Privacy Policy

1. Controller and General Information

Controller: AI Coding GmbH, Peter Müller Str. 3, 40468 Düsseldorf, Germany.

Data Protection Officer: No data protection officer has been appointed, as there is no legal obligation under Art. 37(1) GDPR.

Contact for privacy inquiries: datenschutz@aviris.com

2. Scope of Application

This Privacy Policy applies to the website www.aviris.com, the AVIRIS web application, the AVIRIS software (Windows, macOS, Android, iOS), and all associated digital services, communication, and support channels operated by AI Coding GmbH.

3. Principles of Data Processing

Personal data is processed exclusively based on the GDPR:

• For contract performance (Art. 6(1)(b) GDPR)
• Compliance with legal obligations (Art. 6(1)(c) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Explicit consent (Art. 6(1)(a) GDPR)

4. Categories of Processed Data

We process the following categories of personal data:

• Customer data: name, email, billing address
• Contract data: license key, subscription duration, product edition
• Payment data: transaction ID, payment provider information (not full credit card details)
• Usage data: IP address, device type, operating system, browser information
• Security data: logs, file hashes, scan results
• Support data: communications, tickets, feedback

5. Purposes of Data Processing

Your personal data is processed for the following purposes:

• Provision and operation of the AVIRIS software
• License management and activation
• Contract handling and billing
• Customer support and technical assistance
• IT security and threat detection
• Marketing communication (only with explicit consent)
• Compliance with legal documentation and retention requirements

6. Hosting and Infrastructure

Our systems are hosted within the EU (primarily Germany and the Netherlands) using trusted infrastructure providers:

Hosting partners: Cloudflare, Hostinger, Google Cloud, and possibly AWS (EU–Frankfurt region).

Data transfers outside the EU occur only with appropriate safeguards under Art. 44 ff. GDPR, including Standard Contractual Clauses (SCCs) and technical security measures.

7. Third-Party Providers and Recipients

To fulfill contracts and provide functionality, we cooperate with selected service providers:

Transfers to third countries occur only under appropriate safeguards (Art. 46 GDPR).

8. Cookies, Analytics and Tracking

We use different types of cookies to improve your experience:

• Essential cookies: Required for login, security, and core functionality
• Analytical cookies: Anonymous usage statistics to improve our service
• Marketing cookies: Used only with your explicit consent for personalized content

Legal basis: Art. 6(1)(a) GDPR, §25 TTDSG (German Telecommunications Telemedia Data Protection Act).

You can withdraw your consent at any time via our cookie banner or by contacting support@aviris.com.

9. International Data Transfers

For users outside the European Union, we ensure adequate data protection through:

Standard Contractual Clauses (SCCs) under Art. 46 GDPR with all third-party processors.

Technical safeguards including encryption, access controls, and regular security audits.

For users in the United States, our processing complies with the California Consumer Privacy Act (CCPA).

10. Data Retention

Personal data is retained only as long as necessary for the purposes outlined in this policy.

Once the purpose of processing ceases to apply, data is deleted unless legal retention obligations require longer storage (e.g., commercial and tax law requirements may mandate retention for up to 10 years).

You can request earlier deletion of your data by contacting us, subject to any legal obligations we must fulfill.

11. Rights of Data Subjects

Under GDPR, you have the following rights regarding your personal data:

12. Data Security

We implement comprehensive technical and organizational measures to protect your data:

• TLS/SSL encryption for all data transmission
• Two-factor authentication (2FA) for account security
• Access restrictions and role-based permissions
• Regular penetration testing and security audits
• Security monitoring and incident response procedures
• Data backup and disaster recovery protocols

13. Minors

Our services are intended for individuals aged 16 and above.

Users under the age of 16 require parental or guardian consent in accordance with Art. 8 GDPR.

We do not knowingly collect personal data from children under 16 without appropriate consent.

14. Automated Decision-Making and Profiling

AVIRIS does not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR.

All decisions regarding your account, subscriptions, or services involve human review when necessary.

15. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy to reflect legal, technical, or organizational changes.

Material changes will be communicated to you via email or through a prominent notice on our website.

The current version is always available at www.aviris.com/privacy.

16. Contact

For any questions or concerns regarding this Privacy Policy or your personal data: