Privacy Policy.

Last updated · 19.01.2026

/

1. General Information

Responsible Controller (Art. 4 No. 7 GDPR):
Kilian Weinzierl & Mattis Müller
Schlesierstr. 39a, 93057 Regensburg
Email: support@avogram.com

Data Protection Officer: We are not required to appoint a Data Protection Officer.

2. Your Rights

As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15) — request information about stored data.
  • Right to rectification (Art. 16) — correct incorrect data.
  • Right to erasure (Art. 17) — "right to be forgotten."
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21) — to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) — at any time, e.g. for the newsletter.

Contact us at support@avogram.com to exercise these rights. You also have the right to lodge a complaint with a supervisory authority.

3. Data Collection on Our Website

a) Hosting (Vercel)

Hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). On visit, Vercel collects metadata (IP address, browser type, timestamp) for service stability and security.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Transfer: USA, certified under EU-U.S. Data Privacy Framework. Storage: only as long as needed for security purposes. DPA: concluded with Vercel under Art. 28 GDPR.

b) Security (Rate Limiting)

To protect forms from abuse, we store a pseudonymized hash of your IP address and a timestamp in our database (Vercel Postgres/Neon) for ~30 days.

Legal basis: Art. 6(1)(f) GDPR (fraud prevention). Storage: automatically deleted after 30 days.

c) Local Storage & Session Storage (Consent-based)

With your consent, we use Local Storage to save a pseudonymous visitor identifier, your survey progress, and temporarily your waitlist registration data (email, name) until confirmation. Session Storage stores form drafts (deleted when the browser closes) so a reload won't lose your input.

Legal basis: Art. 6(1)(a) GDPR (consent). Give or withdraw consent via the cookie banner at any time.

d) Database (Vercel Postgres / Neon)

We use Vercel Postgres (powered by Neon) for survey responses (linked to pseudonymous visitor IDs), IP address hashes for rate limiting, and timestamps. Provided by Vercel Inc. and Neon, Inc. (San Francisco, CA, USA).

Legal basis: Art. 6(1)(f) GDPR. Transfer: USA, both certified under EU-U.S. DPF. Storage: survey data kept for statistical analysis; IP hashes deleted after 30 days. DPA: concluded under Art. 28 GDPR.

4. Specific Features

a) Waitlist & Newsletter

We process your email and optionally your name when you sign up. Email delivery via Brevo (Sendinblue GmbH), Köpenicker Str. 126, 10179 Berlin, Germany. We use double opt-in: a confirmation email is sent before adding you to the list. Emails may contain tracking pixels for anonymous performance analysis.

Legal basis: Art. 6(1)(a) GDPR (consent). Withdrawal: via the unsubscribe link in any email or by contacting us. DPA: concluded with Brevo under Art. 28 GDPR.

b) Survey

We run a survey with our internal system to better understand user needs. Answers are stored in our database, linked only via your pseudonymous visitor identifier — separated from any personal data.

Legal basis: Art. 6(1)(f) GDPR (market research).

5. Data Security

We use SSL/TLS encryption for the transmission of confidential content (e.g. survey or waitlist input). You can recognize an encrypted connection by "https://" in the address bar.

6. Updates to this Policy

The latest version of this privacy policy is always available on this page.