Privacy Policy

Last updated: April 27, 2026

This policy describes how we process personal data for our website and storefront under the EU General Data Protection Regulation (GDPR), Germany's Federal Data Protection Act (BDSG), and related digital service privacy rules.

1. Controller

Genbrains
Musterstrasse 1, 10115 Berlin, Germany
Email: legal@genbrains.ai

2. Data protection contact

Email: privacy@genbrains.ai

3. Categories of data

• Technical data (IP, browser, device, logs).
• Contact and account data you provide (name, email, company).
• Order and payment metadata (ordered items, timestamps, status).
• Support communication data.
• Cookie and consent preferences.

4. Purposes and legal bases (GDPR Art. 6)

• Website operation and security: Art. 6(1)(f) GDPR (legitimate interests).
• Contract performance and pre-contractual steps: Art. 6(1)(b) GDPR.
• Compliance with legal obligations: Art. 6(1)(c) GDPR.
• Optional analytics/marketing technologies: Art. 6(1)(a) GDPR (consent).

5. Cookies and tracking technologies

Access to and storage of data on user devices is handled in accordance with Section 25 TDDDG. Optional cookies are used only after prior consent. Strictly necessary cookies are used without consent where legally permitted.

6. Recipients and processors

We may use processors for hosting, payment processing, infrastructure, support, and communications. These providers are bound by data processing agreements where required.

7. International transfers

If data is transferred outside the EEA, we use appropriate safeguards, such as adequacy decisions or standard contractual clauses, as required by GDPR Chapter V.

8. Retention periods

• Server logs: generally up to 30 days unless security investigations require longer retention.
• Contract and invoice records: retained according to tax and commercial law obligations.
• Consent records: kept for accountability while consent remains relevant.

9. Your rights

You may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent at any time, subject to legal requirements (GDPR Arts. 15-22 and 7(3)).

10. Complaints

You can lodge a complaint with a supervisory authority, especially in your place of residence, workplace, or the place of alleged infringement. Lead authority (current setup): Berlin Commissioner for Data Protection and Freedom of Information.

11. Changes

We may update this policy as services or legal requirements change. The latest version is always posted here.

This is a technical template and does not replace legal advice. Have a qualified German/EU lawyer validate your final text.