Privacy Policy

We appreciate your interest in our website. The protection of your privacy is of great importance to us. Below we inform you about the handling of your personal data when using our website in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection provisions. Personal data is any data with which you can be personally identified.

The controller responsible for data processing on this website within the meaning of the GDPR is Ultramarin GmbH, Schönhauser Allee 43a, 10435 Berlin.

Phone: +49 30 555 785 450
Email: contact@ultramarin.ai

This website uses the widely adopted SSL (Secure Socket Layer) or TLS (Transport Layer Security) method in conjunction with the highest level of encryption supported by your browser. These security measures protect the transmission of personal data. You can recognize an encrypted connection by the https:// prefix and the lock symbol in your browser's address bar.

Furthermore, Ultramarin GmbH employs appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. These include, among others, the use of encryption technologies, regular security audits, and strict access controls.

Consent — Art. 6(1)(a) GDPR

The basis for processing your data is your consent (Art. 6(1)(a) GDPR). You may revoke this at any time. Please note that revocation only applies for the future and does not affect the lawfulness of processing carried out prior to revocation. We will always inform you about the precise details of processing within the scope of the respective inquiry.

Performance of a Contract — Art. 6(1)(b) GDPR

We use your personal data to fulfill our contractual obligations to you (Art. 6(1)(b) GDPR). This is necessary so that we can provide you with our services as agreed — specifically, this relates to the use of Shyller.

Legitimate Interest — Art. 6(1)(f) GDPR

We process your data to safeguard our legitimate interests pursuant to Art. 6(1)(f) GDPR. We ensure in advance through a balancing of interests that your data protection rights and expectations do not outweigh our purposes. This ensures a fair balance between our services and your protection.

We use the service Appwrite (www.appwrite.io) for managing user accounts and authentication on our website.

Unlike a purely informational visit to our website, data is only transmitted to Appwrite when you actively log into your user account or create a new account. Only at that point does your browser establish a connection to the provider's servers.

When creating a user account and during subsequent login, the following data is collected and forwarded to Appwrite for processing:

• Email address
• First and last name
• Password (in encrypted form)

This data processing is based on Art. 6(1)(b) GDPR, as the information is necessary for the fulfillment of the user agreement and the provision of Shyller's features.

As a matter of principle, we do not share customer data with third parties. In exceptional cases and within the scope of data protection regulations, customer data may be shared with third parties for the stated purposes. These include external service providers such as IT service providers (e.g., Appwrite and PostHog), as well as product partners.

We ensure that third-party providers implement appropriate data protection measures and protect your data in accordance with applicable data protection regulations.

When processing your personal data, Ultramarin GmbH strictly adheres to the requirements of the GDPR. We are guided by the following principles:

• Lawfulness, fairness, and transparency: We process your data only with your explicit consent. Before you give consent, we explain clearly and completely for what purpose we need the data.
• Data minimization: We only ask for information that is absolutely necessary for the respective purpose. Our principle is: as little as possible, as much as necessary.
• Storage limitation: We only retain your data for as long as is necessary for the agreed purpose. We inform you transparently about the exact retention periods.
• Integrity and confidentiality: Security is our top priority. Ultramarin GmbH implements comprehensive technical and organizational measures to protect your data from unauthorized access or misuse by third parties.

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and — where applicable — additionally by the respective statutory retention period.

Personal data processed on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR will be stored until the data subject revokes their consent.

Once the customer provides us with personal data and a contractual relationship is established and services are rendered on this basis, we are bound by commercial, tax, and regulatory archiving, documentation, and disclosure obligations. These obligations also cover customer data. Such retention periods range from two to ten years. The legal basis for this is Art. 6(1)(b) and (c) GDPR. After expiry of these periods, data is routinely deleted unless it is still required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in continued storage.

Personal data processed on the basis of Art. 6(1)(f) GDPR will be stored until the data subject exercises their right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

Unless otherwise stated in other sections of this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

As a data subject, you have the following rights vis-à-vis the controller:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to notification pursuant to Art. 19 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to withdraw consent pursuant to Art. 7(3) GDPR
• Right to lodge a complaint pursuant to Art. 77 GDPR

Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21(1) GDPR. The objection must be substantiated and addressed in writing to the controller.

If you exercise your right to object, we will cease processing the data concerned. However, further processing remains reserved if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

We use technically necessary cookies and local storage technologies for our tool. These are small text files or data packets stored in your browser.

• Purpose: These are strictly necessary to provide the core functionality of the tool (e.g., storing login status, session ID, security features). Without these technologies, the tool could not be operated securely or reliably.
• Legal basis: The use of these technically necessary features is based on Art. 6(1)(f) GDPR (legitimate interest in a technically error-free provision of our services).
• Storage duration: Session cookies are automatically deleted when you end your visit or close your browser. Other data in local storage remains permanently until you manually delete it in your browser or the browser cache is cleared.

This privacy policy is currently valid as of April 2026.

Due to the further development of the website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed at any time on the Shyller website (www.shyller.ai).