← Back to Rubezahl's Proposer

Privacy Policy

Last updated: April 8, 2026

1. Controller

Albatross Technologies UG (haftungsbeschränkt)
c/o IP-Management #9631
Ludwig-Erhard-Straße 18, 20459 Hamburg, Germany
Email: info@albatrossen.de
Managing Director: Dr. Jan Baumbach

2. Data We Collect

When you sign in with Google, we receive and store:

• Google profile information: name, email address, and profile picture. We request only the minimum OAuth scopes required for authentication (openid, email, profile). We do not access your Google Drive or any other Google services.

During your use of the service, we also collect and store on our own servers:

• Usage data: token counts, credit consumption, and billing cycle information.
• Content you provide: proposal texts, PI profiles, reviewer and writer agent configurations, chat messages, and documents you upload for processing.
• Uploaded files: documents you upload (PDF, DOCX, TXT, etc.) are stored in a secure, user-isolated directory on our servers.
• Embeddings: vector representations of your documents, stored in our ChromaDB instance on our servers, used for semantic search within the service.

3. Purpose of Data Processing

We process your data to:

• Authenticate you and manage your account.
• Provide the core service: AI-assisted grant proposal writing, reviewing, and knowledge base management.
• Track usage for billing and credit management.
• Process payments and manage subscriptions.
• Improve the service quality.

4. Third-Party Services

Your data is processed through the following third-party services:

• Google Gemini API: your texts are sent to Google's AI models for generation, summarization, and embedding. Google's API Terms of Service apply.
• Google OAuth: used solely for authentication (sign-in). We do not access Google Drive or any other Google service beyond your basic profile.
• Stripe: we use Stripe, Inc. as our payment processor for subscription billing. When you subscribe to a paid plan, Stripe collects and processes your payment information (credit/debit card details, billing address, name). We do not store your full card details on our servers — they are handled exclusively by Stripe. Stripe may store your email address, payment method, and billing history as part of your Stripe customer record. Stripe's Privacy Policy applies to payment data processing. Stripe is PCI DSS Level 1 certified.

We do not sell or share your personal data with any other third parties.

5. Payment Data

When you subscribe to a paid plan, the following data is shared with and processed by Stripe:

• Your email address (for invoice delivery and customer identification).
• Payment method details (card number, expiry, CVC) — entered directly in Stripe's secure checkout and never transmitted to or stored on our servers.
• Billing address and name (if provided during checkout).
• VAT/tax identification number (if provided by business customers).

On our servers, we store only your Stripe customer ID and subscription ID, which allow us to link your account to your Stripe subscription. We also store transaction amounts for billing reporting purposes.

6. Data Storage and Security

All your data — including proposals, uploaded documents, embeddings, and agent configurations — is stored exclusively on our own secured servers located in Germany (Hetzner infrastructure). We use encryption in transit (HTTPS/TLS) for all communications. Database and filesystem access is restricted to authorized systems only. Your data is never stored in third-party cloud storage such as Google Drive. Payment data is stored securely by Stripe in their PCI-compliant infrastructure.

7. Data Retention and Deletion

Your data is retained as long as your account is active. You can delete your account at any time:

• Via the Settings page ("Leave and remove my data").
• By contacting us at support@rubezahl.ai.

Upon deletion, the following data is permanently and irrecoverably removed from our systems:

• Your user account and profile data.
• All proposals and proposal documents.
• All uploaded files (from our servers' filesystem).
• All embeddings and vector index data (ChromaDB collections).
• All reviewer and writer agent configurations.
• All chat history and credit transaction records.

If you have an active Stripe subscription, it will be automatically cancelled upon account deletion. Stripe may retain certain payment records as required by applicable financial regulations and tax laws.

8. Your Rights (GDPR)

Under the EU General Data Protection Regulation, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Request erasure of your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability.
• Lodge a complaint with a supervisory authority.

To exercise these rights, contact us at support@rubezahl.ai.

9. Cookies

We use a session cookie solely for authentication purposes. We do not use tracking cookies or third-party analytics.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.