Privacy Policy

Last updated: March 25, 2026

Data Controller

The controller responsible for the processing of personal data on this website is:

OQENYX GmbH
Maximilianstraße 35
80539 Munich, Germany
Email: privacy@oqenyx.com

Data We Collect

We collect the following personal data:

• Contact form: Name, email address, subject, and message content — for responding to your inquiry.
• Waitlist/Newsletter: Email address — for sending product updates and launch notifications.
• Technical data: IP address (anonymized), browser type, and device type — for security (rate limiting, CSRF protection) and site functionality.

We do not use cookies for tracking or advertising. The only cookie we set is a CSRF token, which is strictly necessary for form security.

Legal Basis (Art. 6 GDPR)

• Consent (Art. 6(1)(a)): Newsletter signup, waitlist registration.
• Legitimate interest (Art. 6(1)(f)): CSRF protection, rate limiting, site security.
• Contract performance (Art. 6(1)(b)): Responding to contact form inquiries.

Data Retention

• Contact form submissions: 90 days after resolution, then permanently deleted.
• Waitlist/newsletter emails: Until you unsubscribe or the campaign ends.
• CSRF tokens: 1 hour (session-based, not persisted).
• Server logs: 30 days, anonymized.

Data Sharing

We do not sell your data. We work with the following categories of processors, each bound by signed Data Processing Agreements (DPAs):

• Cloud infrastructure providers — for website hosting and AI inference.
• Email service providers — for transactional emails and newsletter delivery.
• Security and analytics providers — for spam protection and anonymous usage metrics.

All processors operate under contractual data protection obligations aligned with GDPR standards. Where processing involves international data transfers, we rely on Standard Contractual Clauses (SCCs) under Art. 46 GDPR or other approved transfer mechanisms.

Your Rights

Under GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact us at privacy@oqenyx.com.

Cookies

We use one strictly necessary cookie:

• csrf-token — Purpose: Form security (CSRF protection) — Duration: 1 hour — Type: Strictly necessary

No analytics, tracking, or advertising cookies are used.

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the data protection authority of the German federal state in which we are established:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach
https://www.lda.bayern.de