Back to Home

Privacy Policy

Introduction

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the AmNi Software Solutions UG (haftungsbeschränkt). The use of the Internet pages of the AmNi Software Solutions UG (haftungsbeschränkt) is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the AmNi Software Solutions UG (haftungsbeschränkt). By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, AmNi Software Solutions UG (haftungsbeschränkt) has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

AmNi Software Solutions UG (haftungsbeschränkt)
Pestalozzistraße 25
22305 Hamburg
Deutschland

Phone: 01774945465
Email: service@amnisoftware.de
Website: https://www.signature-taste.com

Definitions

Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). It should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

  • Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
  • Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Collection of General Data and Information (Server Logs)

When you access our website (frontend) or interact with our backend services (API), our hosting providers automatically collect and store information in server log files with each access by a data subject or automated system. This general data and information typically includes:

  • The browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system reaches our website (referrer URL)
  • The specific pages or API endpoints accessed on our site
  • The date and time of access
  • An Internet protocol address (IP address)
  • The Internet service provider of the accessing system
  • Other similar data used for security purposes (e.g., preventing attacks)

When using this general data and information, AmNi Software Solutions UG (haftungsbeschränkt) does not draw any conclusions about the data subject. This information is needed to:

  • Deliver the content of our website and API responses correctly.
  • Optimize the content of our website and potentially advertising for it.
  • Ensure the long-term viability, stability, and security of our IT systems and website technology.
  • Provide law enforcement authorities with information necessary for prosecution in case of cyber-attacks.

The legal basis for processing this log data is our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the proper functioning, security, stability, and delivery of our website and services, as well as potentially clarifying cyber incidents.

Server log files are stored separately from any other personal data provided by a data subject. The data in the server log files are **deleted or anonymized after 7 days at the latest**.

Information about our specific hosting providers is detailed in the "Service Providers / Processors" section below.

Cookies and Consent Management

Our website uses cookies. Cookies are text files that are stored on your computer system via an Internet browser. They help make our website more user-friendly, effective, and secure.

We use technically necessary cookies required for the basic operation of the website. The legal basis for these is our legitimate interest in providing a functional website according to Art. 6(1)(f) GDPR and, where applicable, § 25(2) No. 2 TTDSG (German Telecommunications Telemedia Data Protection Act).

Furthermore, if you have given your consent, we use other cookies, e.g., for analytics and marketing purposes. Detailed information on all cookies used (including provider, purpose, and storage duration) can be found in our Cookie Consent Manager ("Cookie Settings"), which you can access at any time via a link in our website footer.

The legal basis for setting and reading technically non-essential cookies is your consent according to § 25(1) TTDSG. The legal basis for the subsequent processing of personal data using these cookies is your consent according to Art. 6(1)(a) GDPR.

You can change your preferences or withdraw your consent at any time with future effect via our Cookie Consent Manager ("Cookie Settings").

You can also generally prevent the setting of cookies by adjusting the settings of your Internet browser and permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your browser settings. Please note that if you deactivate all cookies, not all functions of our website may be fully usable.

Website Analytics (Google Analytics with Anonymization)

Subject to your consent provided via our Cookie Consent Manager, we use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies which enable an analysis of your use of the website.

IP Anonymization: We use Google Analytics with the "anonymizeIp" function activated. This means your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

Data Processed: Usage data (pages visited, time spent, clicks, approximate location based on anonymized IP), device information. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG), managed via our Cookie Consent Manager.

Purpose: Analysis of user behavior to optimize our website and offerings.

Data Transfer: Data processing may occur in the USA. Google typically relies on Standard Contractual Clauses (SCCs) approved by the EU Commission (Art. 46(2)(c) GDPR) for such transfers. Risks may exist (e.g., access by US authorities).

Processor: We have concluded a data processing agreement (DPA) with Google Ireland Limited according to Art. 28 GDPR.

Opt-Out/Withdrawal: You can withdraw your consent at any time via the "Cookie Settings" link in our footer. You can also prevent the storage of cookies by a corresponding setting of your browser software. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available at: Google Analytics Opt-out Browser Add-on.

Data Retention: Data sent by us and linked to cookies, user identifiers (e.g., User ID), or advertising IDs are automatically deleted after **14 months**. The deletion of data whose retention period has been reached occurs automatically once a month. For more information, please refer to Google's Privacy Policy: https://policies.google.com/privacy

Our Service Providers / Processors

To provide and operate our website and services, we utilize specialized third-party service providers who act as data processors on our behalf. We have entered into data processing agreements (DPAs) with these providers where required, ensuring they process your data based on our instructions and in compliance with GDPR. Key providers include:

  • Vercel Inc.

    Purpose: Hosting and delivery of our website frontend.

    Data Processed: Access logs (IP address, browser type, pages visited, timestamps etc. - see Server Log section). Data processed to deliver website content efficiently and securely.

    Location: Primarily hosted in Frankfurt (EU). However, Vercel Inc. is based in the USA. Data transfers for administrative/support purposes are safeguarded via Standard Contractual Clauses (SCCs) and Vercel's participation in the EU-U.S. Data Privacy Framework (DPF).

    Log Retention: Server logs are typically deleted or anonymized by Vercel after **7 days**.

    Privacy Info: Vercel Privacy Policy, Vercel DPA

  • Render Inc.

    Purpose: Hosting of our backend API services.

    Data Processed: API request logs (IP address, endpoint accessed, timestamps etc. - see Server Log section). Data processed to operate backend services, ensure security, and troubleshoot.

    Location: Primarily hosted in Frankfurt (EU). However, Render Inc. is based in the USA. Data transfers for administrative/support purposes are safeguarded via Standard Contractual Clauses (SCCs) and potentially Render's participation in the EU-U.S. Data Privacy Framework (DPF).

    Log Retention: Server logs are typically deleted or anonymized by Render after **7 days**.

    Privacy Info: Render Privacy Policy

  • Supabase Inc. (via Google Firebase/Firestore)

    Purpose: Providing database infrastructure (Firestore via Google Firebase).

    Data Processed: User profile data (e.g., name, email), User ID, team information (if applicable), user-generated data (calculations, deadlines), timestamps. Necessary for service functionality.

    Location: Data stored in Google's EU data centers (e.g., Frankfurt). Google Ireland Limited is the provider, potentially involving transfers to Google LLC (USA) safeguarded via SCCs / DPF.

    Privacy Info: Firebase Privacy, Google Privacy Policy

  • Usercentrics GmbH

    Purpose: Consent Management Platform (CMP).

    Data Processed: Records of your consent choices (anonymized or pseudonymized data like consent ID, status, timestamp) to document compliance.

    Location: Germany (EU).

    Privacy Info: Usercentrics Privacy Policy

  • Google (Google Analytics)

    Purpose: Website analytics (subject to consent).

    Data Processed: As detailed in the "Website Analytics" section.

    Location: Ireland (EU) and USA. Transfers safeguarded via SCCs / DPF.

    Privacy Info: Google Privacy Policy

  • Stripe

    Purpose: Payment processing for premium services.

    Data Processed: Payment details (card number, expiry, CVC, name, email, amount, transaction ID) provided by you during checkout. Processed directly by Stripe; we do not store full card details.

    Location: Processed by Stripe Payments Europe, Ltd. (Ireland). Data may be transferred to Stripe, Inc. (USA), safeguarded via SCCs / DPF.

    Legal Basis: Art. 6(1)(b) GDPR (performance of contract).

    Privacy Info: Stripe Privacy Policy

  • NextAuth.js (Self-hosted Component)

    Purpose: User authentication and session management.

    Data Processed: Email address, hashed password, user ID, session information (stored in secure cookies like `next-auth.session-token`, `next-auth.csrf-token`). If Google Sign-In is used: email, name, profile picture, Google ID provided by Google.

    Location: Processed on our hosting infrastructure (primarily EU - see Vercel/Render).

    Legal Basis: Art. 6(1)(b) GDPR (performance of contract/user relationship). For Google Sign-In, also Art. 6(1)(a) GDPR (consent for using this method).

External Links and Affiliate Links

Our website contains links to external websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Disclosure: This website may participate in affiliate marketing programs. Some links might be affiliate links. This means if you click on the link and purchase the item, we may receive a small commission at no additional cost to you.

Purpose: These commissions help support the operation of our services.

Tracking: Clicking affiliate links may involve the use of cookies or other tracking technologies by the affiliate partner or vendor to track the referral. The data processing by these third parties is governed by their own privacy policies.

Our legal basis for participating in affiliate programs and displaying these links is our legitimate interest in funding our website (Art. 6(1)(f) GDPR).

Data Processing Outside the EU/EEA

As detailed in the "Service Providers / Processors" section, while we prioritize hosting within the EU (Frankfurt for Vercel/Render/Firestore), some of our partners (Vercel, Render, Google, Stripe) are based in the USA or may transfer data there for administrative, support, or processing purposes. Data protection laws in these countries may not offer the same level of protection as within the EU/EEA.

We take steps to ensure that any transfer of personal data outside the EU/EEA complies with GDPR requirements. We rely on appropriate safeguards, such as:

  • EU Commission Adequacy Decisions (where applicable, like the DPF).
  • Standard Contractual Clauses (SCCs) approved by the EU Commission, entered into with the service provider.
  • Participation of the US provider in the EU-U.S. Data Privacy Framework (DPF), where certified (relevant for Vercel, Google, Stripe).
These measures aim to ensure your personal data remains protected to a standard equivalent to that provided within the EU/EEA.

Data Retention Periods

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

The criteria used to determine the period of storage of personal data is the respective statutory retention period (e.g., commercial or tax law requires retention for **6 or 10 years** for certain contract or invoice data). For data without statutory retention periods, specific criteria apply:

  • Server log data (processed by Vercel/Render) is deleted or anonymized after **7 days** (see Server Logs section).
  • Data collected via Google Analytics (with consent) is automatically deleted after **14 months** (see Google Analytics section).
  • Consent records (managed by Usercentrics) are retained for the duration necessary to demonstrate compliance with legal obligations, which may be several years depending on statutes of limitation.
  • Data processed based on your consent (e.g., non-essential cookies) is generally retained until you withdraw your consent or the purpose of the storage is fulfilled.
  • User account data (NextAuth, Firestore) is stored for the duration of your use of our service and deleted upon account termination or request, unless legal retention periods apply.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Your Data Protection Rights

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • Right of Confirmation (Art. 15 GDPR)

    You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.

  • Right of Access (Art. 15 GDPR)

    You have the right to obtain free information about your personal data stored at any time and a copy of this information, including details on processing purposes, data categories, recipients, planned storage duration, origin of data (if not collected from you), existence of automated decision-making, and information on data transfers and safeguards.

  • Right to Rectification (Art. 16 GDPR)

    You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay, and the right to have incomplete personal data completed.

  • Right to Erasure (Right to be Forgotten) (Art. 17 GDPR)

    You have the right to obtain the erasure of personal data concerning you without undue delay where specific grounds apply (e.g., data no longer necessary, consent withdrawn, objection filed, unlawful processing), as long as processing is not necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for public interest reasons, or for legal claims.

  • Right of Restriction of Processing (Art. 18 GDPR)

    You have the right to obtain restriction of processing where conditions apply (e.g., accuracy is contested, processing is unlawful but erasure is opposed, data needed for legal claims, objection is pending).

  • Right to Data Portability (Art. 20 GDPR)

    You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance, where processing is based on consent or contract and carried out by automated means.

  • Right to Object (Art. 21 GDPR)

    You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on legitimate interests (Art. 6(1)(f) GDPR), including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or for legal claims.

    Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing.

  • Automated individual decision-making, including profiling (Art. 22 GDPR)

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless specific exceptions apply (necessary for contract, authorized by law, based on explicit consent).

  • Right to Withdraw Consent (Art. 7(3) GDPR)

    Where processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint (Art. 77 GDPR)

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR. The competent supervisory authority for us is typically: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, 7. OG, 20459 Hamburg, Email: mailbox@datenschutz.hamburg.de

How to Exercise Your Rights

To exercise any of these rights, you can contact us at any time using the details provided in the "Name and Address of the Controller" section above (e.g., via email: service@amnisoftware.de) or contact our Data Protection Officer (see below). We may need to request specific information from you to help us confirm your identity.

You can manage your consent preferences for non-essential cookies and tracking technologies at any time via the "Cookie Settings" link in our website footer.

Legal Basis for the Processing

Our processing activities are based on the following legal grounds under the GDPR:

  • Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose (e.g., non-essential cookies, newsletter subscription).
  • Art. 6(1)(b) GDPR applies if processing is necessary for the performance of a contract to which you are a party (e.g., using our premium services, user account management via NextAuth/Firestore, payment processing via Stripe) or to take steps at your request before entering into a contract (e.g., inquiries about our services).
  • Art. 6(1)(c) GDPR applies where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax obligations, managing consent records).
  • Art. 6(1)(d) GDPR may apply in rare cases where processing is necessary to protect the vital interests of the data subject or another natural person.
  • Art. 6(1)(f) GDPR serves as the legal basis for processing operations not covered by other grounds, if processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Examples include ensuring system security and stability (server logs), optimizing website content, responding to general inquiries, or funding the site via affiliate links. Our legitimate interest is generally the performance of our business activities.

Data Protection Officer

The Data Protection Officer of the controller is:

Amir Heyder
c/o AmNi Software Solutions UG (haftungsbeschränkt)
Pestalozzistraße 25
22305 Hamburg
Deutschland
Email: datenschutz@amnisoftware.de

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Existence of Automated Decision-Making

We do not use fully automated decision-making according to Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. However, if you consent to the use of certain marketing technologies (like Google Ads, AdSense, Remarketing), automated processing and profiling for advertising purposes may occur to analyze user interests and display more relevant ads. This is solely based on your consent.

Augmented Reality Features

Our website features augmented reality experiences powered by AR.js, which require access to your device's camera. Please note that this camera access is used solely for providing the AR functionality, and all video processing is performed locally on your device. No images or video data captured by your camera are transmitted to our servers or any third-party services.

The external libraries used for AR are loaded via trusted content delivery networks and do not process or store your personal data. By using our AR features, you consent to the camera access required for these experiences.

Legal or Contractual Requirements to Provide Personal Data

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions. For example, the data subject may be required to provide us with personal data when entering into a contract with us. Failure to provide the personal data would mean that the contract could not be concluded.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new privacy policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Last updated: April 27, 2025