Privacy Policy

Version: December 2025

Contents

PART A: PRIVACY ON OUR WEBSITE

PART B: PRIVACY WITHIN THE PRODUCT

PART C: PRIVACY FOR ON-PREMISE USAGE

PART D: GENERAL RIGHTS & FINAL PROVISIONS

1. Preamble & Controller

We appreciate your interest in Heisenware. Data protection is of particular importance to us. To ensure maximum transparency, we strictly distinguish in this policy between visits to our public website (Marketing) and the use of our software platform (Product).

Data Controller: Heisenware GmbH, Levisohnweg 3, 22081 Hamburg, E-Mail: hello@heisenware.com

Data Protection Officer: Dr. Burkhard Heisen, Levisohnweg 3, 22081 Hamburg, E-Mail: hello@heisenware.com

PART A: PRIVACY ON OUR WEBSITE (heisenware.com)

This section applies to visitors of our public website, prospective customers, and marketing leads.

2. Website Hosting (HubSpot)

We host our website with the provider HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (hereinafter: HubSpot). When you visit our website, HubSpot collects various log files including your IP address. HubSpot stores cookies or other recognition technologies that are required for the presentation of the site, the provision of certain website functions, and to ensure security (necessary cookies). HubSpot stores data within the European Union. Legal basis: Art. 6(1)(f) GDPR (Legitimate interest in secure provision) and Art. 28 GDPR (Data Processing Agreement).

3. Data Collection on the Website

Server Log Files: The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, IP address. This data is not merged with other data sources.

Contact Form & E-Mail: If you contact us via contact form, e-mail, or telephone, your inquiry, including all resulting personal data (name, inquiry details), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

Cookies: Our website uses cookies. Some are necessary for operation ("Session Cookies"), others are used for analysis. You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases.

4. Analysis Tools & Advertising (Website Only)

Note: The following tools are not used within the Heisenware Product Platform, but serve exclusively for marketing on the public website.

HubSpot CRM: We use CRM software from HubSpot to manage customer relationships. Stored data includes, among other things, name, e-mail address, telephone number, and communication data. We have concluded a Data Processing Agreement (DPA) with HubSpot.

Google Analytics: We use Google Analytics (Google Ireland Limited) for statistical analysis. Google uses cookies to analyze user behavior. Data transfer to the USA is secured by EU Standard Contractual Clauses (SCCs). Legal basis: Consent (Art. 6(1)(a) GDPR).

Google Ads: We use Google Ads to display advertisements. Google may analyze your user behavior to optimize ads. Legal basis: Consent.

YouTube: We embed videos from YouTube (Google). When playing the videos, a connection to Google servers is established and your IP address is transmitted.

Spotify: We embed functions from Spotify AB. When visiting, a direct connection to Spotify servers may be established, whereby Spotify receives your IP address.

PART B: PRIVACY WITHIN THE PRODUCT

This section applies exclusively to registered users of our cloud software under heisenware.cloud as well as End Users of Apps.

5. Hosting & Operation (Hetzner)

We host our Cloud Platform on servers of Hetzner Online GmbH located in Germany.

• Purpose: Provision of infrastructure, operation of the platform, and assurance of system availability.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interest) and Art. 28 GDPR (Data Processing Agreement). We have implemented suitable guarantees to ensure that your data does not leave the scope of the GDPR.

6. Google Sign-In (Platform & Apps)

Both our direct Customers and End Users of Apps can optionally sign in using their Google account (Single Sign-On).

• Scope of Data: We receive only your e-mail address, name, and profile picture from Google for identification purposes and to set up your user account with Heisenware.
• Visibility: In the case of End Users of an App, this data (Name, E-Mail) is visible to the creator of the App (our Customer).
• No Reverse Transfer: No data processed inside the application is sent back from the Heisenware App to Google.

7. Data from End Users of Your Apps

When Apps are created with Heisenware and made available to third parties, we process access data on behalf of our Customers.

a) Public Apps (Usage Data): For every access, we capture technically necessary data (IP address, device type) to ensure the security and correct delivery of the App. This data is aggregated so that our Customers ("Makers") can view the number of users and accesses to their Apps.

b) Apps with Data Entry or Registration: If an App requests data from users (e.g., forms, uploads) or requires a login, we distinguish between two categories of data:

1. Login Credentials (Identity): Only for Apps with Login. We store access credentials (e.g., email, name, password hashes) in our central identity infrastructure. These user accounts and their permissions are managed by the Customer via the App Manager.

2. User-Generated Content and Inputs: For all Apps (with and without Login). All data entered, uploaded, or generated by end users within the App (e.g., form entries, photos, uploaded files) is stored in the databases of the respective Customer Workspace. The Customer has full control (view, export, deletion) over this data.

Role of Heisenware: We act strictly as a technical data processor.

• For Authentication, we provide the secure infrastructure.

• For Content Data, we solely provide the storage space and processing logic. The data protection responsibility for the collection, lawfulness, and deletion of this data lies solely with the respective Customer (App Creator).

8. Local Storage

Both in the Platform and in the executed Apps, we store configuration data locally in the user's browser ("Local Storage").

• Purpose: Storage of personal settings or App states.
• Note: This data remains on the end device and serves exclusively for user convenience. It is not transmitted to our servers.

9. Product Improvement & Metadata (Internal Analysis)

To ensure the stability and performance of the platform, we analyze technical metadata (e.g., error rates, loading times, resource utilization). However, we have no access to the content of the data processed in the Apps (e.g., machine data, sensor values, user inputs). An evaluation of this content by Heisenware does not take place.

PART C: PRIVACY FOR ON-PREMISE USAGE

This section applies if you operate Heisenware on your own infrastructure.

10. Complete Data Isolation

When using the On-Premise installation, complete data sovereignty remains with you.

• No Access: Heisenware GmbH has no access to your instance, your user accounts, or your databases.
• No Unauthorized Data Transmission ("No Call Home"): The Software is configured so that it does not establish a connection to our cloud servers by default. No data processed within the Platform or usage statistics are transmitted to us, unless this feature is explicitly activated by the Administrator. Any such transmission occurs only after technical consent ("Opt-In").