Privacy Policy

Effective Date: May 10, 2026

This Privacy Policy explains how and why Cetect UG (haftungsbeschränkt) (“we,” “us,” or “our”), operating the service Aproxymade, might access, collect, store, use, and/or share your personal information when you use our Services, including when you:

  • Visit our website https://www.aproxymade.com
  • Use our monitoring and API optimization platform Aproxymade
  • Engage with us in other ways, including any marketing or events.

Aproxymade is a Business-to-Business (B2B) service. By accessing or using our service, you agree to the collection and use of information in accordance with this policy.

1. Data Controller Identity

The Data Controller responsible for processing your personal data is:

Cetect UG (haftungsbeschränkt)
Münchener Str. 23A
85540 Haar
Germany
Email: [email protected]

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our service to you. The personal information we collect may include the following:

  • Account & Profile Data: When you register, we collect your name, email address, company details, and authentication credentials.
  • Authentication Data: We use Auth0 to manage user logins. You may also choose to log in using third-party providers (Google, GitHub). In these cases, we receive basic profile information (like your email address and name) from these providers.
  • Financial Data: Payments are processed securely via our Merchant of Record, Paddle. We do not store your full credit card details. Paddle collects the necessary billing information and shares subscription status and transaction IDs with us.
  • Usage & Log Data: Our hosting providers (Google Cloud Platform and Cloudflare) automatically collect standard server access logs, which may include your IP address, browser type, operating system, pages visited, and timestamps. We use this strictly for security, debugging, and infrastructure monitoring.
  • Marketing & Communication Data: If you opt-in or if we have a legitimate interest, we collect your email and interaction data via HubSpot (Lead Management & Newsletters) and Brevo (Transactional Emails & Newsletters).
  • AI Processing Data: If you use features powered by the OpenAI API, the text or data you submit to these features is processed by OpenAI to return the generated results.

3. How We Use Your Information

We use the information we collect for various business and commercial purposes to operate our SaaS platform, improve your experience, and grow our business. Specifically, we use your data to:

  • Provide and Maintain the Service: To set up and manage your account, authenticate your logins (via Auth0 and SSO providers), and deliver the core functionality of Aproxymade, including features powered by the OpenAI API.

  • Process Payments and Billing: To facilitate subscriptions, manage billing cycles, and process payments securely through our Merchant of Record (Paddle).

  • Communicate with You (Support & Administration): To send you technical notices, updates, security alerts, and administrative messages and to provide customer support.

  • Marketing and B2B Lead Management: To send you newsletters, promotional materials, and manage our B2B sales pipeline. We will only send marketing communications if you have opted in, or where we are otherwise legally permitted to do so in a B2B context. You can opt out at any time.

  • Analytics and Service Improvement: To monitor and analyze usage trends, track how users interact with our website (subject to your cookie consent), and improve the Aproxymade software and user interface.

  • Security, Debugging, and Fraud Prevention: To protect our infrastructure, detect and prevent malicious activity, debug technical errors, and ensure the overall safety of our platform.

  • Legal Compliance: To comply with applicable laws, regulations, and financial reporting requirements.

4. Legal Basis and Processing Purposes (International & GDPR)

Depending on your country of residence, different data protection frameworks apply to how we process your information. We process your personal data fairly, lawfully, and transparently, adhering to the principles of the General Data Protection Regulation (GDPR), the UK GDPR, and applicable international privacy laws (such as the CCPA/CPRA in the United States).

For Users Outside the EEA/UK (International Processing): If you are accessing our service from outside the European Economic Area (EEA) or the UK, we collect and process your personal information primarily to fulfill our legitimate business and commercial purposes. These include providing the Aproxymade service, maintaining platform security, processing payments, improving our software, and communicating with you. Where required by your local laws, your use of our service and acceptance of this Privacy Policy constitutes your valid consent to such processing.

For Users Within the EEA and the UK (GDPR & UK GDPR): If European or UK data protection laws apply to you, we only process your personal data when we have a valid legal basis to do so. We rely on the following bases:

  • Contractual Necessity (Art. 6(1)(b) GDPR): Processing is necessary to perform our contract with you (e.g., to create your account, deliver the Aproxymade SaaS features, and process billing via Paddle).

  • Consent (Art. 6(1)(a) GDPR): You have given explicit consent for a specific purpose (e.g., subscribing to our HubSpot/Brevo newsletters or accepting non-essential analytics cookies from Google, HubSpot, or Apollo). You can withdraw this consent at any time.

  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for our legitimate interests, provided they are not overridden by your rights (e.g., ensuring IT security via Cloudflare and Google Cloud, preventing fraud, and conducting general B2B lead management).

  • Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with a legal obligation (e.g., retaining financial records according to German commercial and tax laws).

5. Third-Party Service Providers (Sub-Processors)

We share your data with trusted third-party vendors who assist us in operating Aproxymade. We have established Data Processing Agreements (DPAs) with these providers where required.

  • Infrastructure & Security: Google Cloud Platform (Hosting), Cloudflare (Hosting, CDN & Security)

  • Authentication: Auth0, Google (SSO), GitHub (SSO)

  • Email & CRM: Brevo (Emails & Newsletters), HubSpot (CRM & Newsletters)

  • Sales & Analytics: HubSpot (B2B Engagement), Apollo.io (B2B Engagement), Google Analytics

  • Artificial Intelligence: OpenAI API (Please note: We use the API, which according to OpenAI’s policies, does not use your submitted data to train their public models).

  • Payments: Paddle (Acts as the Merchant of Record and an independent Data Controller for payment processing).

6. Cookies and Tracking Technologies

We use cookies to ensure our website functions properly and to analyze how users interact with our service.

  • Essential Cookies: Required for the platform to function (e.g., Auth0 session cookies, Cloudflare security cookies).

  • Analytics Cookies: Provided by Google Analytics, HubSpot, and Apollo.io. These are only active if you grant explicit consent via our Cookie Banner. You can manage your cookie preferences at any time.

7. International Data Transfers

Some of our service providers (e.g., Google, OpenAI, HubSpot, Auth0) are based outside the European Economic Area (EEA), primarily in the United States. When your data is transferred outside the EEA, we ensure it is protected by appropriate safeguards, such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Account data is kept for the duration of your active subscription. Invoices and billing data are retained for statutory periods required by German tax law (typically up to 10 years). Access logs are routinely overwritten or deleted in accordance with standard server configurations.

9. Your Privacy Rights

Under the GDPR, you have the following rights regarding your personal data. However, these rights are not absolute, and in certain cases, we might decline your request as permitted by applicable law.

  • Right to Access: Request a copy of the data we hold about you.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal retention requirements.

  • Right to Restriction of Processing: Request a temporary halt on processing your data.

  • Right to Data Portability: Receive your data in a structured, machine-readable format.

  • Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at [email protected].

10. Age Restriction (Children’s Privacy)

Aproxymade is strictly a B2B service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete such information immediately.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes via email or a prominent notice on our platform.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: Email: [email protected]