Privacy Policy
Last updated: February 17, 2026
1. Controller
The data controller responsible for this website is:
Leibow Ventures UG (haftungsbeschränkt)
Amsterdamer Str. 13, 13347 Berlin, Germany
E-Mail: hello@andelion.com
2. What Data We Collect
2.1 Account Data
When you register, we collect:
- Email address
- Password (stored as a bcrypt hash — we never store your plain-text password)
- Workspace name
- Account creation timestamp
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.2 Workflow Content
When you use the Service, we process:
- Video frames captured from your device camera
- AI-generated step descriptions and thumbnails
- Uploaded video recordings
- Workflow names, step text, and associated images
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.3 Payment Data
If you subscribe to a Pro plan, payment is processed by Stripe, Inc. We receive only your email address from Stripe to activate your subscription. We do not receive or store credit card numbers, bank details, or other payment credentials. See Stripe's Privacy Policy.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.4 Technical Data
Our server automatically logs standard HTTP request data (IP address, browser user agent, request timestamps). This data is used solely for security and debugging purposes and is not linked to your account.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in server security.
3. How We Use Your Data
| Purpose | Data | Legal Basis |
|---|---|---|
| Provide the Service | Account data, workflow content | Art. 6(1)(b) |
| AI step generation | Video frames (sent to Groq API) | Art. 6(1)(b) |
| Process payments | Email (via Stripe) | Art. 6(1)(b) |
| Security & debugging | Server logs, IP | Art. 6(1)(f) |
| Send important notifications | Email address | Art. 6(1)(f) |
4. Third-Party Processors
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Groq, Inc. | AI frame analysis | Video frames (base64 images) | USA |
| Stripe, Inc. | Payment processing | Email, payment details | USA |
| Cloudflare, Inc. | CDN, DNS, SSL | IP address, requests | Global |
For US-based processors, data transfers are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as applicable.
5. Data Retention
- Account data: Retained until you delete your account.
- Workflow content: Retained until you delete the workflow or your workspace is deleted.
- Session tokens: Automatically expire after 30 days.
- Server logs: Retained for up to 90 days.
6. Your Rights (GDPR)
As a data subject under the GDPR, you have the right to:
- Access — Request a copy of your personal data (Art. 15 GDPR)
- Rectification — Correct inaccurate personal data (Art. 16 GDPR)
- Erasure — Request deletion of your personal data (Art. 17 GDPR)
- Restriction — Restrict processing of your data (Art. 18 GDPR)
- Data portability — Receive your data in a structured format (Art. 20 GDPR)
- Object — Object to processing based on legitimate interest (Art. 21 GDPR)
You can exercise most of these rights directly in your account settings:
- Change your email or password in your Account Settings
- Delete your account from Account Settings (permanently removes your data)
- Workspace owners can request full workspace deletion
- Export your workflow data as PDF or Markdown at any time
For other requests, email us at hello@andelion.com. We will respond within 30 days.
7. Cookies
We use a single essential cookie (session) to maintain your login session.
This is a strictly necessary cookie and does not require consent under the GDPR.
We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
8. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Data Security
We implement appropriate technical measures to protect your data, including:
- HTTPS encryption for all data in transit
- bcrypt password hashing
- Server-side session management with secure, HTTP-only cookies
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority
for Berlin is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de
11. Changes to This Policy
We may update this Privacy Policy. We will notify registered users of material changes via email. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For privacy-related inquiries:
hello@andelion.com