Privacy Policy

DEEN

Effective February 18, 2026. This Privacy Policy explains how Sociant processes personal data, especially during account registration. It applies to users in the European Economic Area (EEA), including Austria.

1. Controller

Controller within the meaning of Art. 4(7) GDPR:

Sociant
E-Mail: support@sociant.at

2. Data categories during registration

Data provided by you

  • Account and registration data: Email address, password (stored hashed only), and, where applicable, name.
  • Communication data: Content of your support requests.
  • Contract and billing data: For paid services via payment providers (e.g., Stripe).

Data collected automatically

  • Technical data: IP address, date/time, browser/device information, log data.
  • Usage data: Interactions with account, dashboard, and security-relevant functions.
  • Marketing and campaign data: UTM parameters and referral data, where provided.

3. Purposes and legal bases (Art. 6 GDPR)

  • Registration and account management: Art. 6(1)(b) GDPR (contract / pre-contractual measures).
  • IT security, abuse and fraud prevention: Art. 6(1)(f) GDPR (legitimate interests).
  • Compliance with legal obligations: Art. 6(1)(c) GDPR.
  • Email marketing (if consented): Art. 6(1)(a) GDPR; revocable at any time for the future.

4. Recipients and processors

  • Hosting and infrastructure providers for service delivery and security.
  • Payment service providers for paid plans.
  • Email and support providers for transactional and support communication.
  • Authorities/courts only where legally required or for legal defense.

Data processing agreements under Art. 28 GDPR are concluded with external processors.

5. AI Processing by Anthropic

Sociant's AI assistant is powered by Claude, a large language model developed by Anthropic, Inc. (San Francisco, USA). When you interact with your Assistant, your conversation inputs and outputs are processed by Anthropic as our data processor under a data processing agreement.

  • Anthropic does not use API customer content to train its AI models.
  • Content flagged for safety review may be retained by Anthropic regardless of deletion requests, in accordance with their safety obligations.
  • Since Anthropic is based in the USA, processing involves an international data transfer governed by appropriate safeguards (e.g., EU Standard Contractual Clauses).

For more information, see Anthropic's Privacy Policy.

6. International transfers

If data is transferred outside the EEA, this happens only under Art. 44 et seq. GDPR, especially based on an adequacy decision or appropriate safeguards (e.g., EU Standard Contractual Clauses).

7. Retention periods

  • Account data: until account deletion and thereafter only as legally required.
  • Security and log data: regularly and purpose-limited, generally short-term.
  • Billing-relevant data: according to statutory retention obligations.

8. Your GDPR rights

You have, in particular, the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority. For Austria: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at.

9. Mandatory data provision

Providing data required for registration is necessary to create an account. Without this data, no user account can be set up.

10. Automated decision-making

No solely automated decision-making within the meaning of Art. 22 GDPR with legal or similarly significant effects takes place during registration.

11. Data security

We implement technical and organizational security measures, including transport encryption, access controls, and role-based permission concepts.

12. Contact

If you have privacy questions, contact us at support@sociant.at.

← Back to Home