Skip to main content
Back

Privacy Policy

Effective date: 3 April 2026

Person Responsible

Martin Kulawik
Chodowieckistr. 40
10405 Berlin, Germany
Email: daten@martinkulawik.de

Data Protection Declaration

We process personal data to operate Achtung.app, provide AI visibility analysis, manage customer communication, secure the service, and fulfill legal obligations. This includes data you submit directly, usage data created while using the platform, and data received from connected integrations.

Server Log Files

When you use this website, our infrastructure stores technical log data such as IP address, timestamp, requested URL, status code, user agent, and referrer. Logs are used for security monitoring, abuse prevention, debugging, and reliability operations.

Cookies

We use only technically necessary cookies and local storage entries for session handling, authentication state, locale, and theme settings. We do not use cookies for cross-site advertising, behavioural profiling, or classic tracking. Our web analytics (Matomo) runs cookie-free and without fingerprinting (see "Web Analytics with Matomo"). A cookie consent banner is therefore not required (§ 25(2) no. 2 TDDDG, ePrivacy Directive Art. 5(3) exemption).

Contact Data

If you contact us by email, form submission, or product inquiry (including free scan requests), we process your contact details and message content to handle your request, provide onboarding information, and support your account.

Payment Data

Payments are processed by Stripe, Inc. (stripe.com) as our payment sub-processor. Stripe receives your payment card details directly – we do not store full card numbers, CVV codes, or bank account details on our servers. We store only: your Stripe customer ID, subscription status, plan tier, and the last four digits of your payment method. Processing is based on GDPR Art. 6(1)(b) (contract performance). Stripe's own privacy policy (stripe.com/privacy) applies to its processing of your payment data.

Custom Niche Report (Paid Research)

Via /research you can commission an individual industry research report (Custom Niche Report). We process your email address, the niche description you enter, and the payment processed by Stripe in order to deliver the agreed report as a PDF. The legal basis is GDPR Art. 6(1)(b) (contract performance) as well as tax retention obligations under § 147 AO for billing data. The niche descriptions you enter are transmitted to our AI sub-processors to generate queries (see "AI Service Providers"); no personal data is forwarded to AI providers.

AI Service Providers (Sub-Processors)

To provide AI visibility analysis, we transmit brand names, keywords, and domain information to the following third-party AI service providers acting as sub-processors: OpenAI, Inc. (USA) – openai.com/privacy; Google LLC / Gemini (USA) – policies.google.com/privacy; Perplexity AI, Inc. (USA) – perplexity.ai/privacy; Anthropic, PBC (USA) – anthropic.com/privacy; xAI Corp. (USA) – x.ai/legal/privacy-policy; Mistral AI (France) – mistral.ai/terms. We send only the minimum data necessary for the query (brand name, keywords, domain). No personal account data such as email addresses, passwords, or payment information is transmitted to AI providers. Processing is based on GDPR Art. 6(1)(b) (contract performance) and Art. 6(1)(f) (legitimate interest in providing the contracted service).

International Data Transfers

Some of our sub-processors (OpenAI, Google, Perplexity, Anthropic, xAI, Stripe) are based in the United States. These transfers are safeguarded by the EU–US Data Privacy Framework (DPF) where the recipient is certified, and by EU Standard Contractual Clauses (SCCs) pursuant to GDPR Art. 46(2)(c) in all other cases. Mistral AI processes data within the European Union. You may request a copy of the applicable safeguards by contacting us at the address above.

Automated Processing

Achtung.app uses automated processing to generate AI visibility scores, citation analysis, competitor classifications, trend detection, and alert notifications. These outputs are informational tools to support your marketing decisions – they do not produce legal effects or similarly significant effects concerning you within the meaning of GDPR Art. 22. No fully automated decisions with binding consequences are made. You may contact us at any time to request human review of any automated output.

Aggregated and Anonymised Statistics

We use data submitted to the service – including data from paying subscribers and from free public scans – in aggregated and anonymised form to produce industry benchmarks, public insights (such as those displayed on our /insights page), internal analytics, and product improvements. Aggregation is performed with k-anonymity thresholds: a category, niche, provider, or competitor only appears in published aggregates once a minimum number of independent contributors is present, so individual brands, customers, or persons cannot be re-identified. We never publish raw inputs, brand names, account-level scores, or any data attributable to your account. Once anonymised, aggregated statistics fall outside the scope of personal data under GDPR Recital 26. The legal basis for the underlying processing is GDPR Art. 6(1)(f) (legitimate interest in service improvement and industry research), balanced against the minimal residual risk after anonymisation. You may object to this processing for data attributable to your account at any time by contacting us at the address above.

Data Retention Periods

We apply the following retention periods unless statutory obligations require longer storage:

  • Server log files: 30 days
  • Account data (name, email, settings): duration of the account plus 30 days after deletion
  • Visibility scores, citations, and reports: duration of the account plus 90 days
  • Free scan data: 30 days after scan completion
  • Custom Niche Reports: raw data 12 months, order and PDF retained permanently as a customer record (tax retention obligation)
  • Billing records (invoices, transaction IDs): 10 years (German tax retention obligation, § 147 AO)
  • Support correspondence: 3 years after last contact

Legal Basis

Processing is based on GDPR Art. 6(1)(b) for contractual services, Art. 6(1)(f) for legitimate interests (security, fraud prevention, service quality), and Art. 6(1)(a) where consent is required.

Your Rights

You have the right to access, rectify, erase, restrict processing, object to processing, and data portability, subject to applicable law. You may also lodge a complaint with your competent supervisory authority (for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit).

Data Deletion

We retain personal data only as long as necessary for service delivery, security, support, and legal retention duties. Account and report-related data is deleted or anonymised when no longer required, unless statutory obligations require longer storage. You may request deletion of your account at any time by contacting us.

Right of Objection

To exercise rights, withdraw consent, or object to processing, contact: daten@martinkulawik.de

Web Analytics with Matomo

We use the self-hosted open-source software Matomo to measure how this website is used. The instance runs on our own infrastructure at https://stats.mkmx.de/; no data is shared with third parties. Matomo is configured on this website without cookies and without fingerprinting: no tracking cookies are set, your browser fingerprint is not collected, and your IP address is anonymised before storage (the final bytes are removed so that no personal reference remains). We process, among other things: pages visited, time on page, approximate region, browser/device class, and referrer. Because no information is stored on or read from your device, § 25 TDDDG does not apply. The legal basis for the subsequent processing of the anonymised measurement data is GDPR Art. 6(1)(f) (legitimate interest in privacy-preserving web analytics to improve the service). Aggregated analytics data is retained for 24 months. We additionally respect your browser's Do-Not-Track signal.

Matomo Tracking Opt-Out

Independently of the above, you can disable measurement entirely for this browser at any time. Matomo stores a technically necessary opt-out cookie that persistently signals you do not wish to be measured:

If loading is slow, open the opt-out page directly: Open Matomo opt-out page