Privacy Policy

a) Technically necessary cookies

These cookies are required for the operation of the website and platform. They enable basic functions such as login and session management. Without these cookies, the platform cannot function properly.

• Session cookie (Supabase): Authentication and login, storage period: session
• Consent cookie (Corporate LLM): First-party cookie storing your cookie settings, storage period: 12 months

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) and § 25(2) no. 2 TDDDG (German Telecommunications Digital Services Data Protection Act).

b) Analytics cookies

With your consent, we use analytics tools to understand and improve the use of our website and platform.

• PostHog (PostHog, Inc., EU hosting): Product analytics and usage behavior; data processed on EU servers

Legal basis: Art. 6(1)(a) GDPR (consent).

c) Marketing cookies

With your consent, we use marketing tools to show you relevant advertising and to measure the effectiveness of our campaigns.

• Rewardful: Affiliate and referral tracking to correctly attribute referrals and commissions

Legal basis: Art. 6(1)(a) GDPR (consent).

d) Managing your settings

When you first visit our website, a cookie banner asks you which cookies you wish to allow. You can change your settings or withdraw your consent at any time via the “Cookie settings” link in the footer of the website.

a) Sign-up

We use the double opt-in procedure for newsletter sign-ups. This means: after signing up, you receive an e-mail with a confirmation link. Your sign-up is only completed once you click this link. Without confirmation, your data is automatically deleted.

When you sign up, we store:

• E-mail address
• Time of sign-up and confirmation
• IP address

b) Newsletter to existing customers

If you have purchased a product or booked a service from us, we may use your e-mail address to inform you about similar offers, provided you have not objected to this.

Legal basis: § 7(3) UWG (German Act Against Unfair Competition) in conjunction with Art. 6(1)(f) GDPR (legitimate interest).

c) Content and analysis

The newsletter may contain information about our products, services and relevant industry topics. We reserve the right to measure the open and click rates of the newsletter in order to improve our content.

d) Unsubscribing

You can unsubscribe from the newsletter at any time. You will find an unsubscribe link at the end of every newsletter. Alternatively, you can send us an e-mail to support@corporatellm.de. After unsubscribing, your data will be deleted unless statutory retention obligations apply.

Legal basis (for sign-up): Art. 6(1)(a) GDPR (consent).

a) Which networks we use

• LinkedIn (LinkedIn Ireland Unlimited Company)
• Instagram (Meta Platforms Ireland Ltd.)
• Facebook (Meta Platforms Ireland Ltd.)
• X / Twitter (X Corp.)
• TikTok (TikTok Technology Limited)
• YouTube (Google Ireland Ltd.)

b) Data processing when you visit our company pages

When you visit our company pages, personal data is processed by the respective platform operator. This may include: IP address, profile information, interactions with our content and information about your usage behavior.

The platforms provide us with anonymized statistics on the use of our company pages (e.g. reach, interactions). We have no access to the underlying personal data.

c) Joint controllership

For certain processing operations (in particular the creation of page statistics), we are jointly responsible with the platform operators within the meaning of Art. 26 GDPR. The platform operators have provided corresponding agreements for this purpose:

• LinkedIn: linkedin.com/legal/l/page-joint-controller-addendum
• Facebook/Instagram: facebook.com/legal/terms/page_controller_addendum
• YouTube: support.google.com/youtube/answer/2801895

You can assert your data subject rights both against us and against the respective platform operators.

d) Privacy information of the platforms

Further information on data processing by the platform operators can be found in their privacy policies:

• LinkedIn: linkedin.com/legal/privacy-policy
• Meta (Instagram, Facebook): facebook.com/privacy/policy
• X / Twitter: twitter.com/privacy
• TikTok: tiktok.com/legal/privacy-policy
• YouTube/Google: policies.google.com/privacy

a) Which data we collect

During registration and ordering, we collect:

• First and last name
• E-mail address
• Telephone number
• Company name (for business customers)
• Position in the company (for business customers)
• Company size (for business customers)
• Delivery and billing address
• VAT ID (for business customers)
• Payment data (processed directly by Stripe)

b) Purposes of processing

We process this data for:

• Creating and managing your customer account
• Performing and processing the contract
• Billing and payment processing
• Communication regarding your order and our services
• Customer service and support

c) Payment processing

Payment processing is handled via our payment service provider Stripe (Stripe Payments Europe Ltd.). Your payment data is collected and processed directly by Stripe. We have no access to complete credit card data. Further information can be found in Stripe’s privacy policy:stripe.com/de/privacy

a) Which data arises during use

When you use the platform, we process:

• Chat histories and prompts (your inputs)
• Uploaded files and documents
• Generated responses and outputs
• Usage statistics (e.g. number of requests, models used)

b) Transfer to AI providers

To process your requests, your inputs (prompts) are transmitted to the respective AI providers:

• OpenAI (via Microsoft Azure, EU)
• Anthropic (via Amazon Bedrock and Google Cloud, EU)
• Google (via Google Cloud, EU)

Processing takes place exclusively on European servers. According to the terms of use of the cloud providers, your data is not used to train AI models.

c) Storage period

• Chat data: Stored permanently until you delete it or close your account
• Usage statistics: Stored permanently, anonymized after 180 days
• Invitations (for Enterprise): Permanently viewable, anonymized after 30 days

After the end of the contract, your data is deleted within 30 days.

d) Distinction by customer type

Private customers (single user): If you use the platform as a private individual, we are the controller for the processing of your data.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Business customers (Enterprise): If you use the platform as an employee of a company that has provided you with access, that company is the controller for the processing of your data. In that case, we act as a processor within the meaning of Art. 28 GDPR.

In this case, please contact your employer with any questions about data processing and to exercise your data subject rights.

a) Which data we process

• Account/team ID of the owner (internal identifier)
• Current PAYG credit balance and activation status
• Stripe customer ID of the account area as well as Stripe payment intent IDs and charge IDs of the individual top-up transactions
• Append-only ledger of all top-up, consumption and refund transactions (amount in micro-EUR, transaction type, timestamp)
• Marking of individual usage events as to whether they were billed against the plan-tier budget or against the PAYG credit

b) Purposes of processing

• Provision of the pay-as-you-go model in accordance with Clause 8.10 of the Terms of Service (AGB)
• Correct offsetting of plan-tier budget and PAYG credit as well as complete traceability towards the customer and towards financial and tax authorities
• Idempotent processing of Stripe refunds to avoid duplicate bookings
• Detection and prevention of fraud or abusive use

c) Recipients

Top-up payments are processed via our payment service provider Stripe (Stripe Payments Europe Ltd.). Only the data necessary for the payment transaction is transmitted to Stripe. We have no access to complete payment data.

a) Which data we process

• Account/team ID of the account area as well as the number of credited and redeemed stamps
• Status, activation and expiry time of the individual stamps as well as any assigned Voicely subscription IDs
• The customer’s e-mail address stored with the payment service provider Stripe, which is used for matching against any Voicely customer already existing in the same Stripe account (hybrid flow: promo code for new customers)
• For existing Voicely customers: the ID of the existing Voicely subscription and the expiry date extended by the bundle
• For new customers: the generated promo code ID and the redemption status for the purpose of sending reminder and activation messages

b) Purposes of processing

• Provisioning and management of the Voicely bundle in accordance with Clause 8.11 of the Terms of Service (AGB)
• Avoidance of double charges for customers who already have a paying Voicely contract
• Sending of activation, reminder and expiry e-mails by the provider
• Rollback of a not-yet-redeemed Voicely bundle in the event of a refund or revocation of the underlying Corporate LLM contract

c) Responsibility within RelationFlow Ltd.

Since Corporate LLM and Voicely are both operated under the responsibility of RelationFlow Ltd., the cross-account linking does not constitute a transfer to a third party but rather processing within the same controller. The privacy notices applicable on both platforms are to be read consistently in this respect.

d) Data flow to Stripe

All stamp redemptions and any automatically renewed Voicely plans (Clause 8.11 lit. d of the Terms of Service) are processed via the payment service provider Stripe (Stripe Payments Europe Ltd.). For this purpose, Stripe processes the data necessary for payment processing in accordance with its own privacy policy.