Privacy Policy
1. Controller
YASEEN Design und Druckservice
Arndtstr. 9, 99880 Waltershausen, Germany
Phone: +49 1590 1887622 · Email: info@yaseendesignservice.de
Legal representative: Khaled Yaseen
2. General information on data processing
We process personal data in accordance with the GDPR only as far as necessary to provide our services, to communicate with you, or to comply with legal requirements. The principles of data minimization, purpose limitation and storage limitation apply.
3. Hosting & infrastructure
Our systems are hosted with Hostinger in the EU. We use Docker for containerization and a PostgreSQL database to store operational data.
Data categories: technical server logs (IP address, timestamp, request URL, user agent), system/error logs, master data (e.g., customer ID), communication metadata.
Purposes: operation, security, troubleshooting, traceability of bot transactions.
Legal bases: Art. 6(1)(f) GDPR; where applicable Art. 6(1)(b) GDPR.
Storage duration: server logs usually up to 30 days, longer in individual cases.
4. Communication services
4.1 WhatsApp via Twilio
We use Twilio as a technical service provider for WhatsApp communication. Message content and metadata are processed via Twilio.
Data categories: text/voice messages, media metadata, phone numbers.
Purposes: bot operation, customer communication, proof of consents.
Legal bases: Art. 6(1)(a), (b), (f) GDPR. Third-country transfer: possible; SCC/DPA used.
4.2 Telegram
Communication via Telegram is processed by Telegram as an independent controller; we process the content only to handle your request.
5. AI and analytics services
5.1 ElevenLabs – speech processing (STT/TTS): audio content, transcripts; purposes: speech-to-text, quality assurance; legal bases: Art. 6(1)(a), where applicable b/f GDPR; third-country transfer possible; SCC/DPA.
5.2 FluentC – speech recognition: short text snippets; purposes: speech recognition; legal bases: Art. 6(1) (a/b/f); third-country transfer possible.
5.3 OpenAI & Cohere API: text inputs/outputs, metadata; purposes: response generation, analysis, automation; legal bases: Art. 6(1)(a/b/f) GDPR; third-country transfer possible.
5.4 Pinecone (vector database): embeddings, IDs, metadata; purposes: semantic search, context delivery; storage duration: until withdrawal/deletion.
5.5 Google services: API requests, technical metadata; purposes: bot functions (e.g., dispatch, appointments); legal bases: Art. 6(1)(b/f), where applicable a; third-country transfer possible.
6. Legal bases at a glance
- Art. 6(1)(a) GDPR – consent
- Art. 6(1)(b) GDPR – contract / handling inquiries
- Art. 6(1)(f) GDPR – legitimate interest
7. Recipients, processors & third countries
Use of Hostinger, Twilio, OpenAI, Cohere, ElevenLabs, FluentC, Pinecone. Third-country transfer with SCC.
8. Consent via WhatsApp buttons & withdrawal
Consent is obtained via buttons in WhatsApp and the decision is stored (timestamp, ID). Withdrawal is possible at any time by message or email.
9. Storage duration & deletion
Data is deleted after the purpose is achieved and in accordance with legal requirements.
10. Your rights
- Access, rectification, erasure, restriction, data portability
- Right to object (Art. 21 GDPR)
- Withdrawal of consents
- Right to lodge a complaint with a supervisory authority
11. Security
Technical and organizational measures: access controls, encryption, logging.
12. Changes
This privacy policy may be updated when necessary.