Privacy Policy

1. Responsible Entity and Contact Information

Responsible for Data Processing
MechanX UG (haftungsbeschränkt) i.G.
Kolonnenstr. 8
10827 Berlin
Germany

Represented by:

• Oguzhan Soyer
• Ediz Kocabas

Email: [email protected]
Phone: 015155307661

This privacy policy applies to the processing of personal data of all users and visitors of the website https://mechanxai.com.

Competent Supervisory Authority

For data protection questions or complaints, you are free to contact the responsible data protection supervisory authority. For the company based in Berlin, this is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Tel.: +49 30 13889-0
Email: [email protected]

2. General Information on Data Processing

We process your personal data (e.g., name, email address, IP address) only in accordance with applicable data protection regulations, particularly the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Personal data is any information that can directly or indirectly identify you as an individual.

The legal bases for our processing activities arise from Art. 6(1) GDPR (particularly point (b) – contract performance, point (f) – legitimate interest, point (a) – consent, point (c) – legal obligation). When using services such as web analytics tools, it may be necessary to obtain your consent (Art. 6(1)(a) GDPR). In these cases, an appropriate opt-in request is made via our cookie or tracking banner.

We reserve the right to adapt this privacy policy as needed. The current version can always be found on our website.

3. Collected Data and Purposes of Processing

3.1 Website Visit and Cookies

When you visit our website, we collect standard access data (e.g., IP address, browser type, date and time of access, referrer URL). This information is stored in server log files and serves to ensure technical operation and system security (legitimate interest according to Art. 6(1)(f) GDPR).

We also use cookies and similar technologies to provide you with a user-friendly and secure website (e.g., session cookies for the login process). Details on how these work, the cookies we use, and your setting options can be found further down in this statement (see "Tools" section).

The storage duration of these cookies varies by type. Some are automatically deleted at the end of the session ("session cookies"), while others remain until they expire or you remove them yourself.

3.2 Account Creation

When registering to create an account, we need to process certain personal data. This may include:

• Email address
• IP address
• Login data (password, etc.)

We process this data to:

• Enable you to use our services (Art. 6(1)(b) GDPR – contract performance).
• Recommend content or conduct statistical analyses to improve the service (Art. 6(1)(f) GDPR – legitimate interest).

The data is stored only as long as necessary for the purpose or to fulfill legal requirements. When you delete your account, the corresponding data is generally removed immediately, unless legal retention periods prevent this.

3.3 Account Deletion

You can delete your account and all associated data directly within the app. To do so, navigate to Account > Delete Account. Once the deletion process is initiated, your personal data will be removed from our systems in accordance with applicable legal retention periods.

3.4 Contact Requests

When you send us inquiries via email or a contact form, we process the data you provide (name, email address, message content) to answer your inquiry (Art. 6(1)(b) GDPR, or Art. 6(1)(f) GDPR). We delete the inquiries once they are no longer necessary for the original purpose, taking into account legal retention obligations.

4. Legal Bases for Processing

• Art. 6(1)(b) GDPR – Contract performance (e.g., account registration, processing inquiries, providing services).
• Art. 6(1)(a) GDPR – Consent, especially for cookies/tracking and newsletter subscriptions.
• Art. 6(1)(f) GDPR – Legitimate interest, e.g., IT security, statistical analyses, optimization of our services.
• Art. 6(1)(c) GDPR – Fulfillment of legal obligations, e.g., commercial and tax law retention obligations.

5. Sharing Your Data

We only share personal data with third parties if:

• You have consented to this (Art. 6(1)(a) GDPR).
• It is necessary for the fulfillment of our contract or to implement pre-contractual measures (Art. 6(1)(b) GDPR).
• We are subject to a legal obligation (Art. 6(1)(c) GDPR).
• A legitimate interest exists, provided your interests or fundamental rights do not override this (Art. 6(1)(f) GDPR).

Typical recipients are service providers we engage to provide our services (e.g., hosting, IT support, payment providers), to whom we only transfer the data necessary for the respective purpose.

6. Third-Country Transfers

A transfer to third countries (outside the EU or EEA) only takes place if either an adequate level of data protection has been confirmed in the respective country (adequacy decision by the EU Commission) or appropriate safeguards (standard contractual clauses) have been agreed in accordance with Art. 46 GDPR. Details on the respective tools and services that may process personal data outside the EEA are listed in the sections described below.

7. Storage Duration and Deletion

Personal data is only retained as long as necessary for the respective purposes or as required by legal retention periods.

• Account information is deleted as soon as you close your account or after extended inactivity (e.g., 15 months), unless legal retention periods prevent this.
• Business documents (e.g., invoices) are retained in accordance with legal obligations (e.g., German Commercial Code, German Tax Code) for up to 10 years.

8. Data Subject Rights

As a "data subject" under the GDPR, you have the following rights:

• Access (Art. 15 GDPR)
  You can obtain information about the personal data we process.
• Rectification (Art. 16 GDPR)
  If the processed data is incorrect or incomplete, you can request its correction.
• Erasure (Art. 17 GDPR)
  You can request the deletion of your personal data, provided there are no conflicting retention periods or other justifications.
• Restriction (Art. 18 GDPR)
  You have the right to request the restriction of processing if the legal requirements are met.
• Data Portability (Art. 20 GDPR)
  You can request to receive your data in a common, structured, and machine-readable format or – where technically feasible – have it transferred to another controller.
• Objection (Art. 21 GDPR)
  You have the right to object to the processing of your data based on legitimate interest for reasons arising from your particular situation.
• Withdrawal of Consent (Art. 7(3) GDPR)
  You can withdraw any consent you have given at any time for the future.

To exercise your rights, an informal message by email to [email protected] or to our postal address is sufficient.

You also have the right to lodge a complaint with a supervisory authority (see section 1).

9. Security

We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse. Our website uses SSL/TLS encryption to ensure confidential content is transmitted securely. You can recognize the encrypted connection by "https://" and a lock icon in your browser's address bar.

10. Tools and Services Used

10.1 Google Analytics

We use Google Analytics (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland) to analyze website usage. Cookies are used that collect information about your usage behavior (e.g., IP address, referrer URL, pages visited) and transfer it to a Google server. We use IP anonymization, so your IP address is truncated before any possible transfer to the USA.

• Legal basis: Your consent (Art. 6(1)(a) GDPR), which you can give or refuse in the cookie banner.
• Objection: You can prevent collection by Google Analytics at any time, e.g., by installing a browser add-on (https://tools.google.com/dlpage/gaoptout) or by deactivating it in the cookie banner.

10.2 Umami

We use Umami as a privacy-friendly analytics tool that collects anonymous data about page views and user interactions without storing personal information.

• Data collected: Page views, referrer, browser type, operating system, possibly truncated IP address.
• Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) or consent, if required.

10.3 Hotjar

We use Hotjar (Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta) to better understand user behavior on our website. Mouse movements, clicks, scrolling behavior, etc. are collected in pseudonymized form.

• Legal basis: Consent (Art. 6(1)(a) GDPR).
• Opt-Out: You can object at https://www.hotjar.com/legal/compliance/opt-out or via the "Do Not Track" setting in your browser.

10.4 CookieYes

We use CookieYes (CookieYes Limited) to manage your consent for the use of cookies. Data such as your cookie preferences, an anonymous identifier, and (in anonymized form) your IP address are processed.

• Legal basis: Art. 6(1)(c) GDPR (compliance with legal documentation obligations).
• Storage duration: The consent data is stored in accordance with legal requirements (up to 6 years).

11. Newsletter

If we offer a newsletter and you subscribe to it, we use your email address exclusively for sending our newsletter (Art. 6(1)(a) GDPR). You can withdraw this consent at any time, e.g., via the unsubscribe link in the newsletter or by email to [email protected]. After withdrawal, your email address will be deleted from the newsletter distribution list.

12. Changes to this Privacy Policy

We reserve the right to update this policy as needed. Changes will be published on our website. Please regularly check for the current status.

Last updated: January 27, 2025

For questions or concerns about data protection, please contact us at:
Email: [email protected]

MechanX UG (haftungsbeschränkt) i.G.
Kolonnenstr. 8
10827 Berlin
Germany