Datenschutzrichtlinie

Privacy Last updated: December 8, 2025 hypescale GmbH • Germany/EU (GDPR)

Privacy Policy

This Privacy Policy explains how hypescale GmbH ("hypescale", "we", "us", or "our") processes personal data when you use LeezyAI and our websites. We comply with the EU General Data Protection Regulation (GDPR). If you have questions, reach us at privacy@leezy.ai.

1 Scope & Roles

  • Controller: hypescale GmbH, Bornstraße 32, 12163 Berlin, Germany.
  • Applies to: leezy.ai website, app, APIs, and LeezyAI chatbot platform.
  • For customer end-user data ingested into an Organization, the customer is the controller and hypescale acts as processor under our DPA.

2 Data We Collect

  • Account data: name, email, organization, authentication identifiers.
  • Billing data: payment method details and invoices processed by Stripe.
  • Service content: training documents, prompts, chat transcripts, and files you upload to LeezyAI.
  • Usage and device data: log events, IP address, browser/device type, timestamps, feature interactions.
  • Support data: messages you send to our support channels.

3 How We Use Data

  • Provide and secure the Service, including authentication, chat processing, and storage.
  • Operate AI features (embeddings, model inference, AI Actions) for your Organization.
  • Process payments, subscriptions, and invoices.
  • Monitor performance, prevent abuse, and troubleshoot issues.
  • Send essential service messages (e.g., security, billing, updates) and—where permitted—product communications.
  • Improve and develop the Service using aggregated or de-identified analytics.

4 Legal Bases (GDPR)

  • Contract: to deliver the Service you sign up for.
  • Legitimate interests: security, fraud prevention, service analytics, and improving our platform.
  • Consent: marketing emails or optional cookies where required.
  • Legal obligation: accounting and compliance recordkeeping.

5 Sharing & Subprocessors

We use trusted providers under data protection terms:

  • Supabase (database, authentication, storage) — EU region; DPA in place.
  • Stripe (payments, billing) — Stripe's DPA applies automatically when using their services.
  • OpenAI, Anthropic, and other AI model providers offered in LeezyAI (model inference for prompts and messages); routed based on the model you select.
  • Resend (transactional and email delivery).
  • Cloudflare (edge delivery, security, D1 infrastructure) — Cloudflare’s DPA applies automatically when using their services.
  • Hypescale Analytics (our first-party, privacy-friendly product analytics service for site usage), hosted on Hetzner with DPA in place.
  • Hetzner (infrastructure for hypescale-operated services and analytics) — DPA in place; EU data centers.

We do not sell personal data. Access is limited to personnel and processors who need it to operate the Service.

6 International Transfers

  • Primary hosting is in the EU. When data leaves the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards.
  • Model inference with OpenAI, Anthropic, or other selected providers may be processed outside the EEA/UK; contractual safeguards apply.

7 Data Retention

  • Account and billing data: retained while you have an account and as required for legal obligations (e.g., tax/finance).
  • Service content (documents, chats): retained while your Organization keeps it or until deletion/export by admins.
  • Logs and analytics: typically retained for up to 12 months, then aggregated or deleted.

8 Security

  • Encryption in transit (TLS) and at rest via our cloud providers.
  • Role-based access controls and least-privilege for staff and services.
  • Backups and business-continuity procedures through Supabase.
  • We encourage reporting vulnerabilities to security@leezy.ai.

9 Your Rights (GDPR)

  • Access, rectification, erasure, restriction, and portability of your personal data.
  • Objection to processing based on legitimate interests.
  • Withdraw consent at any time (does not affect prior processing).
  • Lodge a complaint with your supervisory authority; our lead authority is Berlin (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

10 Cookies & Analytics

  • Essential cookies for authentication and session management (Supabase auth).
  • First-party analytics via analytics.hypescale.com to understand page performance; we avoid third-party advertising cookies.
  • You can control cookies via your browser settings. Where required, we will present a consent prompt.

11 Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us for deletion.

12 Changes to this Policy

We may update this Privacy Policy. Material changes will be notified via email and/or in-product notice at least 30 days before they take effect, unless changes are required sooner for legal or security reasons.

13 Contact

hypescale GmbH
Bornstraße 32, 12163 Berlin, Germany
Email: privacy@leezy.ai