Privacy Notice: Contact Form, File Upload & AI Chat Assistant

We take your privacy seriously. This notice explains how we handle your data when you contact us through this form, upload files, or use our AI chat assistant. We've written this in plain English because transparency matters.

1. Who We Are

Data Controller:
George A. Rauscher
intelligent piXel GmbH
Giesinger Bahnhofplatz 1
81539 Munich, Germany
Email: my@intelligent-pixel.com

2. What Data We Collect

When you use this contact form, we collect:

• Your name – so we know who to respond to
• Your email address – so we can reply to you
• Your message – to understand what you need help with
• Optional file uploads – server logs, error reports, or technical documentation (PDF, TXT, LOG, JSON, ZIP files only)
• Technical data – your IP address, timestamp, browser information (for security and spam prevention)

When you use our AI Chat Assistant (Tyra):

• Your chat messages – to provide email support answers
• Technical data – IP address, session timestamp (for rate limiting and security)
• NO personal identifiable data is required – you can use the chat anonymously

3. Why We Need This Data (Legal Basis)

We process your data based on:

• Your consent (GDPR Art. 6(1)(a)) – by checking the privacy box, submitting the form, or using the chat
• Contract execution (GDPR Art. 6(1)(b)) – to respond to your support request
• Legitimate interest (GDPR Art. 6(1)(f)) – to protect our systems from spam and abuse

4. AI Chat Assistant (Tyra) - How It Works

What Tyra does:

• Answers email-related questions (IMAP/SMTP, spam protection, DKIM, etc.)
• Provides instant technical support for email configuration
• Works in multiple languages (English, German, and more)

What data is processed:

• Your questions are sent to OpenAI (USA) for processing via their GPT model
• NO permanent storage – messages are processed in real-time and not saved long-term
• NO account required – you can chat anonymously without providing personal information
• Rate limiting – maximum 30 questions per session to prevent abuse

OpenAI Data Processing:

• OpenAI may temporarily process your messages to generate responses
• OpenAI's API does not use your data to train their models (as of our service agreement)
• Messages are transmitted via encrypted connection (TLS 1.3)
• For more details, see OpenAI's Privacy Policy

⚠️ Important Privacy Recommendation:

We strongly recommend NOT entering any personal or sensitive information in the AI chat, including:

• Your full name, address, or phone number
• Email passwords or account credentials
• Financial information (credit card numbers, bank details)
• Any other private personal data

Tyra only needs your technical question about email setup or configuration. No personal details are necessary to get helpful answers.

5. What We Do With Your Files

File uploads are exclusively for technical support purposes:

• Server log files
• Error reports and stack traces
• Configuration files (sanitized, no credentials)
• Technical diagnostics

We do NOT accept:

• Personal documents (ID cards, passports, contracts)
• Financial information
• Medical records
• Any sensitive personal data

How we handle uploads:

• Files are transmitted via encrypted connection (TLS 1.3)
• Temporarily stored on our secure German server (max 60 seconds)
• Attached to an email sent to my@intelligent-pixel.com (ProtonMail, Switzerland)
• Immediately and permanently deleted from our server after successful email transmission
• No backup copies, no archives, no retention

6. Email Transmission & Security

Your message is sent via:

• ProtonMail (Switzerland) – encrypted email service
• TLS encryption during transmission
• No tracking pixels or analytics in our responses
• No automated processing – every message is read by a human (me)

7. Who Can Access Your Data

• George A. Rauscher (me) – I personally read and respond to every message
• OpenAI (USA) – processes AI chat messages in real-time (no long-term storage, EU-US Data Privacy Framework compliant)
• ProtonMail (Switzerland) – our email provider, subject to Swiss privacy laws
• Our server host (Hetzner, Germany) – only infrastructure, no access to email content
• Nobody else. We don't use analytics, tracking, or third-party marketing services.

We will never:

• Share your data with marketers or advertisers
• Sell your information to anyone
• Add you to mailing lists without explicit consent
• Use your chat messages for marketing or profiling

8. How Long We Keep Your Data

• AI Chat messages: Processed in real-time, not permanently stored on our servers
• Uploaded files: Deleted immediately after email transmission (typically within 60 seconds)
• Email correspondence: Kept until your support case is resolved, then deleted unless you request ongoing support
• Security logs: IP addresses and timestamps are kept for 30 days for spam prevention, then automatically deleted
• Legal retention: If legally required (e.g., for accounting or legal disputes), we may retain data for up to 10 years (German HGB § 257)

9. Your Rights Under GDPR

You have the right to:

• Access (Art. 15) – request a copy of all data we have about you
• Rectification (Art. 16) – correct any inaccurate information
• Erasure (Art. 17) – request deletion of your data ("right to be forgotten")
• Restriction (Art. 18) – limit how we process your data
• Data portability (Art. 20) – receive your data in a machine-readable format
• Objection (Art. 21) – object to processing based on legitimate interest
• Withdraw consent (Art. 7(3)) – withdraw your consent at any time

To exercise any of these rights, email: my@intelligent-pixel.com

10. Right to Complain

If you believe we've mishandled your data, you can file a complaint with:

Bavarian State Office for Data Protection Supervision
(Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 18, 91522 Ansbach, Germany
Website: www.lda.bayern.de

11. Security Measures

We protect your data with:

• TLS 1.3 encryption for all data transmission
• Rate limiting – max 3 contact form submissions per 10 minutes per IP, max 30 AI chat messages per session
• Spam filters – pattern detection, header injection protection, honeypot traps
• Server hardening – file execution disabled in upload directories, access logs, IP blocking
• Secure file handling – file type validation, size limits (10 MB max), immediate deletion after transmission
• No public access – uploaded files are never publicly accessible, even temporarily
• API security – OpenAI API keys stored outside web root, secure server-side processing only

12. Automated Decision Making

We do not use automated decision-making or profiling (GDPR Art. 22). Every contact form message is personally reviewed and answered by a human.

AI Chat Assistant: Tyra uses AI to generate responses, but this is for support purposes only, not for making decisions about you or profiling your behavior.

Exception: Automated spam filters may block submissions that match known spam patterns. If you believe your message was incorrectly blocked, please email us directly at my@intelligent-pixel.com.

13. International Data Transfers

OpenAI (our AI provider) is based in the USA. Data transfers to the USA are protected by:

• EU-US Data Privacy Framework (adequate level of protection)
• Standard Contractual Clauses (SCCs) as per GDPR Art. 46
• TLS 1.3 encryption during transmission
• No long-term data storage by OpenAI for API usage

14. Changes to This Policy

We may update this privacy notice from time to time. Changes will be posted on this page with an updated "Last Modified" date. For significant changes, we'll add a notice on our website.

Last Modified: November 6, 2025

15. Questions or Concerns?

If anything in this policy is unclear, or if you have questions about how we handle your data, please don't hesitate to reach out:

Email: my@intelligent-pixel.com
Response Time: We typically respond within 48 hours (often much faster)

---

Plain English Summary:
We collect your name, email, message, and optional file uploads to respond to your support request. Our AI chat assistant (Tyra) helps answer email-related questions instantly, powered by OpenAI. Chat messages are processed in real-time and not permanently stored. We strongly recommend NOT entering personal information in the chat. Files are sent to us via encrypted email and immediately deleted from our server. We don't share your data with marketers, don't track you, and don't add you to mailing lists. You can request deletion anytime. We're based in Germany and follow GDPR strictly.