Back

Privacy Policy

February 23, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

AmtHelfer
Anschrift wird auf Anfrage mitgeteilt
E-Mail: support@amthelfer.de

2. Overview of Data Processing

AmtHelfer is a browser-based web application for AI-powered analysis of German-language documents. The service was designed with a "Privacy by Design" approach:

  • Uploaded documents are processed in your browser and are not stored on our servers.
  • The local document vault stores data exclusively in your browser's IndexedDB.

3. Legal Basis

Processing of personal data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR — Consent (e.g., newsletter signup)
  • Art. 6(1)(b) GDPR — Performance of a contract (e.g., licensing, registration, AI analysis)
  • Art. 6(1)(f) GDPR — Legitimate interest (e.g., abuse prevention, rate limiting)

4. AI-Powered Document Analysis

The core function of AmtHelfer is AI analysis of uploaded documents. The extracted text of your document is transmitted to an external AI provider for processing.

4.1 What data is transmitted?

  • The full text content of the uploaded document
  • For camera/image uploads: the document image is sent directly to the AI provider for analysis (no text extraction on your device)
  • The selected output language
  • The detected document type

4.2 AI Providers

Not transmitted: the original file itself, your name, email address, or other account data.

Note: The document text may itself contain personal data (e.g., names, addresses, salaries in an employment contract). Please only upload documents whose content you are willing to share with the AI provider.

ProviderUse
Anthropic, Inc. (San Francisco, USA)Document analysis (demo users)
OpenAI, Inc. (San Francisco, USA)Document analysis (licensed users)
OpenAI, Inc.Voice input transcription

5. Voice Input (Voice Chat)

When using the optional voice input feature, the audio recording is transmitted via our server to the OpenAI API for transcription. The recording is not permanently stored on our server or by the provider.

5a. Data Transfer to Third Countries

Your data is transmitted to providers in the USA (OpenAI, Anthropic). This transfer is based on the EU-US Data Privacy Framework (EU Commission adequacy decision of July 10, 2023) and/or the EU Standard Contractual Clauses (SCC).

6. Registration and User Account

During registration, the following data is collected:

  • Email address — for identification and communication
  • Password — stored exclusively as a cryptographic hash (scrypt); the plaintext password is never stored

7. Payment Processing (Stripe)

We use Stripe, Inc. (San Francisco, USA) for payment processing. You are redirected to a Stripe-hosted page for payment. We do not receive or process any payment data (credit card numbers, etc.).

After successful payment, we receive from Stripe: your email address and the Stripe session ID (internal reference).

8. Analytics

AmtHelfer uses Plausible Analytics, a privacy-friendly analytics service that sets no cookies and stores no personal data. IP addresses are fully anonymized.

Authentication is handled via a token stored in localStorage (not a cookie).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

9. Email Services

Transactional emails (Resend): For sending license codes and password resets, we use Resend, Inc. (USA). Only your email address is transmitted.

10. Demo Usage and Rate Limiting

For unregistered users, the number of free analyses is limited (currently 3 per IP address). For this purpose, we store your IP address, the number of analyses performed, and the timestamp of the last analysis.

This data is used exclusively for abuse prevention and rate limiting. Legal basis: Art. 6(1)(f) GDPR.

11. Sharing Feature

Users can share analysis results via a temporary link. The analysis result (as JSON) is stored on our server for 7 days and then automatically deleted. The original file is not stored.

12. Local Data Storage in the Browser

AmtHelfer stores the following data exclusively locally in your browser (IndexedDB and localStorage). This data does not leave your device:

IndexedDB: Chat history, document vault, text fragments, search vectors, templates, settings.

localStorage: Language setting, authentication token, license code, analysis counter.

You can remove this data at any time via your browser settings (clear site data).

13. Data Transfer to Third Countries

Some of the service providers we use are based in the USA. Data transfers are based on the EU-US Data Privacy Framework (where the provider is certified) and Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR.

14. Your Rights as a Data Subject

You have the following rights at any time:

  • Right of access (Art. 15 GDPR) — What data we have stored about you
  • Right to rectification (Art. 16 GDPR) — Correction of inaccurate data
  • Right to erasure (Art. 17 GDPR) — Deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18 GDPR) — Restriction of processing
  • Right to data portability (Art. 20 GDPR) — Your data in a machine-readable format
  • Right to object (Art. 21 GDPR) — Object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3) GDPR) — At any time without giving reasons

support@amthelfer.de

15. Changes to This Privacy Policy

We reserve the right to update this privacy policy as needed to reflect changes in the law or modifications to the service. The current version is always available at this URL.

AmtHelfer, Anschrift wird auf Anfrage mitgeteilt
support@amthelfer.de