Privacy Policy

Last updated: December 15, 2025

                Important: This Privacy Policy explains how Mohammad Mirzakhani Dehkordi ("we", "us", "our") collects, 
                uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) 
                and German data protection laws.
            

1. Data Controller

The data controller responsible for processing your personal data is:

Betreiber: Mohammad Mirzakhani Dehkordi
Firmenname: Mohammad Mirzakhani Dehkordi
Scharrnstraße 2
38100 Braunschweig, Deutschland
E-Mail: contact@fahrtrack.de
Telefon: +49 151 23180596

Hinweis: Die Gründung einer UG (haftungsbeschränkt) ist geplant; die Eintragung ins Handelsregister beim Amtsgericht Braunschweig wird voraussichtlich im April 2026 erfolgen. Bis zur Eintragung haftet der Betreiber persönlich.

2. Information We Collect

2.1 Information You Provide

We collect the following information when you use our Service:

Account Information: Email address, password (hashed), two-factor authentication secret
Profile Information: Account status, credit balance, user groups, administrative status
Document Data: Files you upload (PDFs, Excel files), document metadata, processing status
Usage Data: API usage records, task IDs, processing results, exam results
Communication Data: Messages sent through our chat functionality, queries, and responses

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

Session data stored in Redis/Valkey
Task status and progress information
IP addresses (for security and analytics purposes)
Browser type and version
Device information

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service you requested
Legitimate Interests (Art. 6(1)(f) GDPR): For security, fraud prevention, and service improvement
Consent (Art. 6(1)(a) GDPR): When you explicitly consent to specific processing activities
Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws and regulations

4. How We Use Your Information

We use the collected information for the following purposes:

To provide, maintain, and improve our Service
To process your document uploads and AI-powered analysis requests
To manage your account, including authentication and authorization
To process payments and manage credit balances
To communicate with you about your account and the Service
To ensure security and prevent fraud
To comply with legal obligations
To analyze usage patterns and improve our Service

5. Data Storage and Security

5.1 Storage Locations

Your data is stored in secure cloud infrastructure, primarily in the European Union (EU). Some data may be processed using services located outside the EU, but only with appropriate safeguards in place (e.g., Standard Contractual Clauses).

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

Encryption of data in transit (HTTPS/TLS)
Encryption of sensitive data at rest
Secure password hashing (using industry-standard algorithms)
Two-factor authentication (2FA) for account access
Regular security audits and updates
Access controls and authentication mechanisms
Regular backups and disaster recovery procedures

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., cloud storage, AI processing services), subject to strict confidentiality obligations
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
Protection of Rights: To protect our rights, property, or safety, or that of our users

7. Third-Party Services

Our Service integrates with the following third-party services:

Cloud Storage (AWS S3): For storing uploaded documents
AI Services (OpenAI): For processing document queries and analysis
Vector Database (Pinecone): For document indexing and search
Session Storage (Redis/Valkey): For managing user sessions
Message Queue (AWS SQS): For task processing
Jira: For test case management (if used)

These services have their own privacy policies. We recommend reviewing them to understand how they handle your data.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Art. 15 GDPR): Request a copy of your personal data we hold
Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data
Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten")
Right to Restriction (Art. 18 GDPR): Request restriction of processing in certain circumstances
Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, commonly used format
Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., Berlin Data Protection Authority)

8.1 Exercising Your Rights

To exercise any of these rights, please contact us at contact@fahrtrack.de. We will respond to your request within one month, or within two months for complex requests.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained while your account is active and for a reasonable period after account closure for legal and business purposes
Document Data: Retained until you delete the document or your account is closed
Usage Data: Retained for analysis and improvement purposes, typically for up to 2 years
Session Data: Deleted when the session expires or is terminated

After the retention period, data will be securely deleted or anonymized unless legal obligations require longer retention.

10. Cookies and Tracking Technologies

We use session cookies and similar technologies to maintain your login session and improve Service functionality. These are essential for the Service to function properly. We do not use tracking cookies for advertising purposes.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other legally recognized transfer mechanisms

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top indicates when this Policy was last revised.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

E-Mail: contact@fahrtrack.de
Telefon: +49 151 23180596
Adresse: Scharrnstraße 2, 38100 Braunschweig, Deutschland
Data Protection Officer: Available upon request at contact@fahrtrack.de

15. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the competent supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin, Germany
Website: www.datenschutz-berlin.de

By using Kifragt.de, you acknowledge that you have read and understood this Privacy Policy.