Last updated: June 2026
The data controller for any personal data processed via this website (within the meaning of the GDPR) is Surender Reddy Dhonapati, Frankfurt am Main, Germany. Contact: support@schutziq.eu. Full contact details are in the Impressum.
Your AI system descriptions in the classifier, when you only try the tool and do not request the report by email. They are sent to Microsoft Azure OpenAI (region Sweden Central, EU) for classification and discarded on our servers immediately afterwards.
When you submit the email-the-report form, we store: your first name, last name, email address, chosen language (EN/DE), the summary classification label (for example 'HIGH-RISK'), the timestamp and exact text of your consent, randomly generated confirmation and unsubscribe tokens, your IP address, and your user agent (for security and audit purposes).
So that we can deliver the report only after you confirm your email, we temporarily hold your original AI system description and classification result for a maximum of 24 hours. As soon as you click the confirmation link in the email and the report is sent, these two fields are immediately erased. If you do not click within 24 hours, they are automatically purged and no report is sent.
Processing of your personal data is based on your explicit consent under Art. 6(1)(a) GDPR. You can withdraw your consent for the future at any time without affecting the lawfulness of any processing carried out beforehand. To withdraw consent, use the unsubscribe link in any email or write to support@schutziq.eu.
We use your data for two clearly separated purposes: (1) sending you the requested assessment report by email (mandatory consent); (2) sending occasional updates about EU AI compliance topics and product news (a separate, optional consent confirmed via double opt-in). The two consents are collected separately and can be withdrawn separately.
When you click 'Email me the report', we send a confirmation email containing a link. Only after you click that link do we send your assessment report — and at the same time activate your subscription to occasional updates if you selected that option at request time. A single confirmation covers both purposes. Without confirmation we send neither the report nor any further emails, and your temporary data is deleted after 24 hours.
We use the following processors, all hosted in the EU: Brevo (email sending, French company, EU infrastructure); Supabase (database, Frankfurt eu-central-1); Vercel (website hosting, EU regions); Microsoft Azure OpenAI (classification, Sweden Central); Cloudflare Turnstile (bot protection, IP used only during verification). We have Data Processing Agreements (DPAs) with each, as required under Art. 28 GDPR.
All personal data is stored and processed exclusively within the EU. No transfers to third countries take place.
First name, last name, and email are kept for up to 24 months from your last interaction (e.g. last report request or newsletter click). After that, the data is automatically anonymised. If you unsubscribe, we retain your email in a suppression list marked 'unsubscribed' so we do not contact you again — this is legally required. You can request full deletion at any time.
You have the right to: access your data (Art. 15), rectify inaccurate data (Art. 16), erasure (the 'right to be forgotten', Art. 17), restrict processing (Art. 18), data portability (Art. 20), object (Art. 21), and withdraw consent (Art. 7(3)). Please send requests to support@schutziq.eu — we respond within 30 days.
You have the right to lodge a complaint with a supervisory authority. For the controller's seat in Frankfurt am Main, the competent authority is: Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI), Postfach 3163, 65021 Wiesbaden, poststelle@datenschutz.hessen.de.
We use a single functional cookie to remember your language preference (EN/DE). Vercel Analytics is used for aggregated usage statistics (privacy-friendly, no personal identifiers). There are no other tracking scripts, no advertising cookies, and no fingerprinting.
Cloudflare Turnstile is used for bot verification on the classifier tool. No personal data is shared with Cloudflare beyond what is technically required (browser signals, IP address used only during the challenge).
Transmission via HTTPS, database encrypted at rest, access restricted to the operator, storage exclusively within the EU. In the event of a data breach we notify the competent supervisory authority within 72 hours as required by Art. 33 GDPR.
For privacy questions: support@schutziq.eu