GDPR Compliance Statement
Last updated: December 2024
Our Commitment to GDPR
ARCHITECT-AI is fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring the highest standards of data protection for our users in the European Union and European Economic Area.
1. Data Controller Information
ARCHITECT-AI acts as the Data Controller for personal data collected through our platform.
2. Legal Basis for Processing
We process personal data under the following legal bases:
Contract Performance (Art. 6(1)(b))
Processing necessary to provide our services to you
Consent (Art. 6(1)(a))
For marketing communications and optional features
Legitimate Interest (Art. 6(1)(f))
For security, fraud prevention, and service improvement
Legal Obligation (Art. 6(1)(c))
When required by applicable laws
3. Your GDPR Rights
Under GDPR, you have the following rights:
Right of Access (Art. 15)
Request a copy of your personal data
Right to Rectification (Art. 16)
Correct inaccurate or incomplete data
Right to Erasure (Art. 17)
Request deletion of your personal data
Right to Restriction (Art. 18)
Limit how we process your data
Right to Portability (Art. 20)
Export your data in machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interest
To exercise any of these rights, contact us at architect@hofmann-it.de. We will respond within 30 days.
4. Data Processing Activities
| Data Category | Purpose | Retention |
|---|---|---|
| Account Data | Service provision, authentication | Until account deletion + 30 days |
| Project Data | Prompt generation, storage | Until project/account deletion |
| Usage Analytics | Service improvement | 24 months (anonymized) |
| Support Logs | Customer support | 12 months |
5. International Data Transfers
When we transfer personal data outside the EU/EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-group transfers
6. Data Protection Measures
We implement technical and organizational measures including:
- End-to-end encryption for data in transit
- AES-256 encryption for data at rest
- Regular security assessments and penetration testing
- Employee training on data protection
- Access controls and audit logging
- Incident response procedures
7. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.
8. EU AI Act Compliance
As an AI-powered service, we also comply with the EU AI Act requirements:
- Risk classification for generated prompts
- Transparency about AI-generated content
- Human oversight recommendations for high-risk applications
- Documentation and audit trails
9. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You may contact your local Data Protection Authority or the authority in the country where we are established.
Contact Our Data Protection Officer
For any GDPR-related inquiries, data subject access requests, or concerns about how we handle your personal data:
Email: architect@hofmann-it.de
Response Time: Within 30 days