PRIVACY POLICY (DATENSCHUTZERKLÄRUNG)
Effective Date: February 2026
1. General Overview
We take the protection of your personal data seriously. This privacy policy explains what data we collect, how we process it, and what rights you have. We process your data exclusively in accordance with the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TDDDG).
2. Controller (Verantwortlicher, Art. 4(7) GDPR)
rubyn GmbH
Represented by: Felix Barkowski & Christopher Brumm
Alfred-Herrhausen-Allee 3-5
65760 Eschborn, Germany
Email: connect@rubyn.xyz
We are not legally required to appoint a Data Protection Officer.
3. AI-Powered Chat (Azure OpenAI Service)
This website features an AI-powered chat interface. When you submit a message, the content of your message along with the conversation history of your current session is transmitted to an AI language model hosted on Microsoft Azure OpenAI Service within the European Union.
Data processed
— The text content of your chat messages
— Previous messages in the current session (for conversational context)
Processor
The AI model is operated via Microsoft Azure OpenAI Service, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. All data processing occurs within EU-based data centers. We have concluded a Data Processing Agreement (DPA) with Microsoft in accordance with Art. 28 GDPR as part of the Microsoft Azure terms.
Legal basis
Art. 6(1)(f) GDPR (legitimate interest). The processing is necessary to provide the core functionality of this website — answering your questions about our services. Your data is not transferred outside the EU. You can object to this processing at any time by contacting us at connect@rubyn.xyz.
Retention
Chat data is not stored on our servers. Messages exist only in your browser session and are lost when you close the page. Azure OpenAI Service does not store prompt or completion data and does not use your inputs for model training.
4. Contact Form
When you submit the contact form on our website, we collect the following data:
— Your name
— Your email address
— Your message
Purpose & legal basis
We process this data to respond to your inquiry and, where applicable, to initiate pre-contractual measures. The legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps at your request).
Processor
Form submissions are transmitted via Resend, Inc., 2261 Market Street #4059, San Francisco, CA 94114, USA. We have concluded a Data Processing Agreement (DPA) with Resend in accordance with Art. 28 GDPR. The data transfer to the USA is safeguarded by the EU-U.S. Data Privacy Framework (DPF).
Retention
Contact form data is retained for the duration of the inquiry and any resulting business relationship, and subsequently deleted unless statutory retention obligations apply (e.g. 6 years under § 257 HGB or 10 years under § 147 AO).
5. Hosting (Vercel)
This website is hosted by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA. When you access our website, Vercel automatically collects and stores the following data in server log files:
— Your IP address
— Date and time of the request
— Requested URL and referrer URL
— Browser type and version, operating system
Legal basis
Art. 6(1)(f) GDPR (legitimate interest). The collection of this data is technically necessary for the delivery of the website and to ensure its security and stability.
Data transfer to the USA
Vercel is based in the United States. The data transfer is safeguarded by the EU-U.S. Data Privacy Framework (DPF). We have concluded a Data Processing Agreement (DPA) with Vercel in accordance with Art. 28 GDPR.
Retention
Server log files are automatically deleted by Vercel after 30 days.
6. Web Analytics (Google Analytics)
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies to analyze your use of the website.
Data processed
— Anonymized IP address (IP anonymization is active)
— Pages visited, time spent, interactions
— Browser type, operating system, screen resolution
— Referrer URL
Legal basis
Consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Google Analytics is only activated after you have given your consent via our cookie consent banner. You can withdraw your consent at any time.
Data transfer to the USA
Google may transfer data to servers in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). We have concluded a Data Processing Agreement with Google.
Retention
Analytics data is automatically deleted after 14 months. Cookies are deleted according to their respective expiration periods (see Section 7).
Opt-out
You can prevent data collection by Google Analytics by withdrawing your consent via the cookie settings, or by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).
7. Cookies
This website uses cookies. Cookies are small text files stored on your device by your browser.
Essential cookies
Technically necessary cookies are required for the website to function. They are set without consent pursuant to Art. 6(1)(f) GDPR and § 25(2) TDDDG. These include session cookies and cookies related to the delivery of the website via Vercel.
Analytics cookies (Google Analytics)
_ga: Distinguishes users. Expires after 2 years.
_ga_[ID]: Maintains session state. Expires after 2 years.
These cookies are only set after you have given your consent via our cookie consent banner. You can manage or revoke your consent at any time.
8. Data Retention Overview
— Chat messages: Not stored on our servers (browser session only)
— Contact form data: Duration of the inquiry/business relationship, then subject to statutory retention periods (6–10 years)
— Server log files: 30 days (Vercel)
— Google Analytics data: 14 months
— Cookies: See Section 7 for individual expiration periods
9. Your Rights as a Data Subject
Under the GDPR, you have the following rights with respect to your personal data:
— Right of access (Art. 15 GDPR): You may request information about whether and which personal data we process about you.
— Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
— Right to erasure (Art. 17 GDPR): You may request deletion of your data, unless statutory retention obligations apply.
— Right to restriction of processing (Art. 18 GDPR): You may request that processing be restricted under certain conditions.
— Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, machine-readable format.
— Right to object (Art. 21 GDPR): You may object to processing based on legitimate interest at any time, for reasons arising from your particular situation.
— Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given at any time, without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at connect@rubyn.xyz.
10. Right to Lodge a Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).
Competent supervisory authority
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
https://datenschutz.hessen.de
11. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this page. We recommend reviewing it periodically.