Privacy Policy

1. Overview

This policy applies to all visitors to padawanabhi.de and covers personal data collected through the website's forms, tools, analytics, and subscription features. Personal data is processed exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We never sell your data to third parties.

2. Data Controller

The data controller responsible for this website is Padawan Abhi Holding UG (haftungsbeschränkt), Christburger Straße 23, 10405 Berlin, Germany. Managing director: Abhishek Nair. If you have questions about how your data is handled or wish to exercise any of your rights, contact us at privacy@padawanabhi.de.

3. Data We Collect

We collect personal data only when you actively provide it through one of the forms or features described below. We do not collect data passively beyond what is described in the Analytics section.

3.1 Contact Form

When you submit the contact form, we collect your name, email address, and message. We also record UTM parameters (source, medium, campaign) if you arrived via a tracked link. This data is stored in our Supabase database and used to respond to your inquiry. A confirmation email is sent via Resend. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (our legitimate interest in responding to inquiries).

3.2 Consultation Request Form

When you request a consultation, we collect your name, email address, optional company name, project type, selected technical areas (such as agentic AI, robotics, compliance, due diligence, MVP design, fundraising, team building, or architecture), budget range, timeline, project description, and UTM parameters. This data is stored as structured metadata in our Supabase database and used to prepare for your consultation. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

3.3 Newsletter

When you subscribe to our newsletter, we collect your email address, subscription source, and language preference. We use a double opt-in process: you will receive a confirmation email with a verification link, and your subscription is only activated after you click it. Your data is stored in our Supabase database and used solely to send you the newsletter. You can unsubscribe at any time using the link in every email. Legal basis: Art. 6(1)(a) GDPR (your consent).

3.4 Checklist and Resource Downloads

When you download a checklist or resource, we collect your email address, optional company name, checklist type, and language preference. The requested PDF is delivered via email through Resend. Your data is stored in our Supabase database. Legal basis: Art. 6(1)(a) GDPR (your consent).

3.5 Quiz Participation

When you take a quiz on our site, we store your answers and score. Providing an email address is optional. If you do provide one, it is stored alongside your results for follow-up purposes. Quiz data is stored in our Supabase database. Legal basis: Art. 6(1)(a) GDPR (consent, for optional email) and Art. 6(1)(f) GDPR (our legitimate interest in analyzing anonymous quiz results to improve our content).

3.6 Book Waitlist

When you join our book waitlist, we collect your email address and language preference. This data is stored in our Supabase database and used only to notify you about the book launch. Legal basis: Art. 6(1)(a) GDPR (your consent).

4. Analytics and Cookies

4.1 Google Analytics 4

This website uses Google Analytics 4 (Measurement ID: G-CKCS7FK7FM), a web analytics service provided by Google LLC. Google Analytics is only loaded after you give consent through our cookie banner. It uses cookies to analyze how visitors interact with the website.

We use Google Analytics to:

• Understand how visitors navigate the website
• Identify which content is most useful
• Improve user experience and site performance
• Track engagement with blog posts, tools, and projects

Google Analytics sets the following cookies:

• _ga: Distinguishes unique visitors (expires after 2 years)
• _ga_*: Maintains session state (expires after 2 years)

IP Anonymization: Google Analytics 4 processes IP addresses only to determine approximate geographic location, after which the IP address is discarded and not written to storage. Any transfer of data to Google's infrastructure is governed by Standard Contractual Clauses (SCCs) as described in the International Data Transfers section.

Events we track: Page views, blog views, blog engagement, project views, contact form submissions, newsletter sign-ups, quiz starts and completions, scroll depth, time on page, social link clicks, file downloads, and on-site search. No events contain personally identifiable information.

Opting Out: You can prevent Google Analytics from collecting your data by:

• Declining analytics cookies in our cookie consent banner
• Installing the Google Analytics Opt-out Browser Add-on
• Configuring your browser to block third-party cookies

For more information about how Google processes data, see Google Privacy Policy.

Legal basis: Art. 6(1)(a) GDPR (your consent via the cookie banner).

4.2 Cookie Consent

When you first visit our website, a cookie banner asks for your consent before any non-essential cookies are set. Your preference is stored in your browser's localStorage under the key "cookie_consent" and is valid for 365 days. We use two categories: Essential cookies (always active, required for the site to function) and Analytics cookies (only activated with your consent). You can change your preference at any time by clearing your browser's localStorage or by updating your choice on a return visit.

5. Data Processors

We use the following third-party service providers to operate this website. Each acts as a data processor under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

• Supabase (supabase.com) -- Database hosting and file storage. Data is stored in the Frankfurt, Germany region (eu-central-1). Supabase processes data only on our instructions under their DPA.
• Resend (resend.com) -- Transactional email delivery. Used to send confirmation emails, PDF attachments for resource downloads, and contact form notifications.
• Google LLC (google.com) -- Google Analytics 4. Processes anonymized analytics data. Data transfers to the US are governed by Standard Contractual Clauses (SCCs).
• Hetzner Online GmbH (hetzner.com) -- Server hosting. Our application server is located in Germany (Falkenstein/Nuremberg). Hetzner processes data only on our instructions under their DPA.

6. Data Retention

We retain your personal data only as long as necessary for the purpose it was collected. Specific retention periods are as follows:

• Contact form and consultation submissions: 24 months after your last activity, then anonymized or deleted.
• Newsletter subscribers: until you unsubscribe, plus 30 days for processing the removal.
• Quiz results: 12 months, then deleted.
• Book waitlist: until the book launches plus 6 months, then deleted.
• Google Analytics data: 14 months (Google's default retention period).
• Server logs: 30 days, then automatically deleted.

7. International Data Transfers

Your data is primarily stored and processed within the European Union (Germany). International transfers occur through Google Analytics 4 (usage data to Google's US infrastructure) and Resend (transactional email processing, US-based). Both transfers are safeguarded by EU Standard Contractual Clauses (SCCs) in accordance with Art. 46(2)(c) GDPR. Google Analytics discards IP addresses after geolocation processing.

8. Rate Limiting and Security

To protect our website and API endpoints from abuse, we use IP-based rate limiting. Your IP address is held in server memory during active sessions for this purpose but is not persistently stored or logged beyond our standard 30-day server log retention. Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in maintaining the security and availability of our services).

9. Your Rights Under the GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@padawanabhi.de. We will respond within one month.

• Right of access (Art. 15 GDPR): You can request a copy of all personal data we hold about you.
• Right to rectification (Art. 16 GDPR): You can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): You can ask us to delete your personal data when it is no longer needed or you withdraw consent.
• Right to restriction (Art. 18 GDPR): You can ask us to temporarily stop processing your data in certain circumstances.
• Right to data portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format for transfer to another service.
• Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest at any time.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for this website is the Berliner Beauftragte fuer Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Friedrichstr. 219, 10969 Berlin, Germany.

10. SSL/TLS Encryption

This website uses SSL/TLS encryption for all connections. You can verify this by the "https://" prefix and the lock icon in your browser's address bar. This ensures that data transmitted between your browser and our server -- including form submissions and any personal data -- is encrypted and cannot be read by third parties in transit.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our data practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. For processing based on legitimate interest or contract, continued use of the website after changes constitutes acknowledgment. Where processing relies on your consent, we will seek renewed consent if material changes affect those activities.

12. Contact

If you have any questions about this privacy policy, want to exercise your data protection rights, or have concerns about how your data is processed, please contact us at: privacy@padawanabhi.de