Last updated: May 27, 2025
We, nanostudios.ai (Katharina Schneider, Hauptstraße 129c, 61440 Oberursel, Germany, Email: info@nanostudio.ai – hereinafter “we” or “nanostudios.ai”), are pleased about your interest in our website and our services. The protection of your personal data is important to us. Below, we inform you in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about the processing of your personal data.
The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
nanostudios.ai Katharina Schneider Hauptstraße 129c 61440 Oberursel Germany Email: info@nanostudio.ai Phone: +49-6172-9819221
As a matter of principle, we process personal data of our users only to the extent necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal provisions.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functionality, security, and stability of our website, as well as for defending against attacks. The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of collecting data for the provision of the website, this is the case when the respective session has ended. In the case of storing data in log files, this is the case after 365 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible.
Our website does not use cookies for analysis or marketing purposes and does not use any other tracking technologies that require consent or collect personal data about your browsing behavior. At most, technically necessary cookies may be used, which are essential for the basic functionality of the site (e.g., session cookies for a login area, if available). The legal basis for the use of technically necessary cookies is § 25 (2) No. 2 TTDSG (German Telecommunications Telemedia Data Protection Act) or Art. 6(1)(f) GDPR.
If you contact us by email or via a contact form, if available, the personal data you transmit (e.g., name, email address, telephone number, content of your inquiry) will be stored. This data is used exclusively for processing your inquiry. The legal basis for processing the data is Art. 6(1)(b) GDPR if your contact is related to the conclusion of a contract or serves to carry out pre-contractual measures. In other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or, if applicable, on your consent (Art. 6(1)(a) GDPR), if this has been requested. The data will be deleted as soon as it is no longer required for the purpose of its collection, i.e., when the respective conversation with you has ended, the matter has been finally clarified, and no statutory retention obligations prevent deletion.
When you use our SaaS application “Nanospaces,” we process personal data necessary for the establishment, execution, and settlement of the user agreement (for registered users) or for providing the functions you use (for non-registered users).
To use Nanospaces as a registered user, registration is required. We collect the following data:
This data is used for creating and managing your user account, providing the contractually owed services, billing (including setup costs and monthly recurring payments), and communicating with you within the scope of the contractual relationship. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures).
During the use of Nanospaces, further personal data may be generated for both registered and non-registered users, for example:
We process this data to provide you with the functionalities of Nanospaces and to optimize the application. The legal basis for registered users is Art. 6(1)(b) GDPR (performance of a contract). For non-registered users, processing is carried out to provide the requested functionality (possibly Art. 6(1)(b) GDPR as a pre-contractual measure if the use serves testing purposes) and based on our legitimate interest in improving and ensuring the functionality of our services (Art. 6(1)(f) GDPR). For specific data transfer to LLM providers, see Section 5.
For the hosting, operation, and maintenance of our website and the Nanospaces application, we use the service provider netcup GmbH.
Data Processing Agreement (DPA): We have concluded a Data Processing Agreement (DPA) with netcup GmbH in accordance with Art. 28 GDPR. This agreement ensures that netcup GmbH processes personal data only according to our instructions and in compliance with the GDPR. Netcup GmbH is also certified according to ISO 27001, which demonstrates a recognized level of information security.
Since netcup GmbH is based in Germany and the servers are operated in the EU, the use of netcup as a host generally does not involve a data transfer to third countries without an adequate level of data protection.
Our platform Nanospaces enables interaction with and use of AI-powered agents based on Large Language Models (LLMs) from various providers. Access to these LLMs is via their respective Application Programming Interfaces (APIs).
When you use functions based on external LLMs, the data you enter (prompts, queries, documents uploaded for processing by the LLM) is transferred to the servers of the respective LLM providers via an API interface. This is technically necessary to enable AI functionality.
The following LLM providers and their APIs may be used:
The use of these LLM-based functions and the associated data transfer via APIs to the aforementioned providers requires your explicit consent in accordance with Art. 6(1)(a) GDPR. This applies to both registered and non-registered users. We obtain this consent from you before you first use such functions or before data is first transmitted to an external LLM provider. You can revoke your consent at any time with effect for the future (see section “Your Rights”). Please note that without your consent, you cannot use the LLM-based services of Nanospaces, as data transfer is essential for their operation.
The data transmitted to the LLM providers is used by them to process your request and, if applicable, to improve their models. Please refer to the privacy policies and terms of use of the respective LLM providers for detailed information, especially regarding their handling of API data:
We point out that it is your responsibility not to enter sensitive personal data or trade secrets into prompts for external LLMs if you do not wish for them to be disclosed or cannot be responsible for their disclosure. Many API providers have policies stating that data transmitted via the API is not used for training their general models unless you explicitly agree (opt-in) or there are specific opt-out options. Please carefully review the current and specific terms of the providers.
Important note regarding links: The links to the privacy policies and terms of use of the API providers mentioned above have been carefully researched but may change. It is your responsibility as the website operator (nanostudios.ai) to regularly check these links and ensure they are current and point to the correct documents relevant to your use.
The LLM providers mentioned in 5.a) (Google, OpenAI, Anthropic, etc.) are headquartered in the USA. The USA is considered a third country under data protection law, for which there is no adequacy decision by the EU Commission within the meaning of Art. 45 GDPR that generally confirms a level of data protection comparable to that of the EU (as of the creation of this Privacy Policy, please pay attention to updates regarding the EU-US Data Privacy Framework). The transfer of your data to the servers of these providers via APIs constitutes a data transfer to the USA. For the transfer of your data to these providers, we rely on:
We strive to ensure the highest possible level of protection for your data through contractual agreements and the selection of service providers.
For customers who wish, we also offer self-hosted AI solutions. Data processing within these solutions is contractually agreed individually with the respective customer and is not subject to this general privacy policy. In such cases, we typically act as a data processor for our customers.
As a data subject, you have the following rights:
To assert your rights, you can contact us using the contact details provided above.
We take appropriate technical and organizational security measures (TOMs) in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. This includes, for example, the use of SSL/TLS encryption for the transmission of data between your browser and our website/application. Our security measures are continuously improved in line with technological developments.
We store your personal data only for as long as necessary to achieve the respective processing purposes or as provided for by the various statutory retention periods (e.g., under commercial or tax law, § 257 HGB (German Commercial Code), § 147 AO (German Fiscal Code)). If the purpose of storage no longer applies or if a statutory retention period expires, your data will be routinely blocked or deleted in accordance with statutory provisions.
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that has legal effects on you or similarly significantly affects you. AI-supported functions serve to support and generate information, but decisions are still made by human users.
If you subscribe to our newsletter, we use the data required for this or separately provided by you (usually your email address and optionally your name for personal address) to regularly send you our email newsletter based on your consent pursuant to Art. 6(1)(a) GDPR.
Subscription to our newsletter is done via a so-called double opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing with third-party email addresses. Newsletter subscriptions are logged to be able to prove the subscription process in accordance with legal requirements. This includes storing the subscription and confirmation time, as well as the IP address.
You can unsubscribe from the newsletter at any time, either by sending a message to the contact option mentioned above or via a dedicated link in the newsletter. After unsubscribing, we will delete your email address from the newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use, which is legally permitted and about which we inform you in this declaration.
We maintain online presences within social networks and platforms to communicate with active customers, interested parties, and users there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
We are present on the following platforms:
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., write posts on our online presences or send us messages. The legal basis for processing data in the context of responding to inquiries and interacting with users is Art. 6(1)(b) GDPR (in the context of contract initiation/fulfillment) or Art. 6(1)(f) GDPR (our legitimate interest in communicating with users).
Please note that when using these platforms, user data may also be processed outside the European Union. This can pose risks for users because, for example, it could make it more difficult to enforce users’ rights. With regard to US providers certified under the EU-US Data Privacy Framework (or offering comparable guarantees), we point out that they thereby commit to complying with EU data protection standards. You should independently check whether the aforementioned providers are currently certified. For data transfers to the USA for which no such guarantees exist, the platforms may rely on EU Commission Standard Contractual Clauses (Art. 46(2)(c) GDPR).
For a detailed presentation of the respective processing operations and opt-out options, we refer to the information linked above and the privacy policies of the operators of the respective networks. In the case of requests for information and the assertion of user rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly. Should you still need help, you can contact us.
We offer you the opportunity to apply to us (e.g., by email or post). Below, we inform you about the collection, processing, and use of your personal data as part of the application process.
We process the data you provide us in connection with your application to assess your suitability for the position (or, if applicable, other open positions in our company) and to carry out the application process. This typically includes:
The processing of your applicant data is primarily for the initiation and, if applicable, establishment of an employment relationship on the basis of § 26 (1) BDSG (German Federal Data Protection Act) in conjunction with Art. 88 (1) GDPR. If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data) are voluntarily disclosed during the application process, their processing is additionally based on Art. 9 (2) (b) GDPR (for exercising rights or fulfilling legal obligations arising from labor law, social security law, and social protection).
Your personal applicant data will generally be stored for a maximum period of 6 months after completion of the application process and then deleted or anonymized. This serves to fulfill obligations of proof, particularly from the General Equal Treatment Act (AGG - Allgemeines Gleichbehandlungsgesetz). If an employment relationship is established, your data will be transferred to the personnel file. If we are currently unable to offer you a suitable position but your application is interesting for future positions, we will ask for your consent to store your data for a longer period (Art. 6(1)(a) GDPR). You can revoke this consent at any time.
Your applicant data will only be passed on to the internal departments and specialist units of our company responsible for the specific application process. Disclosure to third parties will not take place without your express consent, unless we are legally obliged to do so.
This Privacy Policy is currently valid and was last updated on May 27, 2025.
Due to the further development of our website and offers thereon or due to changed legal or official requirements, it may become necessary to amend this privacy policy. The current version of this Privacy Policy can be accessed and printed by you at any time on the website at https://nanostudio.ai/datenschutz. We recommend that you regularly inform yourself about the content of our privacy policy.