Privacy Policy

2.1 Anonymous Use of the Web App

You can visit parts of our web app without providing personal information. During these visits, only general connection information (such as IP address, browser type, and operating system) is temporarily logged to ensure proper functionality and security. This anonymous data is evaluated for technical and statistical purposes only.

2.2 Authentication and User Accounts

To use features that require authentication, you must log in through one of the supported authentication providers: HPI Keycloak or Auth0. Upon login, we process and store the following data provided by the authentication provider:

• User ID (generated by the provider)
• Name
• Email address
• Information on which authentication provider was used

This data is stored to associate logins with users and facilitate user identification within the platform. The legal basis for this processing is Art. 6 para. 1 subpara. 1 letter b GDPR (contractual necessity) and letter f GDPR (legitimate interest in platform functionality and security).

2.3 User-Generated Content

The web app allows users to create, upload, and manage models in the realm of Business Process Management. The data and content created or uploaded by users are stored on our systems to provide the requested services. These materials remain private unless explicitly shared by the user within the platform.

2.4 Data Retention

- Authentication and account data are retained as long as your account remains active.
- User-generated content is retained until deleted by the user or upon account termination.
- Data may be retained longer where legally required (e.g., for tax or audit purposes, under Art. 6 para. 1 subpara. 1 letter c GDPR).

2.5 Security and Logging

We log complete IP addresses temporarily to detect and prevent attacks or abuse. These logs are deleted after seven days unless required for legal purposes. This processing is based on Art. 6 para. 1 subpara. 1 letter f GDPR (legitimate interest in maintaining security).