Privacy Policy

This Privacy Policy explains how Remediate.AI UG (haftungsbeschränkt) processes personal data when you visit our website, create an account, use our BFSG/WCAG scanning tools, purchase a report, subscribe to a plan, or contact us.

Represented by: Akash Mutgi, Managing Director

Email: contact@getremediate.de

Commercial Register: Amtsgericht München, HRB 312809

Depending on how you use Remediate.AI, we may process the following categories of data:

• Account data: name, email address, company name, password hash, login information
• Contact data: email messages, support requests, meeting booking information
• Payment and billing data: billing name, company details, invoice information, payment status
• Website scan data: submitted URLs, detected accessibility issues, technical metadata, screenshots where required for the scan, generated recommendations, reports and patch suggestions
• Usage data: pages visited, product usage, scan history, API requests, log files, timestamps, IP address, browser and device information
• Communication data: email notifications, transactional emails, support replies and system messages

We do not intentionally collect special categories of personal data unless such data is contained in website content submitted by the customer for scanning.

We process personal data for the following purposes:

• To provide the Remediate.AI platform and scanning services
• To generate BFSG/WCAG readiness reports
• To create AI-assisted remediation suggestions
• To manage accounts, subscriptions, payments and invoices
• To provide customer support and respond to enquiries
• To secure, monitor and improve our services
• To comply with legal, tax and accounting obligations
• To send transactional emails, service notifications and product-related updates

We process personal data under the following legal bases:

• Art. 6(1)(b) GDPR: performance of a contract or pre-contractual steps
• Art. 6(1)(c) GDPR: compliance with legal obligations
• Art. 6(1)(f) GDPR: legitimate interests, including service security, fraud prevention, product improvement and customer communication
• Art. 6(1)(a) GDPR: consent, where required, for example for optional cookies or marketing communication

Payments are processed through Stripe. We do not store full credit card details on our servers. Stripe may process payment details, billing information and transaction metadata as an independent service provider/payment processor according to its own terms and privacy information.

We use carefully selected third-party providers to operate Remediate.AI. These may include:

• Hosting and deployment providers
• Database and storage providers
• Payment processors such as Stripe
• Email delivery providers
• Analytics and monitoring tools
• AI model and automation providers used to generate scan analysis, fix suggestions and report content

Where required, we enter into data processing agreements with our processors.

Remediate.AI may use AI systems to analyse accessibility issues, generate explanations, suggest code changes and create report content. Data sent to AI systems may include website URLs, HTML snippets, accessibility violation metadata, screenshots or other technical scan data necessary to provide the service.

We do not use customer scan data to train our own public foundation model. Where third-party AI providers are used, processing is governed by the relevant provider terms and data processing arrangements.

Where service providers process data outside the European Economic Area, we take appropriate safeguards, such as EU Standard Contractual Clauses or equivalent transfer mechanisms, where required by GDPR.

Our website may use cookies or similar technologies for essential functionality, analytics, security and product improvement. Essential cookies are required to provide the website and platform. Optional cookies are only used where legally permitted or based on your consent.

You can control cookies through your browser settings and, where applicable, through our cookie banner or privacy preferences.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods:

• Account data: for the duration of the customer relationship
• Billing and invoice data: according to statutory tax and commercial retention obligations
• Scan data and generated reports: for the duration of the customer account or as required to provide the purchased service
• Support emails: as long as required to handle the request and document the communication
• Technical logs: for a limited period required for security, debugging and service operation

After the relevant retention period, data is deleted or anonymised unless legal obligations require longer storage.

Under GDPR, you may have the following rights:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to withdraw consent where processing is based on consent
• Right to lodge a complaint with a supervisory authority

To exercise your rights, contact us at: contact@getremediate.de

You have the right to lodge a complaint with a data protection supervisory authority.

For companies based in Bavaria, the competent authority may be:

Please verify the competent authority based on your final registered company details.

We use technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. These measures include access controls, encryption where appropriate, secure authentication, logging and infrastructure monitoring.

We may update this Privacy Policy from time to time. The latest version will always be available on our website. If we make material changes, we may notify users through the platform or by email.

For privacy questions, contact:

Email: contact@getremediate.de