PRIVACY POLICY for aim2balance.ai

Version 1.0 | Effective: March 2026

 

Bergwaldprojekt e.V.

Otto-Hahn-Str. 13

97204 Höchberg

Germany

Registered: Amtsgericht Würzburg, VR 200215

Email:  info@bergwaldprojekt.de   Technical Support: : support@aim2balance.ai

1. CONTROLLER

The controller responsible for processing your personal data is:

 

Bergwaldprojekt e.V.

Otto-Hahn-Str. 13

97204 Höchberg

Germany

Registered: Amtsgericht Würzburg, VR 200215

 

Email: info@bergwaldprojekt.de    Support: : support@aim2balance.ai

Data Protection Officer: support@aim2balance.ai

2. CATEGORIES OF PERSONAL DATA PROCESSED

We process the following categories of personal data:

 

2.1 Account Information: Name, email address.

2.2 Usage Data and AI Interactions:

(a) AI Inputs (Prompts). When you submit queries, instructions, or content to our AI systems ("Prompts"), these may contain personal data you voluntarily include (e.g., names, addresses, or contextual information).  Prompts are transmitted to our EU-based AI Sub-processors (EU underlying LLM providers) for processing to generate responses. You are responsible for ensuring you do not input Special Category data (Art. 9 GDPR) unless strictly necessary and appropriate safeguards are in place.

(b) AI Outputs. Responses generated by AI models ("Outputs") may be logged.

(c) Metadata. We collect token counts, model identifiers, timestamps, and environmental impact metrics associated with your usage to calculate fees and generate insights shared with you in our AI-balance bar (right side panel). IP Addresses: Full IP addresses are retained for security and fraud prevention purposes.

2.3 Environmental Metrics: Energy consumption estimates, carbon footprint calculations associated with your usage.

2.4 Technical Data: Browser type, device information, log files, cookies.

2.5 Communications: Support tickets, feedback, correspondence.

3. PURPOSES OF PROCESSING AND LEGAL BASIS

3.1 Contract Performance (Art. 6(1)(b) GDPR)

- Providing the AI platform and enabling access to LLMs

- Processing payments and managing accounts

- Generating AI Outputs in response to your requests

- Displaying your usage metrics and environmental impact data

 

3.2 Legitimate Interests (Art. 6(1)(f) GDPR)

- Service maintenance, security, and improvement

- Aggregated statistical analysis and reporting

- Prevention of fraud and misuse

- Environmental impact tracking and ecosystem restoration accounting

 

3.3 Legal Obligation (Art. 6(1)(c) GDPR)

- Tax and accounting record retention

- Compliance with legal requests from authorities

 

3.4 Consent (Art. 6(1)(a) GDPR)

- Cookie usage (non-essential)

- Marketing communications (if opted in)

- Newsletter subscriptions

4. DATA RETENTION PERIODS

 

4.1 Account Data: Retained for the duration of your contractual relationship plus statutory limitation periods (typically 3 years).

4.2 Billing Records: Up to 6 years per German tax law (§ 147 AO).

4.3 Post-Termination: Following account termination, personal data is deleted without undue delay (typically within 30 days), unless we are legally obligated to retain it for longer periods (e.g., billing and tax records retained for up to 6 years under § 147 AO). Where deletion is technically infeasible, data will be irreversibly anonymized.

5. RECIPIENTS OF PERSONAL DATA

 

5.1 Internal Recipients: Authorized employees with confidentiality obligations.

5.2 Processors (Sub-processors):

- Hetzner Online GmbH (hosting infrastructure, Germany/Finland)

- AI models (LLMs, Image Generation, Speech to Text) providers and routing service providers, all based in the EU.

- Payment service providers (for transaction processing)

 

5.3 Legal Recipients: Authorities when legally required (court orders, statutory obligations).

6. INTERNATIONAL TRANSFERS

6.1 Primary Location. Personal data is processed primarily within the European Union.

 

6.2 AI Processing. Through our EU-only endpoints, all AI inference processing remains within the EU.

7. YOUR RIGHTS AS A DATA SUBJECT

 

You have the following rights under GDPR:

 

7.1 Right of Access (Art. 15): Request information about personal data we process.

7.2 Right to Rectification (Art. 16): Request correction of inaccurate data.

7.3 Right to Erasure (Art. 17): Request deletion ("right to be forgotten") subject to legal retention obligations.

7.4 Right to Restriction (Art. 18): Request limitation of processing under certain conditions.

7.5 Right to Data Portability (Art. 20): Receive data in structured, machine-readable format.

7.6 Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.

7.7 Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior lawful processing.

7.8 Right to Lodge Complaint (Art. 77): File complaint with supervisory authority (Bayerisches Landesamt für Datenschutzaufsicht, Germany).

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Essential Cookies: Required for Service functionality (session management, authentication). Legal basis: Legitimate interest (Art. 6(1)(f)).

 

8.2 Analytics Cookies: Used to analyze usage patterns and improve Service. Legal basis: Consent (Art. 6(1)(a)).

 

8.3 Management: You can manage cookie preferences through browser settings or our cookie banner.

9. DATA SECURITY

Our Subprocessor implement appropriate Technical and Organizational Measures (TOMs) such as:

- Encryption in transit (TLS 1.3) and at rest (AES-256)

- Access controls and authentication

- Regular security assessments

- Staff confidentiality agreements

- Annual independent security audits

10. AUTOMATED DECISION-MAKING

The Service does not engage in automated decision-making (including profiling) that produces legal effects or similarly significant consequences for you without human intervention. AI Outputs are provided as information support only.

11. Children's Privacy

The Service is not intended for users under 16. If we learn that a user is under 16, we will delete their data and suspend their account. Parents/legal guardians may request deletion of a child’s data by contacting support@aim2balance.ai . We do not knowingly process data from children under 13.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect legal or operational changes. Material changes will be notified 30 days in advance via email or prominent Service notice.

13. CONTACT

For questions regarding this Privacy Policy or to exercise your rights:

 

Email: support@aim2balance.ai

Address: Bergwaldprojekt e.V., Otto-Hahn-Str. 13, 97204 Höchberg

© 2026 Bergwaldprojekt e.V. · Registered German NGO
Bergwaldprojekt e.V.Our storyFor Teams
Terms of servicePrivacy policyCookie policyImprint