Privacy Policy

(Datenschutzerklärung)

Isaree GmbH

Last updated: March 2026

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR is:

Isaree GmbH Friedrichstr. 155 10117 Berlin Germany Email: info@isaree.ai

2. Scope of Application

This Privacy Policy applies to the processing of personal data in connection with:

  • access to and use of the Isaree website;
  • use of platform services, including sandbox, beta, and production environments;
  • use of AI-based tools and functionalities;
  • communication between users and Isaree.

3. Categories of Personal Data

Depending on the nature and extent of use, the following categories of personal data may be processed:

  • Identification and contact data (e.g. name, email address, telephone number);
  • Account and registration data (e.g. login credentials, user role, organisation);
  • Usage and interaction data (e.g. accessed pages, timestamps, interactions);
  • Technical data (e.g. IP address, browser type, device information);
  • Communication data (e.g. inquiries, support requests);
  • Content data (e.g. user inputs, prompts, uploaded content, configurations).

4. Processing of Special Categories of Personal Data

The Services are intended for use by healthcare professionals. In the course of using the Services, users may input or otherwise process data that qualifies as special categories of personal data within the meaning of Art. 9 GDPR, in particular health data.

Such data is processed:

  • exclusively upon input by the user;
  • under the responsibility of the user;
  • solely for the purpose of providing the requested functionalities.

The legal basis for such processing is:

  • Art. 9(2)(a) GDPR (explicit consent), where applicable; and/or
  • Art. 9(2)(h) GDPR (healthcare purposes), where applicable.

The user is solely responsible for ensuring that any processing of such data is lawful.

5. Purposes and Legal Bases of Processing

Personal data is processed for the following purposes and on the following legal bases:

5.1 Provision of the Website

Processing is carried out on the basis of Art. 6(1)(f) GDPR for the purpose of ensuring the functionality, stability, and security of the website.

5.2 Communication and Handling of Inquiries

Processing is carried out on the basis of Art. 6(1)(b) GDPR, where the request relates to contractual or pre-contractual matters, and otherwise on the basis of Art. 6(1)(f) GDPR.

5.3 Provision of Platform Services

Processing is carried out on the basis of Art. 6(1)(b) GDPR to enable the use of platform functionalities, including AI-supported tools and user accounts.

5.4 Operation, Maintenance and Improvement of Services

Processing is carried out on the basis of Art. 6(1)(f) GDPR for the purpose of maintaining, improving, and securing the Services.

Where possible, data is processed in anonymised or pseudonymised form.

5.5 Compliance with Legal Obligations and Enforcement

Processing is carried out on the basis of Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR to comply with legal obligations and to prevent misuse of the Services.

5.6 Newsletter

Processing is carried out on the basis of Art. 6(1)(a) GDPR, subject to prior consent.

5.7 Depending on the specific use case, Isaree acts as an independent controller within the meaning of Art. 4 No. 7 GDPR. Where data is processed on behalf of users, separate data processing agreements may apply.

6. Processing in the Context of AI-Based Functionalities

When using AI-based functionalities:

  • user inputs (including prompts and uploaded content) are processed to generate outputs;
  • such inputs may be stored and analysed for the purposes of system operation, debugging, quality assurance, and improvement;
  • outputs are generated automatically and may be incomplete or inaccurate.

Users are responsible for ensuring that no personal data is processed without a valid legal basis. Such processing is necessary for the provision of the requested functionalities within the meaning of Art. 6(1)(b) GDPR.

7. Use of Cookies and Tracking Technologies

7.1 The website may use cookies and similar technologies to ensure the proper functioning of the website, to analyse usage, and to improve user experience.

7.2 Cookies are small text files stored on the user's device. They may contain information such as browser type, IP address, and visited pages.

7.3 The use of strictly necessary cookies is based on Art. 6(1)(f) GDPR, as they are required for the technical operation of the website.

7.4 The use of non-essential cookies, in particular for analytics or tracking purposes, is based on Art. 6(1)(a) GDPR and requires the user's prior consent.

7.5 Users may manage or withdraw their consent at any time via the cookie settings available on the website.

7.6 Further information on the specific cookies used, their purpose, and storage duration is provided in the cookie banner or consent management tool.

8. Recipients of Personal Data

Personal data may be disclosed to the following categories of recipients:

  • providers of hosting and infrastructure services;
  • providers of IT, support, and maintenance services;
  • providers of AI or data processing services;
  • public authorities, where required by law.

Where required, such recipients act as processors within the meaning of Art. 28 GDPR and are contractually bound accordingly.

9. Transfers to Third Countries

Personal data may be transferred to countries outside the European Economic Area (EEA).

Such transfers are carried out in compliance with applicable legal requirements, in particular on the basis of:

  • Standard Contractual Clauses (Art. 46 GDPR); or
  • adequacy decisions of the European Commission.

10. Storage Duration

Personal data is stored only for as long as necessary for the purposes described in this Privacy Policy or as required by statutory retention obligations.

In particular:

  • communication data is stored until the request has been fully processed;
  • usage and technical data is stored for a limited period for security and optimisation purposes;
  • account-related data is stored for the duration of the user relationship and thereafter in accordance with statutory retention requirements.

To the extent that Isaree processes such data, processing is based on Art. 9(2)(a) GDPR (explicit consent) or other applicable legal bases.

11. Data Subject Rights

Data subjects have the following rights under the GDPR:

  • right of access (Art. 15 GDPR);
  • right to rectification (Art. 16 GDPR);
  • right to erasure (Art. 17 GDPR);
  • right to restriction of processing (Art. 18 GDPR);
  • right to data portability (Art. 20 GDPR);
  • right to object (Art. 21 GDPR);
  • right to withdraw consent at any time (Art. 7(3) GDPR).

Requests may be directed to: info@isaree.ai

12. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with a supervisory authority.

Competent supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Alt-Moabit 59–61 10555 Berlin Germany

13. Provision of Personal Data

The provision of personal data is partly required by law or contract and partly necessary for the use of the Services.

Failure to provide personal data may result in limited or unavailable functionality.

14. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

15. Security Measures

Isaree implements appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.

16. Amendments

Isaree reserves the right to amend this Privacy Policy to reflect changes in legal requirements or the Services.

The version published on the website at the time of access shall apply.