Privacy Policy

Last updated: 11/24/2025

1. Data Controller

Nils Motsch
Landwehrstr. 16
80336 Munich
Germany
Email: contact@overmynd.ai

2. Data We Collect

2.1 Information You Provide

  • Company name and email address (when using the Compliance Checker)
  • Contact form submissions (if applicable)
  • Newsletter subscriptions (if applicable)

2.2 Automatically Collected Data

  • Page views and navigation patterns (via Umami Analytics)
  • Device type, browser, and operating system
  • Anonymized IP address (country level only)
  • Referrer source (where you came from)

3. Analytics

We use Umami Analytics, a privacy-friendly analytics tool that does not use cookies and does not collect personal data.

Umami collects anonymous information including:

  • Pages visited
  • Referrer source
  • Country (based on anonymized IP)
  • Device type and browser
  • Custom events (e.g., button clicks, form completions)

This data is used solely to improve our website and is not shared with third parties.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for website optimization and statistical purposes.

4. Purpose of Processing

  • Provide EU AI Act compliance assessments
  • Respond to inquiries and demo requests
  • Send requested compliance reports
  • Improve website user experience (analytics)

5. Legal Basis

  • Consent (Art. 6(1)(a) GDPR) - for email processing
  • Legitimate interest (Art. 6(1)(f) GDPR) - for analytics

6. Data Retention

  • Compliance assessment data: Stored locally in your browser only
  • Email submissions: Retained for 2 years or until you request deletion
  • Analytics data: Retained indefinitely (anonymized, no personal data)

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data ("right to be forgotten", Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)

To exercise these rights, please contact us at contact@overmynd.ai

8. Data Sharing

We do not sell or share your personal data with third parties for marketing purposes.

We may share data with:

  • Hosting providers (Vercel) - for website infrastructure
  • Analytics (Umami) - anonymized usage data only

9. International Data Transfers

Your data is processed within the EU/EEA. If data is transferred outside the EU, we ensure appropriate safeguards are in place (Art. 46 GDPR) such as Standard Contractual Clauses.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

12. Contact

For privacy inquiries or to exercise your rights, contact:
Email: contact@overmynd.ai

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country. For a list of EU data protection authorities, visit:https://edpb.europa.eu/about-edpb/board/members_en

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date. We encourage you to review this Privacy Policy periodically.