Privacy Policy and Terms of Use

Privacy Policy

Cookies

A cookie is set to record consent to the terms of use displayed initially, so that you are not asked again on your next visit. Additionally, after successful authentication, a cookie is set to maintain this authentication until the end of the session. These are technically necessary cookies.

What personal data is processed and which components process personal data?

The application consists of two components: a frontend part that performs preprocessing (PP) and the subsequent language model to which the inputs are forwarded after successful preprocessing. The first component (PP) processes your IP address, your consent to these regulations, and the entered text. The entered text may be enriched with information from connected data sources. The language model then processes the enriched text. The language model is provided by Comma Soft. No further data is shared, and it serves solely for documentation purposes.

Entered texts and the language model's responses are stored in a user-specific history. This history is only accessible to the respective user.

Who is responsible for this service?

The responsible party for this service is Comma Soft AG. We commit to protecting your personal data.

How are the data used?

The data collected and processed for the use of the application are used to provide and improve the product, ensure the security of our product and our customers, document your consent to this statement, communicate product updates, technical information, or service announcements, respond to support requests and feedback, and maintain the business relationship.

The following information relates to the information obligations under Article 13 of the GDPR

• Article 13(1)(a) GDPR - Name and contact details of the controller and, if applicable, its representative:

  Comma Soft AG, represented by Benjamin Schulte, Pützchens Chaussee 202-204a, 53229 Bonn, +49 228 9770 0, info@comma-soft.com

• Article 13(1)(b) GDPR - Contact details of the data protection officer:

  Frank Becher, Pützchens Chaussee 202-204a, 53229 Bonn, +49 228 9770 0, Frank.Becher@comma-soft.com

• Article 13(1)(c) GDPR - Purposes for which the personal data will be processed:

  To provide and improve the product, ensure the security of our product and our customers, document your consent to this statement, communicate product updates, technical information, or service announcements, respond to support requests and feedback, maintain the business relationship.

• Article 13(1)(c) GDPR - Legal basis for processing:

  Article 6(1)(a) GDPR - Consent

• Article 13(1)(e) GDPR - Recipients or categories of recipients of the personal data:

  • Support staff at Comma Soft or partners
  • Software development staff at Comma Soft
  • In the case of using Comma LLM as backend: Deutsche Telekom as infrastructure provider

• Article 13(1)(f) GDPR - If applicable, the intention of the controller to transfer personal data to a third country or international organization:

  The data will not be shared with third parties.

• Article 13(2)(a) GDPR - The period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period:

  Your data will be stored for the duration of the contractual relationship. After the contract ends, your inputs will be deleted after 30 days. Your consent will be revoked two years after the end of the contractual relationship.

• Article 13(2)(b) GDPR - The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability:

  The data subject has the right at any time to free access, rectification or deletion, or restriction of processing or objection to processing, as well as the right to data portability if they submit the request via email to the contact details of the aforementioned controller or data protection officer.

• Article 13(2)(c) GDPR - If the processing is based on Article 6(1)(a) or Article 9(2)(a) GDPR, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal:

  You have the right to withdraw your consent at any time with effect for the future. Please contact your contact person or the data protection officer (see above). Further use of the application is then excluded.

• Article 13(2)(d) GDPR - The right to lodge a complaint with a supervisory authority:

  You can lodge a complaint against the processing with a competent supervisory authority. In NRW, the LDI NRW is responsible; alternatively, a complaint can also be made to any other supervisory authority.

• Article 13(2)(e) GDPR - Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, and whether the data subject is obliged to provide the personal data and the possible consequences of failing to provide such data:

  Not applicable.

• Article 13(2)(f) GDPR - The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject:

  There is no profiling or other automated decision-making using the processed data.

• Article 13(3) GDPR - If the controller intends to process personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2:

  No processing planned.

• Article 14(2)(a) GDPR - Information obligation when the data are not collected from the data subject. From which source the personal data originate and, if applicable, whether they come from publicly accessible sources:

  Not applicable.

Terms of Use

Comma Soft AG offers the GenAI solution "Alan" as Software as a Service (SaaS) and operates the entire solution, including the Comma LLM, with Deutsche Telekom AG in Germany according to German data protection law. The first month is provided free of charge by Comma Soft AG to enable a trial phase. Subsequently, Comma Soft AG and the customer agree on contractual terms for further paid use.

The provision of the solution is as Software as a Service. It is aimed to ensure the solution is available without interruption. Any disruptions will be rectified as quickly as possible.

The installation and use of Alan are implemented as a browser-based Software-as-a-Service (SaaS). This software allows answering questions through a chat interface using a large language model (LLM), leveraging internal company knowledge and proprietary data sources.

When customers upload and use internal company documents, it is assumed that the documents do not contain any personal data other than contact information publicly accessible within the customer's organization, especially no sensitive personal data. The customer curates the documents accordingly.

It is also assumed that the use during a trial phase is not yet part of the customer's essential business processes. Rather, the suitability is to be evaluated within the trial phase. For productive long-term use, Comma Soft AG and the customer agree on the necessary protective measures. The customer actively approaches Comma Soft AG for this purpose.

The GenAI solution "Alan" is operated in compliance with German and European data protection laws in the Open Telekom Cloud on servers in Germany. Detailed information on the security standards and compliance measures of the Open Telekom Cloud can be found in the following section.

Hosting by Comma Soft AG as SaaS in the Open Telekom Cloud

• Certifications: https://www.open-telekom-cloud.com/de/produkte-services/core-services/zertifikate
  • Additionally, Data Protection & Compliance: https://www.open-telekom-cloud.com/de/sicherheit/datenschutz-compliance
• High availability / SLAs: https://www.open-telekom-cloud.com/de/business-navigator/hochverfuegbare-rechenzentren
  • Additionally, Technical Measures in Data Centers: https://www.open-telekom-cloud.com/de/sicherheit/rechenzentren

Usage Restrictions

To ensure fair resource distribution and maintain system integrity, we reserve the right to technically limit access to the Comma LLM or the entire solution for individual users with unusually high usage rates. This measure aims to avoid system overloads and ensure consistently high service quality for all users.

Specific usage limits are dynamically set and refer exclusively to cases of exceptional use by individuals. These limits can be adjusted based on overall demand and available system performance. It is our concern to communicate such adjustments transparently and to implement them only when necessary to protect the quality and availability of our services for all users.

The shared use of an account by multiple people is not allowed. In case of violation of this regulation, Comma Soft AG reserves the right to charge additional fees equal to the regular subscription fee per unauthorized user or to terminate the contract extraordinarily.