Privacy Policy

IATF Solutions - Owner: Armin Neises

As of: June 2026

1. Controller

The controller within the meaning of the GDPR is:

IATF Solutions
Owner: Armin Neises
Robert-Koch-Str. 6
54329 Konz
Germany

Email: info@iatf-solutions.com

2. Data Collected and Purposes

2.1 When Visiting the Website

When the website is accessed, technical data is automatically collected (IP address, browser type, operating system, time of access). This data is processed exclusively to ensure technical operations and is not merged with other data.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

2.2 When Using the Tools (No-Storage Mode)

In the standard operating mode, the content entered by the user (quality data, complaint information, etc.) is processed exclusively for the duration of the active session.

After the session ends or after the generated document has been downloaded, all entered data is irreversibly deleted.

No permanent storage takes place on our servers.

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

2.3 Payment Processing (Stripe)

Payment processing is carried out exclusively via Stripe Payments Europe Ltd.

The Provider does not store any payment data.

Stripe's privacy policy applies.

stripe.com/privacy

Legal basis: Art. 6(1)(b) GDPR

2.4 Email Communication (Resend)

For the dispatch of receipts and download links, the Customer's email address is transmitted to the service provider Resend Inc.

The email address is used exclusively for transactional sending and not for marketing purposes.

Legal basis: Art. 6(1)(b) GDPR

3. Hosting (Vercel)

The website is hosted on the infrastructure of Vercel Inc.

Vercel may process technical access data in this context.

A data processing agreement (DPA) exists with Vercel.

Further information:

vercel.com/legal/privacy-notice

4. AI Processing (Anthropic)

Reports are generated using the API of Anthropic PBC.

The entered data is temporarily transmitted to Anthropic for processing and handled in accordance with Anthropic's privacy policy.

No personal data is permanently stored at Anthropic.

anthropic.com/legal/privacy

5. Cookies

The website uses only technically necessary cookies (session cookies), which are deleted when the browser is closed.

For the use of analytics or marketing cookies, the user's explicit prior consent is obtained.

6. Contact Form and Customer Inquiries

When users contact us via the contact form or by email, the information provided (such as name, company name, email address, subject, and message) is processed solely for the purpose of handling the inquiry and responding to the request.

The data will not be used for marketing purposes unless separately agreed by the user.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the respective purpose or to comply with statutory retention obligations.

Transactional data, invoices, and business correspondence may be retained for the legally required retention periods under applicable tax and commercial law.

Content entered into the tools in No-Storage Mode is not permanently stored and is deleted after completion of the session.

8. International Data Transfers

Certain service providers used by IATF Solutions, including Stripe, Resend, Vercel, and Anthropic, may process data outside the European Economic Area (EEA).

Where personal data is transferred to third countries, appropriate safeguards are implemented in accordance with applicable data protection laws, including standard contractual clauses (SCCs) where required.

9. Security Measures

IATF Solutions implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures are continuously reviewed and updated in accordance with technological developments and operational requirements.

10. Rights of Data Subjects

Users have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Since no personal content data is permanently stored in No-Storage Mode, subsequent access or deletion of this data is technically not possible and not required.

Complaints may be submitted to the competent supervisory authority:

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen

https://www.datenschutz.bremen.de

11. Changes to this Privacy Policy

This Privacy Policy will be updated in the event of changes to the technical infrastructure or legal situation.

The current version is always available on the website at:

iatf-solutions.com