company names, and business email addresses gathered from publicly available sources or third-party providers such as Apollo.io.

The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, namely to inform relevant professionals about our services and engage in business development. We ensure that such communication is relevant, non-intrusive, and includes a clear option to opt out.

If you receive a communication from us and do not wish to be contacted further, you can opt out by replying with "unsubscribe" or using the unsubscribe link provided in our message. Upon such a request, we will promptly remove your data from our outreach list and prevent further contact.

You retain the right to object to this type of processing at any time. Please refer to Section 8 for more details on how to exercise your rights.