Privacy Policy

Our privacy policy and how we use your data

Last updated: 20 June 2026

1. Controller

The controller responsible for the processing of personal data described in this Privacy Policy is:

  • Kairos Alpha GmbH
  • Curschmannstr. 31, 20251 Hamburg, Germany
  • Commercial register: Amtsgericht Hamburg, HRB 159532
  • VAT identification number: DE327080394
  • Email: info@re-nterprises.com

2. Data Protection Officer

We have not appointed a Data Protection Officer, and we are not required to do so: the company does not meet the threshold of §38 (1) BDSG (as a rule, fewer than 20 persons are constantly engaged in the automated processing of personal data) and none of the criteria in Art. 37 (1) GDPR apply. For data-protection enquiries, contact us at info@re-nterprises.com.

3. Categories of personal data processed

  • Account data: name, email, hashed password, locale.
  • Billing data (via Merchant of Record Polar): name, billing address, VAT ID where applicable, transaction history. Card details are not stored by Kairos Alpha GmbH.
  • Usage data: log entries, IP address (truncated where possible), device/browser metadata, feature interactions.
  • User-uploaded content (where the Service so permits), including attached media.
  • Communications: support tickets, email correspondence.

4. Purposes and legal bases (Art. 6 GDPR)

  • Performance of contract (Art. 6(1)(b)): account creation, authentication, delivery of paid features, customer support.
  • Legal obligation (Art. 6(1)(c)): tax and commercial records under §257 HGB and §147 AO; mandatory regulatory reporting.
  • Legitimate interest (Art. 6(1)(f)): security, fraud prevention, abuse detection, service-quality analytics in aggregated form. Balancing test documented internally.
  • Consent (Art. 6(1)(a)): marketing communications, non-essential cookies/analytics, optional features that involve additional processing.

5. Recipients and processors (Art. 28 GDPR)

Kairos Alpha GmbH engages the following processors and sub-processors under data-processing agreements:

ProcessorPurposeLocationTransfer mechanism
Polar Software Inc.Merchant of Record: payments, invoicing, tax remittanceUSA + EUEU Standard Contractual Clauses (SCCs) + EU-US Data Privacy Framework (DPF)
Resend, Inc.Transactional email deliveryEU (eu-west-1)Data Processing Agreement (DPA); EU-resident processing
Mux, Inc.Video infrastructure (encoding, streaming)USASCCs + DPF
Neon, Inc.Managed PostgreSQL databaseUSA (AWS us-east-1, N. Virginia)EU-US Data Privacy Framework (DPF) + EU Standard Contractual Clauses (SCCs, Decision 2021/914) fallback
Vercel Inc.Application hosting and edge deliveryUSA + EU edgeSCCs + DPF

The current sub-processor list is maintained at this page; B2B customers receive change notifications under the Data Processing Addendum.

6. International data transfers

Transfers of personal data to processors in the United States are made on the basis of the European Commission’s Standard Contractual Clauses (Decision 2021/914) in combination with certification under the EU-US Data Privacy Framework where the recipient is so certified. Supplementary measures (encryption in transit and at rest, access logging, pseudonymisation where feasible) are applied in accordance with the EDPB recommendations following Schrems II.

7. Retention

  • Account data: for the duration of the account, plus a retention period of up to six (6) years following deletion to comply with German commercial-records obligations (§257 HGB) and ten (10) years for tax-relevant records (§147 AO) where applicable.
  • Server logs: typically retained for 30–90 days for security purposes, then deleted or anonymised.
  • Support communications: retained for the duration necessary to handle the request and for follow-up, then archived under the same commercial-records framework.
  • Marketing consent records: retained until consent is withdrawn, plus statutory limitation periods for proof of consent.

8. Data subject rights

Subject to the conditions of the GDPR, the User has the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / “right to be forgotten” (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing based on legitimate interest (Art. 21)
  • Right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal (Art. 7(3))
  • Right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects (Art. 22)

Requests may be sent to info@re-nterprises.com. Identity verification may be required.

9. Right to lodge a complaint

The User has the right to lodge a complaint with a supervisory authority. The competent authority for the registered seat of Kairos Alpha GmbH is Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), Ludwig-Erhard-Str. 22, 20459 Hamburg.

10. Cookies and similar technologies

See the Cookie Policyfor details on the technologies used and consent management under §25 TDDDG and the ePrivacy Directive.

11. Automated decision-making

Kairos Alpha GmbH does not conduct automated individual decision-making, including profiling, that produces legal or similarly significant effects within the meaning of Art. 22 GDPR.

12. Children

The Service is not directed to persons under sixteen (16) years of age. Kairos Alpha GmbH does not knowingly process personal data of children below that age without verifiable parental consent (Art. 8 GDPR, §9 TDDDG).

13. Changes to this Privacy Policy

This Privacy Policy may be updated to reflect changes in processing activities or legal requirements. Material changes will be communicated by appropriate means before they take effect.