Privacy Policy

1. Introduction

Welcome to akirolabs’ Privacy Policy. We at akirolabs GmbH (“akirolabs”, “we”, or “us”) are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share personal information about you when you interact with us – for example, by visiting our websites, using our SaaS platform, or attending akirolabs events – and it outlines your rights with respect to that information. We adhere to applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and we strive to be transparent and fair in all our data practices. Please read this Policy carefully. If you have any questions, feel free to contact us using the information in the “Contact Us” section below.

Scope: This Privacy Policy applies to personal data we process in the context of our commercial activities, including operating our website and SaaS platform and marketing our services. It is intended for all individuals who visit our sites, request information from us, or use our products and services. (If you are an employee of akirolabs, separate privacy notices or agreements may apply to internal employee data. Personal data processed by our customers through our platform is governed by our agreements with those customers (such as our Data Processing Agreement). If you apply for a job at akirolabs, please refer to the Careers/Recruitment section of this Policy below for information on how we handle your application data.)

Our Data Protection Principles: At akirolabs, we handle personal data in line with the following core principles:-

Transparency: We are open about our data practices. We inform you what data we collect and why (no hidden tricks or surprises).

Data Minimization: We only collect personal data that we actually need for specified purposes and nothing more.

Purpose Limitation and Legitimacy: We process data only for clear and lawful purposes and only when we have a valid legal basis (such as your consent, a contract, a legitimate interest, or a legal obligation).

Security: We protect personal data with appropriate security measures and safeguards to prevent unauthorized access or misuse.

Responsible Sharing: When we work with reliable service providers or partners, we ensure they uphold standards comparable to ours and only process data under our instructions.

Storage Limitation: We retain personal data only as long as necessary for the purposes described or as required by law, and then securely delete or anonymize it.

No Sensitive or Child Data: We do not intentionally collect sensitive personal data (e.g., race, religion, health, etc.) or any data from children under the age of 16, as our services are not intended for them.

No Automated Decision-Making: We also do not engage in any profiling or automated decision-making that produces legal effects concerning an individual without human involvement.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please refrain from using akirolabs’ services.

2. What Personal Data We Collect

We may collect personal data (information that identifies or relates to an identifiable person or a company) in several categories. The types of personal data we collect depend on your interactions with us, as explained below:

• Contact and Identity Information: This includes basic identifiers such as your name, business title, company/organization name, work email address, telephone number, postal or work address, country, and other contact details. For example, we collect these details when you request a demo, fill out a contact form, or communicate with us. If you register and sign up on our platform via sso or other methods, we will also collect login credentials like a username and password (stored securely).
• Professional and Account Data: Information related to your profession or your account with us, such as the industry you work in, your job role or department, or any profile information you choose to provide on our platform. If you are using our SaaS platform as part of an enterprise subscription, we may also record your company’s name and customer ID and link your user account to your employer’s account for administrative purposes.
• Communication Data: The content of your communications with us. This includes emails, phone calls, online meetings or chat messages you send to our support or sales teams, feedback you provide, survey responses, or any other information you voluntarily share during interactions with akirolabs. For instance, if you email us an inquiry or participate in a user research interview, we will collect the information you provide. We may also keep records of our correspondence and any follow-up actions taken.
• Usage and Analytics Data: Data about how you access and use our websites and platform. It includes information about your activity on our services: pages or screens viewed, features used, links clicked, search queries run, timestamps of access, and other interaction logs. This category can also encompass associated technical details (such as IP address or device information, as noted above). If you attend our webinars or virtual events, we may record your participation and engagement (e.g., which sessions you viewed or any chat/poll contributions). Some of this data is collected through cookies and similar tracking technologies (see the “Cookies and Tracking” section below for more details).
• Marketing and Preference Information: If you subscribe to our newsletter or opt in to receive marketing communications, we collect personal identifiers (like your name and email) and record your preferences (e.g., topics of interest, preferred language) as well as your engagement with our communications (such as email open and click rates). If you register for an akirolabs event (like a webinar, workshop, or conference) or download whitepapers and e-books from our site, we may ask for your contact information and details about your organization and interests. We use this information to send you relevant materials or follow-ups, but only in accordance with your communication preferences and applicable law (for example, we will obtain your consent for marketing emails where required).
• Event and Survey Information: When you sign up for an event hosted or sponsored by akirolabs (either in-person or virtual), we will collect the information needed to organize and manage the event. This may include your name, contact details, job title, and company, as well as any preferences or requirements you provide (for example, dietary restrictions if catering is provided, or accessibility accommodations). We may host webinars and virtual events using third-party platforms such as Contrast. When you register for a webinar or online event, we collect details like your name, email, company name, and may track your participation (for instance, session attendance, chat messages, or poll responses) to manage the event and follow up with you. If the event is co-hosted with a partner or features a sponsor, and you consent or as permitted by law, we might share attendee information with that third party – we will inform you at registration if so (see “Sharing of Personal Data” below for more details). We may also record event sessions or take photographs during events; these recordings and images may capture your likeness if you participate (we will inform you where recording is taking place). Similarly, if you participate in a survey, contest, or promotion, we will collect the information you provide in that context (such as survey responses or contest entries). Participation in these activities is voluntary.
• Customer Account and Transaction Data: If you or your company does business with us, we will process information necessary to administer the account and fulfill our contractual obligations. This can include billing and payment information (e.g., invoicing address, purchase order numbers, subscription plan details, and, for paid subscriptions, payment card or bank details via our secure payment processor), as well as records of services provided, order history, and customer support tickets. Note: For online payments, we typically rely on a third-party payment service; we do not collect or store full credit card numbers in our own systems.
• Platform Content: In the course of using our category management platform, you and your authorized users may upload or enter data into the system. This data (“Customer Data”) might include business information, documents, or other content relevant to your procurement and category management activities. To the extent any personal data is contained in the content you input (for example, names or contact details of your colleagues, suppliers, or stakeholders included in strategy documents or surveys on the platform), we process that data strictly on your behalf as a data processor. In such cases, you (or your organization) remain the data controller responsible for the content, and our Data Processing Agreement (DPA) with you governs how we handle and protect that data. This Privacy Policy, by contrast, primarily covers personal data for which qkirolabs is the data controller (such as the categories listed above, e.g., account registration information, usage data, etc., related to our own purposes). If you are an end user of the akirolabs platform using it through your organization, you may wish to contact your organization for information on their data practices as well.

We may also collect non-personal information (data that by itself does not identify an individual). If any non-personal information is combined with personal data, we treat the combined information as personal data.

3. How We Collect Personal Data

We collect personal data from several sources:

• Directly from You: In most cases, we collect data directly from you. You provide personal information to us when you fill out forms on our website (for example, requesting a demo or contacting us), register or administer an account on our platform, communicate with us by email or phone, post on our community or forum (if applicable), or otherwise interact with us. Any time you voluntarily give us information, we will collect it and use it for the intended purpose. For example, if you type in your email to subscribe to a newsletter, we will collect that email address. If you call or email our sales or support team, we will record the details of your inquiry and your contact info in order to respond.
• Through Our Platform or Website Automatically: When you use our online services, we automatically collect certain technical and usage data via digital tools. This includes device and browsing information collected via cookies, web beacons, logs, and similar technologies as you navigate our site or platform. For instance, our systems log your IP address and device type when you log in, and we may collect information about how you move through our application (pages visited, actions taken, time spent, errors encountered, etc.). We use this automatically-collected data to ensure the service works properly, to troubleshoot issues, and to analyze and improve the user experience. (See Section 8: Cookies and Tracking below for more details on our use of these technologies.)
• From Your Organization or Colleagues: If you are using akirolabs as an authorized user under a corporate subscription, your employer or another user at your organization may provide us with your personal data. For example, an administrator at your company might input your name and email address to invite you to the platform or set up your user account, or a colleague might list you as a team contact. We will collect and use that information as needed to provide the service (for example, to send you an invitation or to set your user permissions).
• Third Parties and Public Sources: We may receive information about you from third-party sources in certain situations. For example, if your information is available in public professional profiles (like on LinkedIn, Apollo, clay or company websites) and you have a business relationship with us, we might obtain updated contact or career information from those public sources or via data enrichment services to keep our records accurate. We might also receive your contact details from our business partners or event co-sponsors if you have interacted with them and indicated interest in akirolabs’ offerings – but only if those third parties are legally permitted to share your data with us. Additionally, if we run joint marketing initiatives or if you register for an akirolabs event through a partner platform, we may receive relevant registration details from the partner. In all such cases, we will treat the information according to this Policy and any additional restrictions that apply.
• Cookies and Similar Technologies: As noted above, our websites use cookies and tracking technologies that collect data about your browsing actions and device. These technologies allow us to recognize you when you return, to personalize your experience, and to analyze overall web traffic. They may also allow third-party analytics providers to collect information on our behalf. Please see Section 8: Cookies and Tracking for more information on our use of these technologies and how you can control them.

If you refuse to provide personal data: You can always choose not to provide personal information when we request it, but certain services or features may not be available as a result. For example, we need basic contact details to respond to inquiries or create an account for you. We will indicate in forms when information is required versus optional.

4. How We Use Personal Data (Purposes of Processing)

We use the collected personal data for the following purposes, and we ensure that each use is supported by a valid legal basis (see Section 5 below):

• Providing and Improving Our Services: The primary reason we collect personal information is to operate our SaaS platform and deliver the services you (or your organization) have requested. This includes using data to create and manage user accounts, authenticate users, provide the platform’s functionality, enable collaboration between authorized users, and process transactions. We also use data to monitor the performance of our services, fix bugs, perform troubleshooting, and continually improve and enhance the platform’s features and usability. Usage and analytics data help us understand how our product is functioning and how users interact with it, so we can make informed improvements and ensure a secure, smooth, and personalized user experience.
• Communication and Support: We use contact and communication data to interact with you, provide customer support, and respond to your inquiries or requests. For example, if you ask a question via our website or email, we will use your contact information to respond and the content of your communication to address your questions. If you are a customer, we may send you service-related announcements (for instance, notices about system maintenance, security alerts, or updates to our terms). Such communications are part of our service to you. We may also use your name and email to send onboarding materials or training information when you start using our platform.
• Marketing and Business Development: We may use your contact information and marketing preferences to send you newsletters, product updates, industry insights, event invitations, or other marketing communications that we believe may be of interest to you. These communications will be sent to you only if you have subscribed or otherwise opted-in, or if we have another lawful basis to send them (for example, if you are an existing corporate customer, we might send information about similar services, as allowed by applicable law). You can opt out of marketing emails at any time. We also use marketing data (like email engagement metrics or website analytics) to gauge the effectiveness of our marketing campaigns and to better understand our prospective customers’ interests. Additionally, if you enter a promotion or contest, we use the data you provide to administer the campaign (for example, to select and notify winners).
• Analytics and Product Development: We analyze usage, feedback, and other data (often in aggregated or de-identified form) to understand trends and user needs. This helps us to conduct research and development and to innovate new features or capabilities. For instance, we might analyze how users navigate through a particular workflow in our platform to identify where improvements can be made, or we may aggregate survey responses to guide product strategy. We may also use analytics to generate internal reports on business performance. Where feasible, we use anonymized or aggregated information for these purposes, which does not identify individuals.
• Safety and Security: Protecting the security of our services and users is a critical purpose for which we use data. We monitor and may process personal data (such as account IDs, IP addresses, and activity logs) to detect, prevent, and address fraud, unauthorized access, hacking, or other malicious activities. For example, we may use automated tools to flag unusual account behavior that could indicate a compromised account, or use your IP address to determine if a login attempt is coming from an unexpected location. We also use data to enforce our terms of service and to protect our rights, privacy, safety, or property, as well as those of our users and others.
• Legal Compliance and Legitimate Business Needs: We process personal data as required to comply with our legal obligations, as well as for routine business administration. This includes using data for accounting, audits, compliance training, or record-keeping (for example, maintaining transaction records for tax and financial reporting purposes). If necessary, we will use personal data to cooperate with lawful government requests, court orders, or legal processes – for instance, verifying identity for requested data disclosures or preserving data that is subject to a legal hold. We may also use your data to establish, exercise, or defend legal claims if that situation arises.
• Other Purposes with Notice/Consent: If we intend to use your personal information for a purpose that is materially different from the purposes listed in this Policy, we will inform you and, if required, obtain your consent. For example, if we ever want to use a testimonial that contains your personal information, we would ask for your permission. In cases where consent is our basis for processing, you have the right to withdraw your consent at any time (which will not affect the lawfulness of processing before withdrawal).

We do not use your personal data for any automated decision-making that has legal or similarly significant effects on you without human review. We may use AI or algorithms within our platform to provide insights and recommendations related to procurement strategy (that’s part of our service), but these do not involve making decisions about you as an individual.

5. Legal Bases for Processing (GDPR/UK Requirements)

For individuals in the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with similar data protection laws, we only process your personal data when we have a valid legal basis to do so. Depending on the specific context, one or more of the following legal bases will apply:

• Performance of a Contract: We process personal data when it is necessary to fulfill our obligations under a contract with you, or to take steps at your request before entering into a contract. For example, this covers most data processing related to providing our SaaS platform and services to you (or your organization) – such as maintaining your account, enabling collaboration features, or providing support as part of our agreement. It also includes processing your data to fulfill requests you make (e.g., if you ask for a demo or download, we use your data to provide it).
• Legitimate Interests: We may process your personal data as necessary for our legitimate interests or those of third parties, provided that those interests are not overridden by your data protection rights. We have numerous legitimate interests in processing data as a commercial enterprise – for instance, to communicate effectively with our customers, to improve and secure our platform, to carry out marketing to business contacts, and to prevent fraud. We always weigh our interests against your privacy and implement safeguards to minimize impact. You have the right to object to processing based on legitimate interests in certain cases (see “Your Rights” below).
• Consent: In some cases, we rely on your consent to process personal data. This is typically the case for optional uses such as sending marketing emails to individuals who are not our customers, or placing non-essential cookies and similar tracking technologies on your device. When consent is our basis, you have the freedom to withdraw it at any time (for example, you can unsubscribe from our newsletters using the link in the footer of each email, or adjust your cookie preferences on our site). Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal.
• Legal Obligation: We will process personal data when we need to in order to comply with a legal or regulatory obligation. This could include obligations under tax law, bookkeeping requirements, responding to lawful requests by public authorities, or fulfilling data protection laws (for example, honoring opt-out requests or data subject rights). If the law requires us to retain certain data or report certain information, we will do so to comply.

(In some jurisdictions, there may be other legal bases recognized for processing personal data – for instance, Brazil’s LGPD or other privacy laws. We will always identify and rely on an appropriate lawful basis for processing your data in accordance with applicable law. If you have questions about the legal basis for any specific processing activity, please contact us.)

6. Sharing of Personal Data (Disclosures)

We understand that your personal data is important, and we are careful about how we share it. We do not sell your personal information to third parties. We only disclose your data in the following circumstances:

• Within the akirolabs Organization: If akirolabs becomes part of a corporate group or has affiliate entities (such as subsidiaries or branch offices), we may share personal data internally among our affiliates as needed to provide our services and operate our business. For example, if akirolabs were to have a subsidiary assisting in support or development, we might share user account information with that subsidiary. Any internal sharing is on a need-to-know basis and under strict confidentiality.
• Service Providers (Processors):  We share personal data with third-party service providers and partners who perform services on our behalf to support our operations or deliver our services. These include cloud hosting providers (for our website and platform), IT infrastructure and software tools, analytics services, email and CRM platforms, customer support software, payment processors, marketing and events platforms, and other vendors we use in running our business.

CRM and Customer Relationship Management: For managing customer interactions, we use Salesforce as our CRM system. Salesforce may process personal data such as names, email addresses, company information, and interaction history. Depending on system architecture, data may be stored on servers located in Germany or the United States. In such cases, appropriate safeguards such as Standard Contractual Clauses (SCCs) or certification under the EU-U.S. Data Privacy Framework (DPF) apply.

Workflow Automation and System Integration: To automate internal workflows and streamline system connectivity, we use tools such as Zapier (Zapier, Inc., USA), Make (Celonis Inc., USA/EU), and n8n (n8n GmbH, Germany). These platforms may temporarily process personal data—like names, email addresses, or form entries—strictly to perform the intended automation task (e.g., syncing data between CRM, forms, and analytics platforms). This processing is carried out under our legitimate interests (Art. 6(1)(f) GDPR) in efficient system operations. Where required, especially for data collection or tracking involving individuals, we rely on your consent (Art. 6(1)(a) GDPR).

Sales Intelligence and Call Analysis: We also use Sybill.ai to support our sales team with intelligent meeting insights and conversation analytics. When sales calls are recorded (with consent), this tool may process audio recordings, transcripts, and non-verbal behavioral cues (e.g., tone, sentiment). The purpose is to improve internal sales effectiveness and understand engagement trends. Processing is limited to internal use and occurs under appropriate contractual and technical safeguards. Consent or another valid legal basis is obtained before any such data processing takes place.

General Infrastructure and Operational Tools: In addition to the above, we rely on vendors for core infrastructure and day-to-day operations, such as cloud hosting, email communication, marketing platforms, payment processing, and customer support systems. These providers are selected for their ability to handle data securely and in compliance with applicable regulations. For online payments, we use third-party processors and do not collect or store full payment card details in our own systems.

Data Protection and International Transfers: All service providers are contractually required to process personal data solely on our instructions, implement appropriate security controls, and refrain from using data for their own purposes. If any provider processes personal data outside the EU/EEA, we ensure that such transfers are subject to lawful mechanisms, including SCCs, adequacy decisions, or the Data Privacy Framework, as applicable.

• Business Partners: In certain cases, we may share limited data with trusted partners for specific purposes. For instance, if we co-host a webinar or event with a partner or sponsor, and you register for that event, we might share your registration details (like name, email, company) with the partner so that they can help run the event or follow up with you about related products or services, but only if we have obtained any necessary consent from you at the time of registration. Similarly, if our platform integrates with a third-party service at your request (for example, if you choose to connect a third-party tool or data source to akirolabs), we will share data with that third party as needed to fulfill the integration. We will always tell you when a service or event involves a third party, so you can choose whether to participate and have your information shared.
• Professional Advisors: We may disclose relevant personal data to our auditors, attorneys, accountants, insurers, or similar professional advisors where necessary for them to provide us with advice or to protect our rights. For example, our lawyers might need access to certain records to provide counsel, or an auditor might review our processes (which include personal data) to provide financial or compliance audits. These parties are bound by confidentiality obligations.
• Legal Compliance and Protection: We will share personal information with government authorities, law enforcement, courts, or other third parties when we believe in good faith that disclosure is required or permitted by law. This may occur in response to lawful subpoenas, court orders, or other legal process; to meet national security or law enforcement requirements; or to enforce our terms of service and protect ourselves or others from harm or illegal activities. If we receive a request for your data, we will attempt to redirect the requesting party to obtain the data directly from you or to notify you of the request when permissible. We may also share information as necessary to detect or prevent fraud (for example, exchanging information with other companies for fraud protection).
• Corporate Transactions: If we are involved in a merger, acquisition, financing, due diligence process, reorganization, bankruptcy, receivership, sale of company assets, or a business transition of services to another provider, your personal data may be disclosed or transferred as part of that transaction. We would ensure that any recipient of your data in such a deal is bound to respect your personal information in a manner consistent with this Privacy Policy. You would be notified via a prominent notice on our website or by email of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information in such an event.
• With Your Consent or at Your Direction: Apart from the cases above, we will share your personal data with third parties only if you have given us consent to do so (for example, if you explicitly instruct us to share your information with a third-party consultant) or if you intentionally share or post content to a public area of our services (for instance, if our platform has a community forum or if you post a testimonial). In such cases, you are directing us to disclose the information as needed to fulfill your request.

We endeavor to limit the personal data we share to what is relevant for the specific purpose and to ensure that recipients commit to using the data in accordance with applicable privacy laws. akirolabs does not sell personal information to data brokers or to third parties for their own marketing. We also do not share personal data with third parties for their direct marketing purposes unless you have separately consented to such sharing.

If you have questions about third parties that may have access to your data, please contact us. We can provide further information about our service providers and partners upon request.

7. International Data Transfers

akirolabs is based in Germany and our services are primarily provided from within the European Union. However, the personal data we collect may be transferred to and processed in countries other than your own. This is because akirolabs and many of our external service providers operate internationally. For example, if you are located in the EU/EEA, your personal data might be transferred to servers or partners in the United States or other countries that do not have the same data protection laws as your home country.

When we transfer personal data across borders, we take steps to ensure that adequate protections are in place to safeguard the data as required by applicable law. Our measures for international data transfers include:

• EU Standard Contractual Clauses: For transfers from the European Economic Area (EEA) or United Kingdom to countries not deemed to provide an adequate level of protection, we rely on the European Commission-approved Standard Contractual Clauses (SCCs) (or UK equivalent provisions) as a legal mechanism. These are contractual commitments between companies transferring personal data, which bind the recipient to protect the data in line with EU (or UK) GDPR requirements.
• Adequacy Decisions: Where applicable, we may transfer data to countries that the European Commission (or relevant UK authorities) have recognized as having adequate data protection laws, in which case no additional safeguards are required under GDPR for such transfers.
• Data Privacy Framework (DPF): akirolabs may adhere to the EU-U.S. and Swiss-U.S. Data Privacy Framework for transfers to the United States, and we also work with service providers that are certified under these frameworks. These frameworks are designed to ensure a level of protection for personal data transferred to the U.S. comparable to that in the EU. (Participation in a framework like the DPF can be an additional safeguard for data transfers.)
• Consent and Other Bases: In certain cases, we may rely on your explicit consent for international transfers when the transfer is not otherwise covered by an adequacy decision or appropriate safeguards. For example, if you request a service that involves sending your data to a third country, we will inform you and obtain consent if needed. We may also rely on other permitted derogations (such as when a transfer is necessary for the performance of a contract with you, or for the establishment, exercise, or defense of legal claims) as allowed by Article 49 of the GDPR.

Regardless of where your information is processed, we will always protect it as described in this Privacy Policy. We implement similarly high standards of data protection across our operations. We also require that our service providers and partners protect the data they process on our behalf, regardless of where they are located, by upholding appropriate safeguards and contractual commitments.

Onward Transfers: If we transfer personal data onward to third parties (such as a service provider in another country), those transfers will be covered by a relevant data transfer mechanism (for instance, an agreement incorporating SCCs between us and the provider), and we remain responsible for ensuring the protection of your personal data through those onward transfers.

If you would like more details about our international data transfer practices or to obtain a copy of the relevant transfer safeguards (such as SCCs), please contact us via the details below.

8. Cookies and Tracking Technologies

Cookies are small text files that websites store on your browser or device to enable certain functions (like keeping you logged in) or to track and understand your usage of the site. Like many companies, akirolabs uses cookies and similar tracking technologies (such as web beacons, pixels, and device identifiers) on our website and platform. We use these technologies for a few reasons:

• Necessary Cookies: These are essential for our site’s operation – for example, to remember your login session or preferences. Without these, some parts of our site or service won’t work properly.
• Analytics Cookies: We use analytics tools that deploy cookies to collect information about how visitors use our website and platform. This information (such as which pages are visited, how long is spent on the site, and any issues encountered) helps us improve the website’s performance and your experience. For example, we use Google Analytics 4 (via Google Tag Manager) and a platform called Factors.ai to track and analyze how users interact with our site and SaaS application. These tools collect usage data such as pages viewed, session duration, click events, and other engagement metrics, and they provide us with aggregated insights (including company-level analysis of site visits) that help improve our marketing attribution and user experience. Analytics cookies may collect identifiers like your IP address and generate aggregate statistics, but they do not directly identify you by name.
• Functionality Cookies: These cookies remember choices you make (like language preference) or gather feedback to improve features. They enhance personalization and improve your experience on our site by remembering your settings and preferences.
• Advertising and Marketing Cookies: At present, akirolabs does not host third-party ads on our site, but we may use certain tracking cookies to help with our own marketing and outreach. For example, we might use cookies that recognize if you have visited our site before, so we can provide you with relevant content or measure the effectiveness of a marketing campaign. In some cases, we might work with third-party advertising networks or social media platforms that use cookies or pixels to deliver targeted content about akirolabs on other sites you visit. We will only use such cookies if you have given consent where required by law.

When you first visit our website, you will be presented with a cookie consent banner (in jurisdictions that require it) that gives you the option to accept or reject non-essential cookies. You can adjust your cookie preferences at any time by using our cookie management tool (if available) or by changing your browser settings. Most web browsers allow you to refuse cookies or alert you when cookies are being used. However, please note that if you disable certain cookies, some features of our site or services may not function correctly.

For more details on our use of cookies and similar technologies, you can refer to our Cookies Notice (if provided on our website) or contact us with any questions. We aim to be transparent about any data collected via cookies. In any case, cookie-related data is typically used as described in this Policy – for example, to recognize you as a returning user, to customize your experience, to analyze site traffic, and to ensure security of the service.

Do-Not-Track Signals: Our website currently does not respond to “Do Not Track” (DNT) signals from browsers. DNT is a feature offered by some browsers that, when enabled, sends a signal to websites to request that your browsing not be tracked (e.g., by third-party ads or social networks). Since there is not yet a widely-adopted common standard for DNT signals, we treat DNT signals like other browser settings for cookies (honoring them where we can based on your overall cookie consent choices). We continue to monitor developments around DNT standards and may adjust our approach if standardized guidelines emerge.

Google Fonts: Our Website uses the Google Fonts service provided by Google LLC (Mountain View, CA, USA) to render and display uniform fonts on the site. When your browser loads these web fonts, Google may process some data from your device (including your IP address) on servers located in the United States. If and insofar as your IP address is transmitted to Google, this processing is based on our legitimate interest in ensuring the technical functionality and consistent presentation of our website (GDPR Art. 6(1)(f); and pursuant to applicable provisions of German telemedia law). Google LLC is certified according to the “Privacy Shield” framework between the EU and the USA, and thus it is committed to complying with applicable European data protection standards (see: https://www.privacyshield.gov/). You can find more information in Google’s privacy policy here: https://services.google.com/sitestats/en.html.

9. Data Security

akirolabs takes the security of personal data very seriously. We implement and maintain appropriate technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures are aligned with industry best practices and are periodically reviewed to address new threats.

Some of the key security practices we employ include:

• Encryption: We use encryption to protect data in transit and at rest. For example, our website and platform enforce HTTPS (SSL/TLS) for secure communication, which means data transmitted between your browser and our servers is encrypted. We also encrypt sensitive data stored in our databases or backups where appropriate.
• Access Controls: We restrict access to personal data to authorized personnel who have a legitimate need to know that information in order to perform their job duties. All akirolabs staff and any contractors with access are subject to confidentiality obligations. We employ access controls such as authentication (strong passwords and, where appropriate, multi-factor authentication) and role-based permissions within our systems, so that each user or administrator only has access to the data necessary for their role.
• Network & System Security: Our infrastructure is protected by firewalls and monitoring systems to guard against external intrusion. We maintain up-to-date security software and follow best practices for securing our cloud environment. Regular vulnerability assessments and security testing (including periodic penetration tests) are conducted to identify and address potential weaknesses.
• Organizational Policies: We have internal policies and provide training for our employees regarding data protection, security, and privacy. We’ve integrated privacy by design principles into our development lifecycle, meaning we consider data protection at each stage of designing our products and processes. We also have an incident response plan in place so that if a security incident or data breach occurs, we can act swiftly to mitigate harm and notify affected parties and regulators as required by law.
• Third-Party Security: When we engage service providers who may handle personal data on our behalf, we vet their security practices and require them to meet standards comparable to our own. We also enter into Data Processing Agreements (DPAs) with such providers to ensure they implement adequate protections. If any provider cannot meet our security requirements, we will not entrust data to them.

While we strive to protect your information, it’s important to note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of data. However, we continuously work to strengthen our defenses to protect against foreseeable threats. You also play a role in security: we encourage you to use strong passwords, keep your login credentials confidential, and notify us immediately if you suspect any unauthorized use of your account or any security vulnerabilities.

In the unlikely event of a data breach that poses a significant risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, or as required by applicable laws and regulations. This means retention periods can vary depending on the type of data and the context of processing. We consider the following criteria when determining how long to keep data:

• Business and Operational Needs: We keep personal data for the duration that your account is active or as long as needed to provide you with our services. For example, if you are a customer, we will retain your account information while your subscription is in effect or while we are providing you services. If you unsubscribe or your account is terminated, we may retain certain data for a period of time in case you reactivate the account or to maintain business records, but we will delete or anonymize it when it’s no longer needed.
• Consent and Marketing Data: For marketing communications, we retain your personal data until you opt out or withdraw your consent (or until the data becomes outdated). If you unsubscribe from our marketing emails, we will remove you from our mailing list promptly, though we may keep a minimal record that you have opted out to ensure we respect your preference in the future.
• Legal Obligations: We retain data as needed to comply with legal requirements. For instance, financial and transaction records are generally kept for a certain number of years to satisfy tax, audit, and accounting obligations (commonly 6–10 years, depending on jurisdiction). Similarly, if we are required by law to keep certain data (such as records of consent, or information needed for regulatory compliance), we will retain that data for the legally mandated period.
• Dispute Resolution and Enforcement: If we believe it’s necessary to retain personal data for resolving disputes, enforcing our agreements, or protecting our legal rights, we will keep the relevant data for as long as the issue is ongoing (for example, until a claim or dispute is resolved, or until the statute of limitations for a potential claim expires).

Once the applicable retention period expires or the purpose for collecting personal data is fulfilled, we will either delete, destroy, or anonymize the data in a secure manner, as required by law. For example, we may archive and segregate data before deletion if needed, and then periodically purge it from our systems. If we choose to anonymize data (so that it can no longer be associated with any individual), we may retain and use that anonymized information indefinitely without further notice.

In some cases, we may anonymize or aggregate personal data (so that it can no longer identify you) and retain it for longer periods for statistical, research, or product development purposes. When we do so, we ensure the data can no longer be linked to any individual and is no longer considered personal data.

If you have any specific questions about our retention practices for a certain type of data, you can contact us for more information. We will also honor valid requests from you to delete data (see “Your Rights” below), provided we do not need to retain the data for legal or legitimate business reasons.

11. Your Privacy Rights and Choices

You have various rights regarding your personal data, and akirolabs is committed to honoring your rights in accordance with applicable laws. This section describes those rights and explains how you can exercise them.

11.1 Rights of Individuals in the EU/EEA, UK, and Similar Jurisdictions

If you are located in the European Union, European Economic Area, United Kingdom, Switzerland, or other regions with comparable data protection laws, you benefit from the following data subject rights under the GDPR (and similar laws):

• Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you. This is sometimes called a “Data Subject Access Request.” We will also provide supplemental information about the processing (such as the purposes, the categories of data, the categories of recipients, etc.) in line with legal requirements.
• Right to Rectification: If any of your personal data that we are processing is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay. You can also contact us to clarify any information that you think is ambiguous or unclear.
• Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. This right (also known as the “right to be forgotten”) applies, for example, if the data is no longer needed for the purposes for which it was collected, or if you withdraw consent and we have no other legal basis to continue processing, or if you object to processing based on our legitimate interests and we have no overriding grounds to continue, or if the processing was unlawful. Please note that this right is not absolute – sometimes we may have lawful grounds to retain certain data (e.g., a legal obligation to keep it, or if it’s needed for legal claims). If that is the case, we will inform you of our reasoning.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. For instance, if you contest the accuracy of your data, you can request that we restrict processing while we verify the data’s accuracy; or if you object to processing (see below), you can request restriction pending verification of our grounds. Restriction means we will flag the data and hold it so that we don’t use or share it (other than storing it securely) until the issue is resolved.
• Right to Data Portability: For data that you have provided to us and that we process by automated means on the basis of your consent or a contract with you, you have the right to request a digital copy in a common format (e.g., CSV or JSON) so that you can reuse it or transfer it to another provider. Where technically feasible, you can also ask us to directly transfer that data to another organization of your choice.
• Right to Object: You have the right to object to our processing of your personal data in certain situations. In particular, you can object at any time to processing of your data for direct marketing purposes, and we will stop processing it for that purpose (this includes any profiling related to direct marketing). You can also object if we are processing your data based on legitimate interests or for a task in the public interest, and you have grounds relating to your particular situation. We will then re-evaluate the processing and will cease processing your data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless continued processing is necessary for the establishment, exercise, or defense of legal claims.
• Right to Withdraw Consent: If we rely on consent for a specific processing activity, you have the right to withdraw that consent at any time. For example, you can unsubscribe from newsletters or opt out of non-essential cookies. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
• Right to Information About Automated Decisions: Given that we do not make automated decisions producing legal effects without human involvement, this right is generally not applicable to our services. However, you have the right to request meaningful information about any automated processing or profiling we do and to ask for human intervention or the opportunity to express your point of view if you believe a decision significantly affecting you was made solely by an algorithm. (As noted, our platform’s AI features do not make decisions about individuals, but you can always ask if you have questions.)
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or violated data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the alleged infringement occurred. For example, in Germany you can contact the data protection authority of your federal state, or in the UK, the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns directly before you escalate to a regulator – so we invite you to contact us first, and we will do our best to resolve the issue.

How to Exercise These Rights: You can exercise your rights at any time by contacting us at the contact details provided in the Contact Us section of this Policy (see Section 16 below). Please clearly state which right you wish to exercise and provide enough information for us to verify your identity and locate your data (we may ask you to provide certain information we already have on file to confirm it’s you). We will respond to your request as soon as possible, and in any event within the timeframe required by law (generally within one month, with the possibility of an extension in certain cases). There is typically no fee for making a request; however, if a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to act on the request (as permitted by law), but we will explain our reasoning in such cases.

12. Careers / Recruitment

If you apply for a role at akirolabs (whether through our website, by email, or via a third-party recruitment platform), we will process your personal data for recruitment purposes. This may include information such as your name, email address, phone number, postal address, resume/CV details, qualifications, work and education history, and any other information you voluntarily provide during the application and interview process.

We use your application data to:- Review and evaluate your qualifications and suitability for the position you applied for (or other relevant opportunities at akirolabs).- Contact you to provide updates on your application status, schedule interviews, or discuss potential roles.- Schedule interviews or assessments and communicate with you about the recruitment process (e.g., sending you meeting invitations or assessment materials).- Comply with legal obligations related to the hiring process (such as verifying your right to work or maintaining records as required by employment laws).- Keep records of the recruitment process, including notes from interviews and communications, to ensure a fair and consistent hiring process and to inform our hiring decisions.

The legal basis for processing your personal data in the recruitment context is generally GDPR Art. 6(1)(b) (steps taken at your request prior to entering into an employment contract) and, where applicable, Section 26 of the German Federal Data Protection Act (BDSG) which permits data processing for hiring purposes. If we wish to retain your application information in our talent pool to consider you for future job opportunities, we will ask for your consent. With your consent (GDPR Art. 6(1)(a)), we may keep your application data on file for up to 12 months after the conclusion of the application process in order to inform you of relevant openings. Providing this consent is optional, and if you do give consent, you can withdraw it at any time by contacting us at privacy@akirolabs.com.

We may use external service providers and platforms to facilitate our recruitment process. For example, we might manage job postings and applications through third-party applicant tracking systems or recruiting platforms such as SmartRecruiters, Greenhouse, LinkedIn Talent Solutions, or Personio. These service providers process personal data on our behalf based on our instructions, under data processing agreements that ensure your data is protected. If these providers are located outside the EU/EEA or store data on servers in other countries (for instance, in the United States), any international transfers of your personal data are safeguarded by appropriate measures, such as the inclusion of European Commission Standard Contractual Clauses or the provider’s certification under the EU-U.S. Data Privacy Framework (as applicable).

Personal data collected for recruitment will be used solely for hiring and human resources management purposes. If your application is successful, the information you provided will become part of your employment record and will be processed in accordance with our internal employee privacy policies. If your application is not successful (and you do not consent to further retention for future opportunities), we will delete or anonymize your application data in accordance with our data retention practices and applicable law, subject to any legal requirements to retain certain information for a period of time (for example, to demonstrate fair hiring practices or to comply with record-keeping regulations).

13. Social Media and Joint Processing

We operate pages or accounts on social media and professional networking platforms (for example, our company page on LinkedIn). When you visit or interact with our presence on these platforms, personal data about you may be processed both by the platform operator and by akirolabs. In certain instances, akirolabs and the platform operator are considered joint controllers of your personal data for specific activities, in accordance with GDPR Art. 26. For example, LinkedIn provides us with aggregated information about engagement with our LinkedIn Page (known as LinkedIn Page Insights), and for this data, akirolabs and LinkedIn Ireland Unlimited Company have entered into a joint controllership arrangement to comply with the GDPR requirements for Page Insights data.

Please be aware that when you are on a social media platform, the platform’s own privacy policy and terms apply. The platform operator is primarily responsible for the processing of your personal data on its platform, including providing you with information about data collection and enabling you to exercise your data subject rights in relation to that processing. However, if you have questions specifically about data associated with our social media pages, you can contact us and we will do our best to assist you or to forward your inquiry to the platform provider as appropriate. Some social media providers (such as LinkedIn or Meta/Facebook) may process data outside the EU/EEA (for example, on servers in the United States). When we engage with these platforms, any transfer of personal data is safeguarded by mechanisms like the platform’s use of Standard Contractual Clauses or its certification under the EU-U.S. Data Privacy Framework, to ensure your information receives adequate protection.

For more information about how LinkedIn processes personal data, please refer to LinkedIn’s own privacy documentation: see the LinkedIn Privacy Policy and LinkedIn Cookie Policy for details on the data that LinkedIn collects and how it uses it. LinkedIn also makes available a Data Processing Agreement that includes information on how Page Insights data is handled. If you have a LinkedIn account, you can manage your privacy settings and ad preferences directly via your LinkedIn profile (for example, through the LinkedIn Privacy Settings page).

14. Children’s Privacy

Our services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 16. In fact, as a B2B-focused platform, our intended user base is business professionals. We do not offer services to minors, and our website and marketing are not aimed at children. If you are under 16 (or any higher minimum age in your jurisdiction for valid consent), please do not use our website or send us any personal information.

In compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit personal information from children under 13 years of age. If we become aware that we have inadvertently collected personal data from a child under the applicable age without proper consent, we will take steps to delete that information as soon as possible.

Parents or guardians who believe that akirolabs might have collected unauthorized information about a minor are encouraged to contact us, and we will promptly investigate and remove any such data.

15. Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Privacy Policy on our website with a new “Last Updated” date at the top. If changes are significant, we may also notify you by additional means, such as by sending an email notification or posting a prominent notice on our site or within the platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our website or services after any update to this Policy signifies your acknowledgment of the changes. Where required by law (for example, if a change involves a new purpose that requires consent), we will obtain your consent before the change affects your personal data.

16. Contact Us (How to Reach Us)

If you have any questions, concerns, or requests regarding this Privacy Policy or how akirolabs handles your personal data, please do not hesitate to contact us:

akirolabs GmbHAm Holtwicker Bach 5046397 Bocholt, Germany

Phone: +49 30 754 384 66 Email: privacy@akirolabs.com (or hello@akirolabs.com for general inquiries)

For the purposes of EU data protection law, akirolabs GmbH is the data controller of the personal data processed under this Policy (unless we inform you otherwise for specific services). You can reach our data protection team at the email address above. If you contact us with a privacy question or to exercise your rights, please include your contact information and a detailed description of your request. We will address your inquiry as soon as possible in accordance with applicable laws.

Thank you for trusting akirolabs with your personal data. We are dedicated to safeguarding your privacy and delivering a secure experience.