Privacy Policy

Introduction

tellingCube, a product of masemIT e.U. (Austria), operates tellingcube.com. This Privacy Policy explains how we collect, use, and protect your information when using our service.

Data Controller: masemIT e.U., Austria

Data We Collect

• Email Address: When you purchase a founding member tier (processed by Stripe)
• Contact Form Data: When you submit our contact form, we collect your name, email, company (if provided), message, and selected interests. This data is retained for 12 months to process your inquiry.
• Marketing Communications: If you opt in during purchase or via our contact form, we store your marketing consent. An unsubscribe link is included in every marketing email.
• Analytics Cookies: With your consent, we use analytics cookies to measure page views and engagement.
• Session Cookies: Essential cookies for authentication and site functionality (Art. 6(1)(f))
• Generated Scenarios: Temporarily stored for 24 hours, then automatically deleted

How We Use Your Data

• Payment Processing: Email shared with Stripe for payment and receipt
• Email Confirmation: Email sent via Resend for purchase confirmation
• AI Generation: Scenario prompts sent to Anthropic Claude API (no personal data included)
• Lead Management: Email stored in our lead management system (masemIT Management System, hosted in Austria, EU) for communication and order management

Legal Basis for Processing

We process your data based on the following legal grounds (GDPR Article 6):

• Payment processing: Performance of contract (Art. 6(1)(b))
• Email confirmation: Performance of contract (Art. 6(1)(b))
• Contact form: Your consent (Art. 6(1)(a))
• Session cookies: Legitimate interest - essential functionality (Art. 6(1)(f))
• Rate limiting: Legitimate interest - security (Art. 6(1)(f))
• Scenario generation: Performance of contract (Art. 6(1)(b))
• Marketing emails: Consent (Art. 6(1)(a))
• Cookie analytics: Consent (Art. 6(1)(a))

Data Retention

• Scenarios: Automatically deleted after 24 hours
• Contact Form Submissions: Retained for 12 months, then deleted
• Payment Records: Retained as required by tax law (typically 7-10 years)
• Cookies: Session cookies expire when you close your browser
• Consent Records: Retained indefinitely as immutable GDPR audit trail

Third-Party Services

We use the following trusted third-party services:

• Stripe: Payment processing (see Stripe Privacy Policy)
• Resend: Transactional emails (see Resend Privacy Policy)
• Anthropic: AI generation (see Anthropic Privacy Policy)
• Vercel: Hosting (see Vercel Privacy Policy)
• Neon: Database hosting, Frankfurt/Germany (see Neon Privacy Policy)
• Cloudflare: Bot protection for contact form (see Cloudflare Privacy Policy)
• Upstash: Rate limiting and security (see Upstash Privacy Policy)
• masemIT (MMS): Lead & consent management, hosted in Austria (EU)

Cookies & Analytics

We use a self-hosted analytics tracker (analytics.masem.at) to measure page views and engagement. This tracker uses cookies and is only loaded after you accept analytics cookies via the consent banner. If you decline, no tracking data is collected. The tracker is hosted in Austria (EU) and data is processed under GDPR.

International Data Transfers

Our primary infrastructure (Vercel, NeonDB) is hosted in Frankfurt, Germany (EU). Some service providers process data outside the European Economic Area:

• Anthropic (USA): Protected by Standard Contractual Clauses
• Resend (USA): Protected by Standard Contractual Clauses

All international transfers are protected by appropriate safeguards as required by GDPR Article 46.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Art. 15) - Request a copy of your personal data
• Right to Rectification (Art. 16) - Correct inaccurate personal data
• Right to Erasure (Art. 17) - Request deletion of your data
• Right to Restrict Processing (Art. 18) - Limit how we use your data
• Right to Data Portability (Art. 20) - Receive your data in a portable format
• Right to Object (Art. 21) - Object to processing based on legitimate interest
• Right to Withdraw Consent - Where processing is based on consent

How to Exercise Your Rights: Contact us at support@masem.at. We will respond within 30 days.

Note: Payment records cannot be deleted during the legal retention period (7 years) per Austrian tax law.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. For Austria: Österreichische Datenschutzbehörde (DSB), Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Contact

masemIT e.U.
General inquiries: contact@masem.at
Privacy & support: support@masem.at

Changes to This Policy

We may update this policy. Changes will be posted on this page with updated date.