Privacy Policy

1. Introduction

Heureka Labs UG (haftungsbeschränkt) ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use skilldock ("the Service").

We comply with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws. This policy describes your rights and how we fulfill our obligations under these regulations.

2. Data Controller

The data controller responsible for your personal data is:

Heureka Labs UG (haftungsbeschränkt)
Email: hello@skilldock.ai

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us at the email address above.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Account Data

• Email address (required for account creation and communication)
• Name or display name
• Password (stored in encrypted/hashed form only)
• Profile information you choose to provide
• Account preferences and settings

3.2 Content Data

• Data you upload or integrate into the platform
• Knowledge graphs generated by our AI systems
• Skillpods you create and configure
• Notes, comments, and other content you create

3.3 Usage Data

• How you interact with our platform and features
• API calls and requests made
• Features and services used
• Error logs and diagnostic information
• Performance metrics and service quality data

3.4 Technical Data

• IP address
• Browser type and version
• Device information (type, operating system)
• Time zone and location data (derived from IP)
• Essential cookies for authentication and security

4. How We Use Your Data

We use your personal data for the following purposes:

• Service Provision: To provide, operate, and maintain skilldock's features, including knowledge graph generation, skillpod creation, and AI integrations
• Account Management: To create and manage your account, authenticate you, and provide customer support
• Communication: To send you service-related notifications, updates, security alerts, and respond to your inquiries
• Service Improvement: To analyze usage patterns, understand how users interact with our platform, and improve our features and performance
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights
• Payment Processing: To process subscription payments and manage billing (via third-party payment processors)

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the service you requested and fulfill our contractual obligations
• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent for specific processing activities
• Legitimate Interests (Art. 6(1)(f) GDPR): For service improvement, security, and fraud prevention, balanced against your privacy rights
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal and regulatory requirements

6. Third-Party Services and Data Processors

We use carefully selected third-party service providers to help deliver our service. These processors only access your data as necessary to perform their functions and are contractually obligated to protect your data:

6.1 Payment Processing

We use third-party payment processors to handle subscription payments. Payment card information is transmitted directly to these processors and is never stored on our servers.

6.2 Analytics Services

We use analytics services to understand how users interact with our platform and improve our service. These services collect aggregated usage data and technical information.

6.3 LLM and AI Providers

To generate knowledge graphs and provide AI-powered features, we process your content data through Large Language Model providers. We use commercially reasonable efforts to maintain appropriate data processing agreements and ensure these providers handle your data with adequate security measures and in compliance with applicable data protection laws.

6.4 Email Communication Services

We use email service providers to send you service notifications, account updates, and support communications.

All our third-party processors are carefully vetted and required to maintain appropriate technical and organizational security measures to protect your data.

7. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures:

• Primary Data Storage: Your data is primarily stored on servers located within the European Union
• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Strict access controls limit who can access your data internally
• Regular Security Audits: We regularly review and update our security practices
• Password Protection: Passwords are hashed using industry-standard algorithms
• Monitoring: We monitor for unauthorized access and security incidents

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our service. Here's what we use:

8.1 Essential Cookies

These cookies are strictly necessary for the service to function:

• Authentication cookies: Keep you logged in securely
• Security cookies: Protect against cross-site request forgery and other attacks
• Session management: Remember your preferences during your session

These cookies are essential for the service and cannot be disabled. By using skilldock, you consent to these essential cookies.

8.2 Managing Cookies

You can configure your browser to refuse cookies, but this may prevent you from using certain features of our service. Consult your browser's help documentation for instructions on managing cookies.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Art. 15 GDPR)

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate personal data and completion of incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data ("right to be forgotten") when it is no longer necessary for the purposes for which it was collected or when you withdraw consent.

9.4 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

9.5 Right to Object (Art. 21 GDPR)

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.6 Right to Restriction (Art. 18 GDPR)

You can request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us at hello@skilldock.ai. We will respond to your request within one month of receipt. In cases involving complex requests or a high volume of requests, we may extend this period by up to two additional months as permitted by GDPR, and will inform you of any such extension and the reasons for it.

10. Data Retention

We retain your personal data as follows:

• Active accounts: We retain your data for as long as your account remains active and you continue to use our service
• Account deletion: When you delete your account, we delete your personal data and content from our production systems within a reasonable timeframe (typically 30-60 days), except where retention is required or permitted as described below
• Legal requirements: We may retain certain data longer if required by law (e.g., for tax, accounting, or legal purposes), or if data is subject to legal hold or ongoing disputes
• Backup systems: Deleted data may persist in backup systems for a limited period according to our backup retention policies (typically up to 90 days)
• Anonymized data: We may retain anonymized or aggregated data indefinitely for statistical and analytical purposes, as such data cannot identify you

You can request deletion of your account and data at any time through your account settings or by contacting us at hello@skilldock.ai. We will process your deletion request in accordance with GDPR requirements and the retention periods described above.

11. Children's Privacy

skilldock is not intended for children under 16 years of age in accordance with GDPR requirements. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us immediately at hello@skilldock.ai.

12. International Data Transfers

We primarily store and process your personal data on servers located within the European Union. However, some of our third-party service providers (including AI/LLM providers, analytics services, and infrastructure providers) may process data outside the EU/EEA.

When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries deemed to provide adequate data protection
• Data Processing Agreements with appropriate technical and organizational measures
• Additional safeguards as required by GDPR and applicable data protection laws

We carefully vet all third-party processors to ensure they maintain GDPR-compliant data protection standards, regardless of their location.

13. Automated Decision-Making and Profiling

While skilldock uses AI and machine learning to generate knowledge graphs and enhance your data, we do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you as defined under Article 22 of GDPR.

AI processing is used solely to provide the service features you request (knowledge graph generation, data enhancement) and does not make decisions about your eligibility, access, or other significant matters without human oversight.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email at the address associated with your account
• Provide notice through our service interface

We encourage you to review this Privacy Policy periodically. Your continued use of the service after changes indicates your acceptance of the updated policy.

15. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Heureka Labs UG (haftungsbeschränkt)
Email: hello@skilldock.ai

For data protection inquiries, you can reach our data protection contact at the same email address.