Privacy Policy

1. Data Controller

The data controller for this website and the Merkraum platform is:

Supervision Rheinland — Dr. Norman Hilbert
Kaiser-Karl-Ring 24a
53111 Bonn
Germany

Email: info@merkraum.de
Phone: +49 228 30402895

2. Hosting and Data Processing

Merkraum is hosted entirely within the European Union:

• Location: AWS Frankfurt (eu-central-1)
• Database: Neo4j and Qdrant on dedicated EU servers
• Authentication: Amazon Cognito (eu-central-1)
• No transfer outside the EU: All data remains within the EU. There is no transfer to third countries.

3. Data Collected

3.1 Account Data (Registration)

When you register, we collect:

• Email address
• Name (optional)
• Password (stored encrypted by Amazon Cognito)

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

3.2 Usage Data (Platform)

When using the Merkraum platform, we process:

• Knowledge content you provide (Knowledge Graph, Beliefs, Relationships)
• API access logs (timestamp, endpoint, user identifier)
• Personal Access Tokens (PATs) for programmatic access

Your knowledge content is fully isolated (tenant isolation). No other user has access to your data.

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

3.3 Website Analytics

This website uses Plausible Analytics — a privacy-friendly analytics tool:

• No cookies
• No personal data
• No IP address storage
• Compliant with GDPR, PECR, and CCPA without consent

4. Purpose of Processing

Your data is processed exclusively for:

• Providing and operating the Merkraum platform
• Authentication and account management
• Technical troubleshooting and security
• Billing (for paid plans)

There is no sharing with third parties, no profiling, and no automated decision-making.

5. Data Retention

Your knowledge content is stored as long as your account is active. After termination, all data is deleted within 30 days, unless statutory retention obligations apply.

API access logs are retained for a maximum of 90 days.

6. Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15): What data we have stored about you
• Rectification (Art. 16): Correction of inaccurate data
• Erasure (Art. 17): Complete deletion of your data on request
• Restriction (Art. 18): Restriction of processing
• Data portability (Art. 20): Export of your data in a machine-readable format
• Objection (Art. 21): Object to processing

To exercise your rights, contact: info@merkraum.de

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The responsible authority is:

Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestrasse 2-4
40213 Duesseldorf
Germany
www.ldi.nrw.de

8. Security

We protect your data through:

• TLS encryption for all connections
• Encryption at rest for stored data
• OAuth 2.0 + PKCE for authentication
• Full tenant isolation between users
• Audit trail for all data operations

Last updated: March 2026