Skip to main content

Privacy Policy

Last updated: May 2026

The protection of your personal data is of particular concern to us. We process your data exclusively on the basis of legal regulations: the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2003. This policy explains how data is collected, where it is stored, who processes it, and what rights you have.

1. Data Controller

Controller
Socintel FlexKapG (trading as Society Intelligence)
Hauffgasse 3–5/8, 1110 Vienna, Austria
Commercial Register: FN 630566 d, Vienna Commercial Court
Privacy contact
legal@euoptikos.com

2. Hosting and Infrastructure

EU Optikos is hosted on dedicated hardware operated by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Data residency is exclusively within the European Union. Traffic is served via a Traefik reverse proxy with Let’s Encrypt SSL; no Content Delivery Network is used, and request traffic does not leave the Hetzner DE infrastructure for the application surface.

When you visit EU Optikos, your IP address and the start/end of the session are recorded in operational logs for security and capacity-management purposes. The legal basis is Article 6(1)(f) GDPR (legitimate interest in maintaining a secure service).

3. Account Registration and Authentication

When you create an account, we collect your email address, your name, and your organisation affiliation. The legal basis is Article 6(1)(b) GDPR (performance of a contract).

Authentication is managed through Authentik, a self-hosted identity provider running on the same Hetzner DE infrastructure. No third-party authentication service is involved. Two-factor authentication (TOTP) is available; your organisation administrator may require it as a policy.

Session data is stored in a self-hosted Redis instance and expires after 24 hours. Refresh tokens are rotated on use.

4. AI Services

EU Optikos uses artificial-intelligence services for chat, briefings, hazard & exposure assessments, and event enrichment. Two providers are involved:

  • Anthropic PBC (548 Market Street #150, San Francisco, CA 94104, USA) for chat and structured generation using the Claude model family. Your messages are transmitted to Anthropic for inference. Per Anthropic’s commercial API terms, your conversation content is not used to train AI models. Transfers to the United States are governed by Standard Contractual Clauses where required.
  • Ollama (self-hosted on the same Hetzner DE infrastructure) for background event enrichment. No external data transfer is involved for this path.

The legal basis for AI processing is Article 6(1)(b) GDPR (performance of the subscribed service). We do not use your conversations, queries, or analysis results to train AI models.

5. Data Sources and Third Parties

EU Optikos aggregates data from seven public and licensed data sources. Full attribution and licence terms are available at /sources. Personal data of third parties that appears in these upstream sources (for example, sanctioned individuals listed via OpenSanctions) is processed under Article 6(1)(f) GDPR (legitimate interest in providing intelligence services) and, where applicable, Article 6(1)(e) GDPR (task in the public interest, for sanctions-compliance use cases).

6. Transactional Email

We use Resend (Resend Inc., delivered via AWS SES in the eu-west-1 region) to send transactional emails: account verification, password reset, support notifications, and security alerts. Resend processes your email address solely for delivery purposes. The legal basis is Article 6(1)(b) GDPR. Marketing email is opt-in and never sent without your explicit consent.

7. Cookies and Local Storage

EU Optikos uses only technically-necessary cookies. Specifically:

  • optikos_session — the session identifier. HttpOnly, secure, sameSite=Lax, 24-hour lifetime.
  • optikos_oidc_state — a transient state-matching cookie used during the OIDC sign-in handshake. Deleted immediately after authentication completes.

No analytics cookies, no tracking cookies, no advertising cookies are set by EU Optikos. We do not use Google Analytics or any third-party analytics service. Under Article 5(3) of the ePrivacy Directive, a cookie-consent banner is not required because only strictly-necessary cookies are set.

8. Email and Support Correspondence

If you contact us by email or through the in-app support channel, the message content and your contact details are stored for the purpose of processing the request and any follow-up questions. The legal basis is Article 6(1)(b) GDPR (pre-contractual or contractual communication) or Article 6(1)(f) GDPR (legitimate interest in customer support). We do not share this data with third parties without your consent.

9. Data Retention

  • Support enquiries — six months after last activity, or longer if a related contractual matter is unresolved.
  • Account data — for the duration of the account, then 30 days after account deletion before permanent removal.
  • AI conversation history — for the duration of the account; you may delete individual conversations at any time from the chat interface.
  • Support tickets — for the duration of the account plus the statutory retention period (seven years under Austrian tax law for contractual records).
  • Audit logs — operational logs default to 90 days; administrative-action logs are retained for the statutory period applicable to financial and regulatory records.

10. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right to withdraw consent at any time (Article 7(3) GDPR)

To exercise any of these rights, contact legal@euoptikos.com. We respond within one month, or sooner where feasible.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde):

Address
Barichgasse 40–42, 1030 Vienna, Austria
Phone
+43 1 52 152–0
Email
dsb@dsb.gv.at
Website
dsb.gv.at

For the comprehensive privacy policy of Society Intelligence, the operator of EU Optikos, see society-intelligence.com/en/privacy. In the event of a divergence, the German-language version on the parent site is the legally binding reference.