Privacy Policy

August 2025

1. Controller

Kambrium UG (haftungsbeschränkt)
Ohmstraße 53
Germany
Email: privacy@kambrium.ai
Managing Director: Dennis Pfaff

2. Hosting and Email Delivery

Our platform is hosted on Amazon Web Services (AWS) on servers located in Frankfurt, Germany.

We use Brevo (Sendinblue GmbH, Germany) for email delivery and communication.

Both providers act as processors under Art. 28 GDPR and process data exclusively within the EU.

3. Access Data

When you visit our website, we automatically process the following data for technical and security reasons (server log files):

  • IP address
  • Date and time of request
  • Browser type and version
  • Operating system
  • Referrer URL (if applicable)

The processing of this data is based on our legitimate interest under Art. 6(1)(f) GDPR in ensuring the stability and security of the website.

4. Analytics

We use Google Analytics on our marketing website (not within the product environment) to analyze website usage.

Google Analytics may use cookies and transmit data to Google servers in the United States. We have activated IP anonymization and entered into Standard Contractual Clauses (SCCs) with Google to safeguard data transfers.

Legal basis: Consent under Art. 6(1)(a) GDPR (via cookie banner).

You can revoke your consent at any time via our cookie settings.

5. Contact and Demo Requests

You can submit your contact details to request a demo call. We process this data to contact you and arrange a meeting.

For demo scheduling, we use Calendly, a service provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.

Calendly processes personal data (e.g., name, email address, meeting time) on our behalf in accordance with Art. 28 GDPR, based on Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

Legal basis: Consent under Art. 6(1)(a) GDPR or steps prior to entering into a contract under Art. 6(1)(b) GDPR.

6. Data Processing for SaaS Services

When entering into a contract or using our platform, we process the following personal data:

  • User name
  • Email address

Purpose: Account creation, authentication, and essential communication related to the use of the platform.

Legal basis: Contract performance under Art. 6(1)(b) GDPR.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

User account data (e.g., email address, login information) is deleted within 30 days after account closure or contract termination.

Aggregated and anonymized data generated through the use of our platform (e.g., analytics and performance metrics) is not considered personal data and may be retained for statistical or analytical purposes.

Server log files are automatically deleted after 90 days.

8. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, please contact us at: privacy@kambrium.ai

9. Data Protection Officer

We are not currently required to appoint a Data Protection Officer under Art. 37 GDPR.

10. Updates

We may update this Privacy Policy to reflect changes in legal requirements or data processing practices. Please review this page regularly.