Privacy Statement

This Privacy Statement explains how Aiigle (“Aiigle”, “we”, “us”, or “our”) processes personal data when you access or use our website, editor, visual pipeline builder, AI blocks, workflow execution environment, account functions, and related services (together, the “Service”).

We respect your privacy. We do not use Google Analytics, advertising trackers, marketing pixels, or profiling cookies. We use cookies only where they are technically necessary for login, authentication, session security, and the operation of the Service.

1. Controller

The controller responsible for the processing of personal data under the General Data Protection Regulation (GDPR) is:

Aiigle
Dr. Leo Sylvio Rüdian
Zossener Str. 68
12629 Berlin

E-Mail:

2. Scope of this Privacy Statement

This Privacy Statement applies to personal data processed when you visit our website, create or use an account, log in, build pipelines, upload or process data, run AI or data-processing workflows, use free credits or paid services, contact us, or otherwise interact with the Service.

3. Categories of personal data we process

Depending on how you use the Service, we may process the following categories of personal data:

4. Purposes of processing

We process personal data for the following purposes:

5. Legal bases under the GDPR

We process personal data only where we have a legal basis under Article 6 GDPR. Depending on the context, the legal basis may be:

Where special categories of personal data under Article 9 GDPR are processed because you choose to upload or process such data in a workflow, you are responsible for ensuring that a valid Article 9 condition and all required safeguards apply. Unless expressly agreed in writing, you must not upload or process special-category data, highly sensitive data, or data relating to criminal convictions through the Service where you do not have a lawful basis and appropriate safeguards.

6. Cookies and similar technologies

We use cookies only for login, authentication, session management, security, and technically necessary operation of the Service. These cookies are required to provide the Service and do not require consent where they are strictly necessary.

We do not use Google Analytics. We do not use advertising cookies, marketing pixels, cross-site tracking cookies, or third-party analytics cookies.

Necessary cookies may be used to remember that you are logged in, protect your session, prevent cross-site request forgery, maintain security, route requests, or preserve essential settings. You can configure your browser to block cookies, but the login area and parts of the Service may not work correctly without necessary cookies.

6.1 Cloudflare Turnstile for registration security

We use Cloudflare Turnstile to protect the account-registration function against automated registrations, spam, bots, and other abuse. Turnstile is provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, California 94107, USA (“Cloudflare”).

To reduce unnecessary third-party processing, Turnstile is not loaded during an ordinary visit to the editor and is not loaded merely because you open the sign-in function. The Turnstile script and security check are loaded only when the account-registration form is displayed. We use explicit, on-demand rendering and do not intentionally use Turnstile for advertising, marketing analytics, cross-site tracking, or user profiling. We also do not intentionally enable Turnstile pre-clearance unless this Privacy Statement is updated to describe that change.

When Turnstile is loaded, a direct connection is established between your browser and Cloudflare. According to Cloudflare, Turnstile processes client-side and connection signals such as the IP address, TLS fingerprint, user-agent header, Turnstile site key and associated website origin. Turnstile evaluates these signals to distinguish legitimate visitors from automated traffic. A short-lived verification token is generated in the browser and submitted to us with the registration request. Our server sends that token to Cloudflare's Siteverify service and creates the account only if validation succeeds.

We do not send Cloudflare's optional remoteip Siteverify parameter. We do not store the Turnstile response token in the user-account database and use it only to validate the registration request. Turnstile tokens are short-lived and single-use. Technical security and server logs may nevertheless contain limited request metadata where necessary to detect attacks, troubleshoot failures, and protect the Service.

For our use of Turnstile to protect registration, the legal basis is Article 6(1)(f) GDPR. Our legitimate interests are preventing automated or fraudulent registrations, protecting users and the Service, preserving availability, and preventing abuse of free credits and computing resources. We have limited Turnstile to the registration step in order to reduce its impact on visitors who do not create an account.

Insofar as Turnstile involves storing information on, or accessing information from, your terminal equipment, we rely on the strictly necessary exception under Section 25(2)(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG), because the security check is used only to provide and secure the account-registration function expressly requested by the user. We do not rely on this exception for advertising, analytics, or unrelated purposes.

Cloudflare states that it acts as our processor when it processes Turnstile signals on our behalf to protect our registration function. Cloudflare also states that it acts as an independent controller when it processes those signals to improve Turnstile's bot-detection capabilities. For that independent processing, Cloudflare identifies its legitimate interests in improving the effectiveness and security of Turnstile as its legal basis.

For processing performed on our behalf, our use of Cloudflare is subject to the applicable contractual data-protection terms, including Cloudflare's Data Processing Addendum where incorporated into our agreement. Cloudflare's current Data Processing Addendum includes the EU Standard Contractual Clauses and other provisions intended to safeguard personal data processed outside the European Economic Area. Because Cloudflare operates a global network and is headquartered in the United States, processing may take place outside the European Economic Area.

More information is available in Cloudflare's Turnstile Privacy Addendum, Cloudflare's Privacy Policy, and Cloudflare's Data Processing Addendum.

Completing the Turnstile security check is required to register an account through the automated registration form. If the check is unavailable, repeatedly fails, or incorrectly classifies your registration attempt, no account will be created through that form. You may contact us using the details below so that we can review the issue and, where reasonably possible and appropriate, offer an alternative registration procedure.

Turnstile performs an automated security assessment of the registration attempt. This assessment may result in the registration request being accepted or rejected, but it is not intended to produce legal effects or similarly significant effects within the meaning of Article 22 GDPR. You may contact us to request human review if you believe a legitimate registration attempt was incorrectly blocked.

7. AI workflows and EU AI Act transparency

Aiigle enables users to build and run data-processing and AI-assisted workflows. Depending on the blocks and models selected by the user, the Service may generate outputs using AI systems. AI-generated outputs may be inaccurate, incomplete, biased, or unsuitable for a particular purpose and should be reviewed by the user before use.

Users are responsible for ensuring that their pipelines, datasets, prompts, AI use cases, deployments, and outputs comply with applicable law, including the GDPR, the EU AI Act, intellectual property laws, consumer protection laws, and sector-specific rules. In particular, users must not use the Service to create, deploy, or operate prohibited, unlawful, discriminatory, deceptive, unsafe, or non-compliant AI systems.

Where the EU AI Act or other applicable law requires transparency notices, human oversight, risk management, documentation, logging, assessment, registration, disclosure, or other compliance measures for a specific AI system or use case, the user is responsible for implementing those measures unless we have expressly agreed otherwise in writing.

8. User responsibility for uploaded data and pipelines

You decide which data, prompts, files, workflows, and outputs you upload, configure, process, or generate through the Service. You must ensure that you have all necessary rights, permissions, legal bases, notices, consents, contracts, and safeguards before processing personal data or third-party content through the Service.

You must not upload or process personal data for which you do not have a lawful basis. You must not use the Service for unlawful monitoring, unlawful profiling, discrimination, unauthorized scraping, unauthorized biometric identification, prohibited AI practices, or other activities that violate applicable law or our Terms of Use.

9. Processors and service providers

We may use carefully selected service providers to host, operate, secure, maintain, or support the Service. These providers may process personal data on our behalf only as necessary to provide their services and under appropriate contractual safeguards.

Depending on your use of the Service, providers may include hosting providers, infrastructure providers, database providers, email providers, payment providers, security providers, and AI or compute providers. Where required by GDPR, we conclude data-processing agreements with processors.

10. International transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards required by GDPR, such as adequacy decisions, Standard Contractual Clauses, supplementary measures, or other lawful transfer mechanisms. The specific safeguards depend on the provider, location, and service used.

11. Retention periods

We keep personal data only for as long as necessary for the purposes described in this Privacy Statement or as required by law. Retention periods may differ depending on the type of data and context:

When data is no longer needed, we delete, anonymize, or restrict it in accordance with applicable law and technical feasibility.

12. Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures may include access controls, authentication, session protection, encryption in transit, backups, logging, monitoring, and security procedures.

No online service can be guaranteed to be completely secure. Users are responsible for protecting their login credentials, choosing strong passwords, managing access to their accounts, and ensuring that their own pipelines and integrations are configured securely.

13. Your GDPR rights

Subject to the conditions and limits set out in GDPR, you may have the following rights:

You may exercise your rights by contacting us at . We may need to verify your identity before responding. You also have the right to lodge a complaint with a competent data protection supervisory authority.

14. Automated decision-making

We do not use website tracking or advertising analytics to make automated decisions about users. The Service may execute user-configured workflows and AI blocks as instructed by the user. Unless expressly stated otherwise, such workflow execution is initiated and controlled by the user and should not be used by the user to make legally or similarly significant decisions about individuals without a valid legal basis, appropriate safeguards, and compliance with GDPR and the EU AI Act.

15. Children and educational use

The Service may be made available for open science, universities, high schools, and educational use, subject to the Terms of Use and applicable law. Where the Service is used by or for minors, the responsible institution, teacher, parent, guardian, or account holder must ensure that all required permissions, notices, safeguards, and legal bases are in place.

16. Free credits, paid services, and usage limits

We may provide free credits or limited free access. Processing data and running workflows may generate usage records, credit balances, quota information, and execution logs. High-intensity processing, repeated execution, heavy AI inference, large-scale automation, or commercial use may require a paid account or paid services.

17. Changes to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in the Service, legal requirements, or our processing activities. The updated version will be published on this page. Where required by law, we will provide additional notice or request consent.

18. Contact

For privacy-related questions, requests, or complaints, please contact:

Dr. Leo S. Rüdian
E-Mail:

Last updated: May 20, 2026