Narratic AI

Data Privacy Policy

1. Controller and Contact

Company: Narratic Labs GmbH
Address: Torfstr. 15, 13353 Berlin, Germany
Email: privacy@narratic.ai

This policy outlines how Narratic Labs GmbH (“we,” “us,” or “our”) handles personal data, including the measures we take to ensure your information remains private and secure.

2. Introduction

We take your privacy seriously and are committed to safeguarding your personal and business information. This document details the categories of data we collect, how we process it, the legal bases for that processing under the GDPR, and the steps we take to keep your information secure.

3. Data We Collect

  • Personal Data: Name, email address, payment details, company name, and company URL.
  • Technical Data: IP addresses, cookies, browser information, and usage analytics.
  • Integrations: For registered users, we may connect to your CRM systems and communication channels (e.g., Slack, email) to provide relevant services.
  • Sensitive Data: We do not collect sensitive personal data such as health or biometric information.

4. Legal Basis for Processing

We process personal data in accordance with the GDPR, relying on:

  • Consent: For marketing communications (e.g., newsletters).
  • Legitimate Interests: For analytics, security, and improving our products.
  • Contractual Necessity: For payment processing and account setup.

5. Purpose of Data Collection

  • User Registration and Account Management: Creating and maintaining your account.
  • Payment Processing: Handling payments, invoices, and related financial transactions.
  • Marketing Communications: Sending newsletters or updates (only with your consent).
  • Analytics and Improvements: Understanding how our services are used to enhance user experience and troubleshoot issues.
  • Customer Support: Addressing questions or concerns.

6. No Data Sharing with Other Customers

  • We do not sell, exchange, or otherwise disclose your data to other customers.
  • We maintain logical separation of all customer data to avoid any unauthorized or accidental sharing.

7. Strict Access Controls

  • Our team follows the principle of least privilege, meaning access is granted only when necessary for legitimate business or technical reasons.
  • Access to systems is continuously monitored and reviewed to ensure ongoing compliance with internal and regulatory standards.

8. Data Sharing and Third Parties

We share data only with trusted third-party service providers where necessary to deliver our services:

  • Payment & Financial: Stripe
  • Hosting & Infrastructure: Google Cloud, Supabase, Vercel
  • Data Processing: Google, OpenAI, Anthropic
  • CRM & Communication: Attio, Mailchimp, Slack, Zapier
  • Analytics & Advertising: Google (Analytics, Ads), LinkedIn, PostHog

All third parties are contractually obligated to process data solely for authorized purposes and maintain appropriate privacy safeguards. We do not allow these providers to use your data for training any AI models.

9. Data Security and Storage

  • Google Cloud Servers: We store data on Google Cloud servers, primarily in the EU (or in the US upon request). Google’s data centers employ stringent physical and virtual security measures.
  • Encryption: Data in transit is protected using TLS (Transport Layer Security), and data at rest is secured using industry-standard encryption.
  • Strict Data Separation: Each customer’s data is maintained separately to prevent unauthorized access or accidental mixing of information.

10. Use of AI Models

  • Primary AI Model: We primarily use Google models for AI-driven features.
  • Opt-Out of Model Training: We specifically opt out of all model training offered by these providers, ensuring your data is never used to train their generalized models.
  • Minimal Data Usage: Only data necessary for AI feature functionality is provided to the model; no unnecessary retention or broader sharing occurs.

11. Data Retention

  • We retain personal data for the duration of our business relationship or as required by German/EU law (whichever period is stricter).
  • Personal data is anonymized when no longer needed for business or legal purposes.
  • Upon request or account deletion, we will fully delete or anonymize your personal data, subject to applicable retention requirements.

12. Cookies & Tracking

  • Types of Cookies: We use essential, analytics, and marketing cookies.
  • Third-Party Tools: Google Analytics, LinkedIn Pixel, Vercel Analytics, and PostHog.
  • Cookie Management: You can adjust or disable cookies in your browser settings at any time.

13. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your data (where legally permissible).
  • Restrict or Object to processing of your data.
  • Data Portability where applicable.

To exercise these rights, please contact us at hello@narratic.ai.

14. International Data Transfers

If data is transferred or processed outside the EU (e.g., via certain third-party services or at your request), we ensure appropriate safeguards (such as EU standard contractual clauses) are in place to protect your data.

15. Children’s Privacy

Our services are not directed to children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child’s data has been inadvertently collected, please contact us so we can delete it.

16. Changes to This Policy

We may update or modify this policy from time to time. Any significant changes will be communicated to you via email or a prominent notice on our website.

17. Compliance and Oversight

  • We regularly review our practices to ensure compliance with the GDPR, CCPA, and other relevant privacy regulations.
  • Internal audits and reviews are performed to maintain high standards of data protection.

18. Contact Information

If you have any questions or concerns about our privacy practices, please reach out to:

Narratic Labs GmbH
Torfstr. 15, 13353 Berlin, Germany
Email: privacy@narratic.ai

By using our services, you acknowledge and agree to the terms set out in this Data Privacy Policy. We remain committed to protecting your data and maintaining a transparent environment for all users.