Privacy Policy

Building trust through transparency and compliance in the digital age

Scroll Down

Privacy Policy for NERA

1. Introduction

Thank you for your interest in NERA. Protecting your personal data is a top priority for us. This privacy policy explains how we process your data when you use our services on www.nera-ai.de and informs you about your rights under the General Data Protection Regulation (GDPR).

2. Controller

NERA – represented by:

Hamed Yousefi (Co-Founder & CEO)

Email: [email protected]

Website: https://nera-ai.de

3. Purposes and Legal Bases of Processing

We only process your data in accordance with the applicable data protection laws. Processing is based on the following legal grounds:

Purpose Legal Basis
Use of the AI assistant Contract fulfillment (Art. 6 (1)(b) GDPR)
Customer communication Contract fulfillment / Legitimate interest (Art. 6 (1)(b)(f) GDPR)
Contact forms, newsletter Consent (Art. 6 (1)(a) GDPR)
System improvement (anonymized) Legitimate interest (Art. 6 (1)(f) GDPR)
Payment processing Contract fulfillment / Legal obligation (Art. 6 (1)(b)(c) GDPR)

4. Data We Collect

We may collect and process the following personal data:

  • Name, email address, payment details (if services are purchased)
  • Chat data (text entries in communication with NERA)
  • IP address, browser info, access times
  • Usage data for analytics purposes (anonymized or pseudonymized)

5. Storage Duration

Your data will be deleted when it is no longer required for the purposes listed or once legal retention periods have expired.

  • Chat sessions with NERA: 30 days
  • Contractual, billing, and payment data: 10 years
  • Log and security data: 90 days
  • Account data: until account deletion + legal retention period

6. Processors and Hosting

We use selected service providers (processors) under Art. 28 GDPR to operate NERA:

Provider Purpose Location Safeguards
Google Cloud Platform (Frankfurt) Hosting and storage Germany Data hosted in Frankfurt, EU standards
Stripe Payments Europe Ltd. Payment processing Ireland GDPR-compliant, EU contracts

7. Data Transfers to Third Countries

Data transfers outside the EU/EEA only occur in connection with certain tools and always under valid safeguards such as EU Standard Contractual Clauses (SCCs) or equivalent mechanisms.

8. AI-specific Processing

NERA is an AI-based system that analyzes your input to generate personalized websites and content. Important notes:

  • No personal data is used to train the AI unless you explicitly consent
  • We use anonymized, aggregated data to improve service quality
  • No fully automated decision-making with legal effect takes place

How NERA's AI Works

NERA uses advanced natural language processing to understand your requirements and transform them into beautiful websites. This process involves:

  • 01. Analyzing your inputs and preferences
  • 02. Generating appropriate HTML, CSS, and JavaScript code
  • 03. Optimizing the website for performance and user experience

9. Your Rights under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15)

Request information about your stored data

Right to rectification (Art. 16)

Correct inaccurate personal data

Right to erasure (Art. 17)

Request deletion of your data

Right to restriction (Art. 18)

Limit how we use your data

Right to data portability (Art. 20)

Receive your data in a structured format

Right to object (Art. 21)

Object to certain types of processing

Right to withdraw consent (Art. 7 (3))

Revoke previously given consent

Right to lodge a complaint (Art. 77)

File a complaint with a supervisory authority

To exercise your rights, please contact: [email protected]

10. Data Security

We apply extensive technical and organizational measures (TOMs), including:

  • SSL encryption of all data transfers
  • Two-factor authentication for admin access
  • Role-based access control
  • Regular security checks (e.g., penetration testing)
  • Daily backups and DDoS protection

Enhanced Security Protocols

All data is encrypted using industry-standard protocols and stored in secure environments with regular security audits.

11. Cookies and Tracking

Our website uses cookies. For details, please see our [Cookie Policy].

Cookie Type Purpose
Essential Site functionality, security
Analytics Understanding user behavior (e.g. via Google Analytics, Matomo)
Marketing Optimizing campaigns, remarketing

Your consent is obtained via a cookie banner (Consent Manager) and logged accordingly.

12. Children and Minors

Our services are not intended for children under 16 years of age. We only process minors' data with the explicit consent of a parent or legal guardian.

13. Changes to This Privacy Policy

We may update this privacy policy to reflect legal changes or changes to our services. The latest version is always available at www.nera-ai.de/privacy-policy.

14. Contact for Data Protection Matters

Data Protection Contact:

Hamed Yousefi

[email protected]

Last Updated: Juli 29, 2025