Privacy Policy

1. Data Controller

[PLACEHOLDER] Cornilius (controller details to be confirmed) is the data controller for personal data processed through this service.

2. What Data We Collect

• Account data: email address, company name
• Usage data: MCP call logs, playbook execution records
• Memory data: analytical summaries stored at tenant request
• Technical data: IP address, user agent (for security)

3. Legal Basis (GDPR Article 6)

[PLACEHOLDER] Processing is based on: (a) performance of contract (service delivery), (b) legitimate interests (security, abuse prevention), (c) consent where explicitly obtained.

4. Retention

[PLACEHOLDER] Account data is retained for the duration of the contract plus 90 days. Memory and playbook data is deleted on account termination or earlier on request.

5. International Transfers

[PLACEHOLDER] Infrastructure is hosted in Azure West Europe (Netherlands). Data does not leave the EEA except where necessary to provide the service (e.g., MCP calls to Claude.ai are processed by Anthropic).

6. Your Rights (GDPR)

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)

[PLACEHOLDER] To exercise any right, contact us at the address below. We will respond within 30 days.

7. Cookies

[PLACEHOLDER] We use strictly necessary cookies for session management. Analytics cookies are only set with your consent, as indicated in the cookie banner.

8. Contact

[PLACEHOLDER] For privacy inquiries or to exercise your rights, contact us at the address listed on our website. For complaints, you have the right to lodge a complaint with your local data protection authority.