Privacy Policy

Information per Art. 13 GDPR

1. Data controller

The controller for data processing on research-agent.net is the provider listed in the imprint. Contact: info@cegtec.net.

2. Data we process

• Server log files: IP, timestamp, user agent, requested URL (Art. 6 (1) f GDPR, legitimate interest in operation and security).
• Account data: email, login info (Art. 6 (1) b GDPR, contract performance).
• Payment data: Stripe processes card details directly; we only receive transaction IDs and invoice metadata (Art. 6 (1) b GDPR).
• Usage data: API calls, credit consumption, model usage (Art. 6 (1) b GDPR, contract performance).

3. Processors & third-country transfers

We use the following processors under data processing agreements:

• Render.com (hosting; Render Services Inc., USA) — EU/US Data Privacy Framework.
• Supabase Inc. (auth & database; USA) — Standard Contractual Clauses.
• Stripe Inc. (payments; USA) — EU/US Data Privacy Framework.
• OpenRouter + downstream model providers (LLM inference) for the research pipeline.
• Serper / Firecrawl / Bright Data for web search and scraping inside research calls.

Transfers to third countries (e.g. the USA) rely on the EU/US Data Privacy Framework or EU Standard Contractual Clauses (Art. 46 GDPR).

4. Retention

Account data is retained until you delete your account. Invoicing and accounting data is kept for the statutory retention period (typically 10 years per § 257 HGB / § 147 AO). Server logs are usually deleted or anonymized within 30 days.

5. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). Requests: info@cegtec.net. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

6. Cookies & tracking

research-agent.net only sets strictly necessary cookies for login sessions and CSRF protection. No third-party tracking, no A/B tracking, no retargeting.

Last updated: 17/05/2026