Back to home

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller responsible for data processing on this website is:

KI·SUM·AI - Kisum GmbH
Sonnwendjochstr. 6
81825 München, Germany
Email: info@compliancelint.com

2. Data We Collect

We may collect the following categories of personal data:

  • Account information (email address, name) when you register
  • Usage data (pages visited, features used, timestamps)
  • Technical data (IP address, browser type, device information)
  • Compliance scan results (findings only — never source code)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract performance (Art. 6(1)(b) GDPR) — to provide our services
  • Legitimate interest (Art. 6(1)(f) GDPR) — to improve our services and ensure security
  • Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent

4. Cookies & Analytics

This website uses essential cookies required for the functioning of the service (session management, CSRF protection). We do not use advertising cookies.

We use PostHog for privacy-focused product analytics. PostHog collects anonymized usage data (pages visited, feature interactions) to help us improve the product. For anonymous visitors, no personal profile is created. You can opt out of analytics tracking in your browser settings or by using a content blocker.

5. Third-Party Services

We use the following third-party services:

  • Hetzner (Germany) — hosting and infrastructure
  • PostHog (US, SOC 2 certified) — product analytics
  • GitHub / Google — OAuth authentication
  • Payment processors (for paid plans)
  • Email delivery services

These providers process data only on our behalf and are contractually obligated to protect your data under GDPR.

6. Usage Monitoring

We collect IP addresses and timestamps when you use our API to detect unauthorized account sharing and protect our service. This data is processed based on our legitimate interest in preventing abuse (Art. 6(1)(f) GDPR).

API usage data (IP address, timestamp, API key prefix) is retained for 30 days and automatically deleted thereafter. We never store your full API key in monitoring logs.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured format
  • Objection — object to data processing based on legitimate interest

To exercise these rights, contact us at info@compliancelint.com.

8. Contact

For any privacy-related questions, please contact us at: info@compliancelint.com

ImpressumTerms of Service