Richi LogoRichi

Privacy Policy

GDPR compliant · EU AI Act compliant

Last updated: July 2026

Applies to: https://www.richi.solutions and all subpages

1. Data Controller

Richi AI
Owner: Yves-Marcel Richel
Homburger Landstr. 851
60437 Frankfurt am Main
Deutschland

E-Mail: info@richi.solutions
Website: https://www.richi.solutions

2. Data Protection Contact

For all data protection inquiries, please contact:
E-Mail: info@richi.solutions

3. Use of Artificial Intelligence (EU AI Act)

Richi deploys AI systems in accordance with Regulation (EU) 2024/1689 (EU AI Act) and the GDPR. The AI systems used serve the creation of content and the development of our services and fall into the low-risk category.

Areas of use include:

  • AI-assisted creation of content and visual assets (e.g., the homepage image sequence)
  • Automated content workflows (e.g., development updates for social media)
  • AI-assisted software development (code assistance)
  • Analysis of aggregated, anonymized usage data to improve the website

No fully automated decision-making with legal or significant effects on users takes place (Article 22 GDPR, Article 86 EU AI Act). Personal data of website visitors is not processed by AI systems.

Transparency notice per Art. 50 EU AI Act: AI-generated or AI-assisted content is labeled as such where required by the regulation. The AI models used are provided by third parties and are subject to their terms of service. User data is not used to train external AI models.

Your rights regarding AI: You have the right to human review of automated decisions, to an explanation of the logic behind AI-powered features, and to object to AI-based processing pursuant to Art. 21 GDPR.

4. Categories of Processed Data

Depending on your interaction with our website, we process the following data:

  • Contact data (name, email address — when using the contact form)
  • Technical data (IP address, browser type, device, operating system, pages visited)
  • Communication data (messages submitted via forms or email)
  • Account data (email address, encrypted credentials — registered users only)

5. Legal Basis for Processing

Processing is carried out on the following legal bases according to GDPR:

  • Article 6(1)(a) — Consent (e.g., reaching out via the contact form)
  • Article 6(1)(b) — Contract fulfillment (provision of the website, account management)
  • Article 6(1)(f) — Legitimate interest (security, fraud prevention, website improvement)
  • Article 6(1)(c) — Legal obligation (statutory retention periods)

6. Hosting and Technical Infrastructure

Our website is hosted on Vercel (server region Frankfurt, EU); database, authentication, and media delivery run on Supabase (data centers in the EU). Data processing takes place primarily within the European Union. Our service providers operate under GDPR-compliant data processing agreements (DPA) pursuant to Article 28 GDPR.

7. Third-Party Service Providers and Data Processors

We engage the following data processors to provide our services (Art. 28 GDPR):

  • Vercel Inc. — Hosting and aggregated web analytics (EU-US Data Privacy Framework / SCC)
  • Supabase — Database, authentication, storage (EU region)
  • Resend — Email delivery for the contact form (Standard Contractual Clauses per Art. 46 GDPR)

All data processors are contractually bound to GDPR compliance. For data transfers to third countries (USA), Standard Contractual Clauses (SCC) and/or an adequacy decision by the EU Commission (EU-US Data Privacy Framework) are in place.

8. Cookies and Local Storage

This website uses only technically necessary cookies and local storage to ensure functionality (session management, language preferences, authentication status). No tracking cookies or marketing cookies are used. Storage is based on legitimate interest (Art. 6(1)(f) GDPR) as it is necessary for service operation. Separate consent is not required under § 25 para. 2 TDDDG (formerly TTDSG).

9. Data Storage and Security

All data is stored only as long as necessary for its intended purpose or as required by law. We employ the following security measures: SSL/TLS encryption, row-level security (RLS) at the database level, and regular security audits.

10. International Data Transfers

Data transfers to third countries (particularly the USA) only occur with adequate safeguards: Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR and/or based on the adequacy decision of the EU Commission (EU-US Data Privacy Framework). We regularly review the effectiveness of these safeguards.

11. Your Rights

You have the following rights under GDPR:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of data — "right to be forgotten" (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)
  • Right to human review of automated decisions (Art. 22 GDPR, Art. 86 EU AI Act)
  • Lodge a complaint with your supervisory authority

Competent Supervisory Authority:
The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de

12. Retention Periods

Account data is removed within 30 days of account deletion, unless legal retention obligations apply. Tax-relevant data is retained for 10 years per § 147 AO and § 257 HGB. Server logs are stored for a maximum of 90 days.

13. Local Data Storage

The website stores in your browser's local storage: language preference, theme setting, and — for signed-in users — the session state (Supabase Auth). This data never leaves your device and serves functionality only.

You can delete local data at any time through your browser settings.

14. Updates to this Policy

We update this privacy policy as needed to reflect new legal developments (including EU AI Act) or technological changes. The latest version is always available at: https://www.richi.solutions/datenschutz