Version: 2026-03-16
This Schedule describes categories of personal data and operational telemetry processed in connection with the Service, the purposes of processing, and the relevant legal framework.
Depending on context, Provider may act as processor on behalf of Customer for Customer-submitted data processed solely to provide the Service, and/or as controller for account administration, security, fraud prevention, service integrity, telemetry, analytics, support, and product improvement.
Provider may process user account/authentication data, approval/access-control data, workspace/tenant/entitlement data, runtime/binary/pack compatibility data, device and environment metadata, run identifiers/status metadata, diagnostics/logs/failure states/performance metrics/integrity checks, support data, and billing/payment administration data.
Operational Telemetry is processed for service operation and reliability, runtime authorization and validation, diagnostics and troubleshooting, abuse prevention/fraud detection, performance observability, product analytics and improvement, security incident investigation, and support delivery. Telemetry is part of normal operation and may be generated automatically by installed runtime, local binary, web services, APIs, and associated systems.
Where Provider acts as controller, legal bases may include contract performance, legal obligation, legitimate interests in operating/securing/improving/defending the Service (where not overridden by rights), and consent where legally required.
Provider aims to describe processing in intelligible categories and purposes. Provider processes data reasonably necessary for stated purposes and seeks not to process special categories unless necessary and lawfully supported.
Provider may use subprocessors/service providers for hosting/infrastructure, identity/access management, logging/monitoring, email/communications, billing/payments, support, analytics, and operational tooling, with appropriate contracts where legally required.
Where personal data is transferred outside the EEA/UK/Switzerland, Provider uses transfer mechanisms and safeguards required by applicable law.
Provider retains personal data and telemetry only as long as reasonably necessary for support, security, analytics, legal compliance, and dispute resolution. Aggregated/de-identified information may be retained longer where lawful.
Where Provider acts as controller, data subjects may have rights of access, rectification, erasure, restriction, objection, portability, and complaint, subject to applicable law and exemptions.
Provider maintains reasonable technical and organisational security measures appropriate to risk, including access controls, token-based authorization, transport encryption, operational monitoring, and integrity protections.
For data protection questions, contact: privacy@apertura-ai.de
Return to Home Page