We, Centinel Analytica GmbH ("Centinel Analytica/we"), welcome your use of our website and web app ("Our Services"). In the following provisions, we inform you about the type, scope, and purposes of the collection and use of your personal data when using our services. Personal data refers to any information that relates to an identified or identifiable natural person. This includes, in particular, your name and email address.

1. Provider

The provider of the services and the controller in the sense of the GDPR is:

Centinel Analytica GmbH
Schmiedestraße 2A
15745 Wildau
Germany
Email: info@centinelanalytica.com

2. Data Processing to Enable Use

Whenever you access the content of our services, connection data is transmitted to our web server. This connection data includes:

• The IP address of the user,

• The date and time of the request,

• The referring URL,

• Device identifiers such as UDID and comparable device numbers,

• Device information (e.g., device type),

• Browser type / browser version.

This connection data is not used to infer the identity of the user nor merged with data from other sources but solely serves to provide the website.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Data Processing upon Request

Our landing page can generally be used without providing personal data. However, to use our web app or subscribe to the newsletter, certain data must be provided.

3.1 Registration, Waitlist, and Login

For registration and joining the waitlist, we collect:

• Email address: used for authentication via a magic link (Firebase Auth)

• Organization name: used for waitlist management

Purpose: enabling registration and waitlist handling
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR (contract performance) and Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in providing the app)

This data is also required for security and misuse prevention.
Storage duration: 30 days
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR

3.2 Communication and Authentication via Firebase Auth

Authentication is performed by Firebase Auth, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase processes your email address and IP address to send the magic link and enable login.

Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR.

3.3 Newsletter Subscription

If you subscribe to our newsletter through our landing page, we store the data you provide (e.g., name, email address) to regularly send you our newsletter.

Purpose: Sending company, product, and service updates
Legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR (consent)

Please note: Data transmission over the internet can have security vulnerabilities; complete protection against third-party access is not possible.

4. Data Processing for Service Optimization

Our services use cookies to ensure functionality and analyze user behavior. Some cookies are necessary (e.g., session cookies), while others are used for analytics or advertising (third-party cookies). You can manage or disable cookies via browser settings; doing so may limit functionality.

• Necessary cookies → Art. 6 para. 1 lit. f GDPR

• Analytics/advertising cookies → Art. 6 para. 1 lit. a GDPR (consent)

Consent may be revoked at any time.

The use of Workspace API data follows the Google User Data Policy, including the Limited Use requirements.

4.1 Google Analytics

We use Google Analytics to analyze website usage. Data is stored in pseudonymized user profiles and collected via cookies. Your IP address is shortened within the EU; only anonymized data is transmitted to Google servers in the USA.

Google uses this data to evaluate website activity and create usage reports. Data is not linked to personal data unless you consent.

For more details, see Google Analytics documentation.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie banner)

Note:
Google may use the data for its own purposes. The USA currently lacks an adequate data protection level under EU law. For this reason, we rely on EU Standard Contractual Clauses (SCCs).

4.2 Use of Firebase Hosting

Our services are hosted exclusively via Firebase Hosting, provided by Google Ireland Limited.

When you visit our website, your browser loads necessary content (HTML, stylesheets, JavaScript, images) by connecting to Firebase servers. This means Google learns your IP address. Google processes this data temporarily to ensure secure operation and protect against threats.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure service operation)
Data may be processed in the USA based on the EU-US Data Privacy Framework.

More information: Firebase Privacy Support.

5. Data Transfer

We only transfer your data when:

• it is necessary for providing our services,

• you have consented,

• a legal obligation exists,

• or another legal basis applies.

5.1 Data Transfer to Non-EU Countries

Your data may be transferred to countries outside the EU, including the USA.
Because the USA does not provide an adequate data protection level, we rely on:

• EU Standard Contractual Clauses (SCCs)

• Art. 49 GDPR (where applicable)

Future transfers will also use updated SCCs once applicable.

6. Storage Duration

We store your data only as long as necessary for the purposes for which it was collected or until legal retention periods expire.

6.1 Security Measures

We protect your data with appropriate technical and organizational measures to prevent unauthorized access and data loss.

7. Your Rights

You have the right to:

• access your data,

• correct incorrect data,

• request deletion,

• restrict processing,

• object to processing.

Further details can be found in the applicable legal provisions.

8. Right to Object

You may object to the processing of your personal data at any time.

9. Changes to the Privacy Policy

We will update this privacy policy as necessary. The current version is always available on our website.