Privacy Statement

This Privacy Statement explains how Aiigle (“Aiigle”, “we”, “us”, or “our”) processes personal data when you access or use our website, editor, visual pipeline builder, AI blocks, workflow execution environment, account functions, and related services (together, the “Service”).

We respect your privacy. We do not use Google Analytics, advertising trackers, marketing pixels, or profiling cookies. We use cookies only where they are technically necessary for login, authentication, session security, and the operation of the Service.

1. Controller

The controller responsible for the processing of personal data under the General Data Protection Regulation (GDPR) is:

Aiigle
Dr. Leo Sylvio Rüdian
Zossener Str. 68
12629 Berlin

E-Mail: Enable JavaScript to reveal email

2. Scope of this Privacy Statement

This Privacy Statement applies to personal data processed when you visit our website, create or use an account, log in, build pipelines, upload or process data, run AI or data-processing workflows, use free credits or paid services, contact us, or otherwise interact with the Service.

3. Categories of personal data we process

Depending on how you use the Service, we may process the following categories of personal data:

• Account data: name, username, email address, password hash, account status, login credentials, role, plan type, and account settings.
• Authentication and session data: login session identifiers, security tokens, cookie identifiers, IP address, device/browser information, timestamps, and security logs.
• Usage and workflow data: pipelines, block configurations, workflow metadata, execution status, logs, error messages, credit usage, quota information, and processing history.
• User-provided content: files, datasets, prompts, inputs, outputs, generated artifacts, images, text, code, model outputs, and other content that you choose to upload, create, or process through the Service.
• Payment and billing data: where paid services are used, billing address, invoice data, payment status, subscription or plan information, and transaction metadata. Payment card details may be processed by an external payment provider and are not stored by us unless expressly stated.
• Communication data: messages, support requests, feedback, email correspondence, and related metadata.

4. Purposes of processing

We process personal data for the following purposes:

• to provide, operate, secure, and maintain the Service;
• to create and manage user accounts, authenticate users, and keep users logged in;
• to allow users to build, save, load, execute, and manage visual pipelines and workflows;
• to process user-provided data, prompts, files, and workflow inputs as instructed by the user;
• to provide AI, data-processing, automation, visualization, and user-interface generation functions;
• to allocate and manage free credits, usage limits, quotas, paid services, and billing;
• to detect, prevent, and investigate misuse, over-use, security incidents, unlawful activity, or violations of our Terms of Use;
• to comply with legal obligations, including GDPR, tax, accounting, security, and regulatory duties;
• to communicate with users about accounts, support, security, service changes, and legal notices;
• to improve the reliability, safety, performance, and functionality of the Service without using tracking or advertising analytics.

5. Legal bases under the GDPR

We process personal data only where we have a legal basis under Article 6 GDPR. Depending on the context, the legal basis may be:

• Contract performance under Article 6(1)(b) GDPR, where processing is necessary to provide the Service, manage accounts, execute workflows, provide credits, or deliver paid services.
• Legal obligation under Article 6(1)(c) GDPR, where processing is necessary to comply with tax, accounting, legal, regulatory, or data-protection obligations.
• Legitimate interests under Article 6(1)(f) GDPR, where processing is necessary for security, fraud prevention, abuse prevention, service reliability, enforcing fair-use limits, defending legal claims, and improving the Service in a privacy-respecting manner.
• Consent under Article 6(1)(a) GDPR, where consent is specifically requested, for example for optional processing activities. We do not currently use optional analytics or advertising cookies.

Where special categories of personal data under Article 9 GDPR are processed because you choose to upload or process such data in a workflow, you are responsible for ensuring that a valid Article 9 condition and all required safeguards apply. Unless expressly agreed in writing, you must not upload or process special-category data, highly sensitive data, or data relating to criminal convictions through the Service where you do not have a lawful basis and appropriate safeguards.

6. Cookies and similar technologies

We use cookies only for login, authentication, session management, security, and technically necessary operation of the Service. These cookies are required to provide the Service and do not require consent where they are strictly necessary.

We do not use Google Analytics. We do not use advertising cookies, marketing pixels, cross-site tracking cookies, or third-party analytics cookies.

Necessary cookies may be used to remember that you are logged in, protect your session, prevent cross-site request forgery, maintain security, route requests, or preserve essential settings. You can configure your browser to block cookies, but the login area and parts of the Service may not work correctly without necessary cookies.

7. AI workflows and EU AI Act transparency

Aiigle enables users to build and run data-processing and AI-assisted workflows. Depending on the blocks and models selected by the user, the Service may generate outputs using AI systems. AI-generated outputs may be inaccurate, incomplete, biased, or unsuitable for a particular purpose and should be reviewed by the user before use.

Users are responsible for ensuring that their pipelines, datasets, prompts, AI use cases, deployments, and outputs comply with applicable law, including the GDPR, the EU AI Act, intellectual property laws, consumer protection laws, and sector-specific rules. In particular, users must not use the Service to create, deploy, or operate prohibited, unlawful, discriminatory, deceptive, unsafe, or non-compliant AI systems.

Where the EU AI Act or other applicable law requires transparency notices, human oversight, risk management, documentation, logging, assessment, registration, disclosure, or other compliance measures for a specific AI system or use case, the user is responsible for implementing those measures unless we have expressly agreed otherwise in writing.

8. User responsibility for uploaded data and pipelines

You decide which data, prompts, files, workflows, and outputs you upload, configure, process, or generate through the Service. You must ensure that you have all necessary rights, permissions, legal bases, notices, consents, contracts, and safeguards before processing personal data or third-party content through the Service.

You must not upload or process personal data for which you do not have a lawful basis. You must not use the Service for unlawful monitoring, unlawful profiling, discrimination, unauthorized scraping, unauthorized biometric identification, prohibited AI practices, or other activities that violate applicable law or our Terms of Use.

9. Processors and service providers

We may use carefully selected service providers to host, operate, secure, maintain, or support the Service. These providers may process personal data on our behalf only as necessary to provide their services and under appropriate contractual safeguards.

Depending on your use of the Service, providers may include hosting providers, infrastructure providers, database providers, email providers, payment providers, security providers, and AI or compute providers. Where required by GDPR, we conclude data-processing agreements with processors.

10. International transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards required by GDPR, such as adequacy decisions, Standard Contractual Clauses, supplementary measures, or other lawful transfer mechanisms. The specific safeguards depend on the provider, location, and service used.

11. Retention periods

We keep personal data only for as long as necessary for the purposes described in this Privacy Statement or as required by law. Retention periods may differ depending on the type of data and context:

• account data is kept while the account exists and for a reasonable period thereafter where needed for legal, security, or administrative purposes;
• workflow, file, and output data is kept for as long as needed to provide the Service, unless deleted earlier by the user or according to applicable retention settings;
• security logs may be kept for a limited period to protect the Service and investigate misuse or incidents;
• billing and accounting records may be kept for the statutory retention periods required by tax and commercial law;
• support communications are kept as long as necessary to handle the request and maintain appropriate records.

When data is no longer needed, we delete, anonymize, or restrict it in accordance with applicable law and technical feasibility.

12. Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures may include access controls, authentication, session protection, encryption in transit, backups, logging, monitoring, and security procedures.

No online service can be guaranteed to be completely secure. Users are responsible for protecting their login credentials, choosing strong passwords, managing access to their accounts, and ensuring that their own pipelines and integrations are configured securely.

13. Your GDPR rights

Subject to the conditions and limits set out in GDPR, you may have the following rights:

• the right of access to your personal data;
• the right to rectification of inaccurate or incomplete data;
• the right to erasure (“right to be forgotten”);
• the right to restriction of processing;
• the right to data portability;
• the right to object to processing based on legitimate interests;
• the right to withdraw consent where processing is based on consent;
• the right not to be subject to a decision based solely on automated processing where Article 22 GDPR applies.

You may exercise your rights by contacting us at Enable JavaScript to reveal email . We may need to verify your identity before responding. You also have the right to lodge a complaint with a competent data protection supervisory authority.

14. Automated decision-making

We do not use website tracking or advertising analytics to make automated decisions about users. The Service may execute user-configured workflows and AI blocks as instructed by the user. Unless expressly stated otherwise, such workflow execution is initiated and controlled by the user and should not be used by the user to make legally or similarly significant decisions about individuals without a valid legal basis, appropriate safeguards, and compliance with GDPR and the EU AI Act.

15. Children and educational use

The Service may be made available for open science, universities, high schools, and educational use, subject to the Terms of Use and applicable law. Where the Service is used by or for minors, the responsible institution, teacher, parent, guardian, or account holder must ensure that all required permissions, notices, safeguards, and legal bases are in place.

16. Free credits, paid services, and usage limits

We may provide free credits or limited free access. Processing data and running workflows may generate usage records, credit balances, quota information, and execution logs. High-intensity processing, repeated execution, heavy AI inference, large-scale automation, or commercial use may require a paid account or paid services.

17. Changes to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in the Service, legal requirements, or our processing activities. The updated version will be published on this page. Where required by law, we will provide additional notice or request consent.

18. Contact

For privacy-related questions, requests, or complaints, please contact:

Dr. Leo S. Rüdian
E-Mail: Enable JavaScript to reveal email

Last updated: May 20, 2026