Krafthub.AIkrafthub.ai AI Assistant for crafts

Datenschutzerklärung

Privacy Policy

Version: 01.09.2025

1. Controller

Krafthub GmbH
Marktplatz 4
85567 Grafing
Germany
HRB 304667 Local Court of Munich
Email: [datenschutz@krafthub.ai]

2. General Information

This Privacy Policy informs you about the processing of personal data when using our craft business software (SaaS), our websites and related services. The software is aimed exclusively at entrepreneurs within the meaning of Section 14 BGB (German Civil Code).

3. Purposes of Processing and Legal Bases

3.1 Contract Fulfilment (SaaS Service)

  • Provision of the software and user accounts
  • Storage and management of content (e.g. documents, invoices, offers, emails, voice recordings, WhatsApp messages)
  • Billing, support, communication
    Legal basis: Art. 6 (1) (b) GDPR

3.2 Operation and Security

  • Operation of IT systems, backups, monitoring, troubleshooting
  • Prevention of misuse and fraud, IT security
    Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

3.3 Marketing and Communication

  • Information about updates, new features and offers
  • Direct marketing to existing customers
    Legal basis: Art. 6 (1) (f) GDPR; Sec. 7 UWG (German Act Against Unfair Competition)

3.4 Free Plan: Use of Anonymised Data for AI/LLM Training

  • When using the free plan, we process content (e.g. documents, invoices, offers, emails, voice recordings, WhatsApp messages) exclusively in anonymised form in order to improve and train our AI and language models.
  • Participation in the free plan requires your explicit consent. Without consent, use is only possible under a paid subscription.
  • Legal basis: Art. 6 (1) (a) GDPR (consent)

Note on responsibility for AI results: AI outputs (in particular suggested formulations, price suggestions/calculations, and decisions derived from them) are provided for assistance only. Liability for content accuracy, commercial suitability, and related financial losses, including lost business, revenue, or profit, is excluded; the liability provisions in the Terms of Service apply.

4. Anonymisation

Before being used for training purposes, data is irreversibly anonymised. This includes in particular:

  • Removal of names, addresses, phone numbers, email addresses
  • Removal of customer/employee numbers, bank and payment data
  • Removal or neutralisation of company identifiers (e.g. logos, project IDs)
  • Redaction of any other features that could enable identification

Non-anonymised original data is deleted after anonymisation and not further processed.

5. Categories of Data

  • Master data (e.g. name, company, contact details)
  • Contract data (e.g. subscription plan, billing information)
  • Usage data (e.g. log files, IP addresses, device information)
  • Content entered by customers into the software (e.g. documents, invoices, emails, voice recordings, WhatsApp messages and media files)

6. Recipients / Third-Party Disclosure

  • IT service providers and hosting providers (subprocessors)
  • Support and communication service providers
  • Disclosure only within the scope of processing under Art. 28 GDPR
  • Processing outside the EU/EEA does not take place

6.1 Email Account Connections (Gmail & Outlook)

krafthub.ai allows you to optionally connect your email accounts to manage your communications in one place. This section explains what information we access when you connect your Gmail or Outlook/Microsoft 365 account.

What we access when you connect your Gmail account:

  • Read your emails: We access your Gmail messages, including email content, subject lines, sender and recipient information, timestamps, attachments, and attachment content. Email attachments are stored and analyzed to enable document management, AI-powered insights, and search functionality within krafthub.ai.
  • Send emails: We send emails on your behalf when you compose and send messages through krafthub.ai.
  • Modify and organize: We modify email properties (read/unread status, labels, folders) and delete emails when you perform these actions in krafthub.ai.
  • Basic profile: We access your name, email address, and profile picture.

What we access when you connect your Outlook/Microsoft 365 account:

We access the same types of information as described above for Gmail: email messages, attachments and their content, sending capability, email organization, and basic profile information.

Important notes:

  • Connecting email accounts is completely optional
  • You can disconnect at any time through your krafthub.ai settings
  • Our use of Google user data complies with Google API Services User Data Policy, including the Limited Use requirements
  • For information about how we use, store, and protect this data, see sections 3 (Purposes), 7 (Storage Period), and 9 (Data Security) of this privacy policy

Legal basis: Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (contract performance).

6.2 Email Delivery Service (Mailgun)

krafthub.ai uses Mailgun, an email delivery service provider, to send transactional and service-related emails to users. This section explains how Mailgun processes your personal data when we send emails through their service.

What data is processed by Mailgun:

  • Email addresses: Recipient email addresses are processed to deliver emails (registration confirmations, demo confirmations, service updates, feature notifications)
  • Names: Recipient names may be included in email content for personalization
  • Email content: Email subject lines and body content (including dates, times, and other service-related information) are processed for delivery
  • Delivery metadata: Mailgun processes technical delivery information (delivery status, open rates, click tracking) for email delivery optimization and troubleshooting

Purpose of processing:

  • Delivery of registration confirmation emails
  • Delivery of demo appointment confirmation emails
  • Delivery of service-related communications and feature update notifications
  • Email delivery optimization and reliability

Important notes:

  • Mailgun acts as a subprocessor under Art. 28 GDPR
  • Mailgun processes data exclusively within the EU/EEA (EU region: api.eu.mailgun.net)
  • Data processing is limited to email delivery purposes only
  • You can unsubscribe from service update emails at any time through your account settings or by using the unsubscribe link in the emails
  • For more information about Mailgun's data processing, please refer to their privacy policy at https://www.mailgun.com/privacy-policy/

Legal basis: Art. 6 (1) (b) GDPR (contract performance) for transactional emails (registration confirmations, demo confirmations) and Art. 6 (1) (f) GDPR (legitimate interest) for service-related communications and feature updates.

7. Storage Period

  • Contract and billing data: according to statutory retention periods (HGB, AO)
  • Content data: for the duration of the contract; deletion no later than 30 days after contract end
  • Backups: automatically overwritten after max. 7 days
  • Free plan raw data for training: stored only until anonymisation; afterwards only anonymised data without personal reference is used

8. Data Subject Rights

In accordance with Art. 15 et seq. GDPR you have the right to:

  • Obtain information about the processed data
  • Rectification of inaccurate data
  • Erasure or restriction of processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent (e.g. for free plan training) with effect for the future

Withdrawal leads to exclusion from the free plan; further use is only possible under a paid subscription.

8.1 Exercising Your Right to Erasure

To exercise your right to erasure (data deletion), please send an informal request to datenschutz@krafthub.ai. Please include the email address associated with your account. We will process your request within 30 days. Please note that certain data may be retained if required for legal or contractual reasons (e.g. for billing purposes, as described in Section 13 of our General Terms and Conditions).

9. Data Security

We implement technical and organisational measures (TOM) in accordance with Art. 32 GDPR, including:

  • Encryption (in transit and at rest)
  • Access control, role and rights management
  • Logging, monitoring, intrusion detection
  • Tenant separation
  • Regular backups and recovery tests

10. Data Protection Officer

Gaitis Kasims, Marktplatz 4, Grafing, 85567, datenschutz@krafthub.ai

11. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is, for example, the Bavarian State Office for Data Protection Supervision (BayLDA).

12. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy in the event of changes to our services or legal requirements. We will provide appropriate notice of material changes.