Skip to main content
Status: Early Access · May 2026 EU-VAT OSS · XRechnung · IFRS 15 New: ZUGFeRD roadmap from June 2026
Kontorion

Privacy Policy

As of: May 2026

This privacy policy describes which personal data we process when you use the website kontorion.eu, for what purposes and on what legal basis, and which rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller within the meaning of Art. 4(7) GDPR is:

Frontier Algorithmics UG (haftungsbeschränkt)
Koppoldstr. 1
86551 Aichach, Germany
Phone: +49 941 20902125
Email: contact@frontieralgorithmics.com
Represented by: Zaid Marzguioui

Commercial Register: HRB 20570, Local Court (Amtsgericht) Regensburg
Further mandatory information is available in our Legal Notice.

2. Data Protection Officer

We have not appointed a Data Protection Officer. Based on our assessment, no such obligation applies: Frontier Algorithmics UG (haftungsbeschränkt) does not meet the threshold set out in § 38(1) BDSG (generally at least 20 persons constantly engaged in the automated processing of personal data), nor do we process personal data in a way that mandatorily requires a DPO under Art. 37(1) GDPR. In particular, regular and systematic monitoring of data subjects on a large scale is not part of our core activities, and we do not process special categories of personal data within the meaning of Art. 9 GDPR on a large scale.

For data protection enquiries, please contact: contact@frontieralgorithmics.com.

3. Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data, without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de

Persons habitually resident in another EU Member State may additionally contact the data protection supervisory authority responsible for their place of residence.

4. Your Rights as a Data Subject

With respect to the personal data concerning you, you have the following rights:

  • Access to the data being processed (Art. 15 GDPR)
  • Rectification of inaccurate or incomplete data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR, "right to be forgotten")
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on Art. 6(1)(f) GDPR, and at any time to direct marketing (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

To exercise your rights, an informal message to contact@frontieralgorithmics.com is sufficient. We may, in individual cases, request additional information to verify your identity.

5. General Information about Data Processing

This privacy policy applies to the pages accessible at kontorion.eu and kontorion.eu/en as well as their sub-pages. Kontorion is a B2B SaaS offering; the website is addressed to businesses, not to consumers within the meaning of § 13 BGB.

The overarching legal bases for our processing activities are:

  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – Compliance with legal obligations (e.g., commercial and tax law retention obligations)
  • Art. 6(1)(f) GDPR – Legitimate interest

Personal data is deleted as soon as the purpose of storage ceases to apply and no statutory retention obligations stand in the way. The specific retention period for each processing activity is stated in the relevant section below.

6. Hosting and Website Delivery

The website is operated on servers located within the European Union. The following hosting and infrastructure providers are used; each acts as a processor within the meaning of Art. 28 GDPR. Data processing agreements (Auftragsverarbeitungsverträge) are in place with all providers listed:

  • IONOS SE & Co. KGaA, Elgendorfer Straße 57, 56410 Montabaur, Germany
  • STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany
  • Scaleway SAS, 8 rue de la Ville l’Évêque, 75008 Paris, France
  • OpusDNS GmbH (DNS resolution)

All processing locations are situated within the EU/EEA; no transfer to third countries takes place in the context of hosting.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure, performant and reliable provision of the website).

7. Server Log Files

Each time a page is accessed, the web server automatically records technical information that your browser transmits. This includes:

  • IP address (truncated/anonymized)
  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device
  • Date and time of the server request

Purposes: ensuring uninterrupted operation, detection and prevention of abusive access, and error analysis. This data is not merged with other data sources or used for profiling.

Retention period: as long as technically required for the security purposes mentioned above, typically up to 14 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security and stable operation).

8. Contact and Demo Requests (Formbricks)

We collect contact and demo requests on the website using the open-source software Formbricks. Formbricks is operated exclusively on our own infrastructure under the subdomain surveys.kontorion.eu. Frontier Algorithmics UG (haftungsbeschränkt) remains the controller; no transfer to an external provider takes place. Processing under Art. 28 GDPR is therefore not required because no third party is involved.

The forms are technically embedded as an iframe from surveys.kontorion.eu. When the contact page is loaded, an additional connection is therefore established with this subdomain; technical connection data (e.g., IP address, time of access) is processed in the same way as described in section 7.

Fields collected:

  • Name (mandatory)
  • Email address (mandatory)
  • Company (optional)
  • Role or function (optional)
  • Message (mandatory)

Demo requests may include additional questions about the company context. Mandatory and optional fields are marked as such in the form.

Purpose: handling your enquiry and any subsequent business communication.

Legal basis:

  • Art. 6(1)(b) GDPR, where the enquiry aims at the conclusion of a contract or is of a pre-contractual nature.
  • Art. 6(1)(f) GDPR otherwise (legitimate interest in responding to general enquiries).

Retention period: enquiries are deleted as soon as they have been finally dealt with and no further communication is to be expected, but at the latest six months after the conclusion of the correspondence, unless commercial or tax law retention obligations (in particular § 257 HGB, § 147 AO; up to 6 or 10 years for business letters and invoices) apply.

9. Web Analytics with Umami (cookie-free)

For audience measurement we use the open-source web analytics tool Umami. Umami is operated exclusively on our own infrastructure under the subdomain analytics.kontorion.eu; no transfer to third parties takes place.

Umami operates deliberately cookie-free: it neither sets cookies nor stores or reads any other persistent identifiers on your device. To recognize sessions, a daily-rotating hashed value is generated server-side which can no longer be linked to a user after 24 hours. Because no information is accessed on, or stored in, your terminal device, consent under § 25(1) TTDSG (the German implementation of the ePrivacy Directive) is not required.

The following information is collected:

  • page accessed (URL and title)
  • referrer source
  • browser type, screen resolution, language
  • approximate region based on the truncated IP address
  • selected events (e.g., clicks on the contact or demo tab, loading of the contact forms, clicks on navigation links)

Identification of individual visitors is not possible from this data.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly audience measurement to improve our website).

Right to object: you may object to this processing at any time in accordance with Art. 21 GDPR, e.g., by activating the "Do Not Track" browser header or by using a tracker blocker that prevents connections to analytics.kontorion.eu.

10. Payment Processing via Stripe

For the processing of paid subscriptions (plans "Starter", "Scale" and "Enterprise") we use the payment service provider Stripe:

Stripe Payments Europe, Limited
1 Grand Canal Street Lower, Grand Canal Dock
Dublin, D02 H210, Ireland

Based on our legal assessment and on Stripe's data processing agreement, Stripe acts in part as a processor (for the handling of the specific payment and directly related data) and in part as an independent controller (in particular for fraud prevention, risk assessment and the fulfilment of Stripe's own regulatory obligations as a payment service provider).

When a contract is concluded via the Stripe-hosted checkout page, the following data in particular is processed:

  • name and email address
  • billing address (mandatory)
  • VAT identification number, if provided
  • payment method (credit card or SEPA direct debit); full card or bank details are processed exclusively by Stripe and are not disclosed to us
  • selected subscription, language and country
  • 14-day trial period and automatic tax calculation via Stripe Tax

Data may be transferred to Stripe, Inc. (United States) and thus to a third country. Stripe, Inc. is certified under the EU-US Data Privacy Framework (DPF); EU Standard Contractual Clauses (SCCs) and a data processing agreement with Stripe additionally apply.

Legal basis:

  • Art. 6(1)(b) GDPR (performance of a contract) for the payment itself.
  • Art. 6(1)(c) and (f) GDPR where Stripe processes data for fraud prevention or to fulfil its own regulatory obligations as an independent controller.
  • Art. 44 et seq. GDPR in conjunction with the EU-US DPF and Standard Contractual Clauses for the transfer to the United States.

Retention period: contract and invoice data is retained pursuant to § 257 HGB and § 147 AO for up to 10 years after the end of the relevant fiscal year.

Further information about data processing by Stripe is available at: https://stripe.com/privacy

11. Stripe Customer Portal

Existing customers can manage their contract, invoice and payment data via the Stripe-hosted Customer Portal. Login takes place via a Stripe-provided login page using only the email address on file; a sign-in link is sent by email.

Within the portal, you can in particular:

  • view and download invoices
  • add, change or remove payment methods
  • update billing address and VAT identification number
  • cancel subscriptions at the end of the contract term

The categories of data processed in the portal correspond to those set out in section 10; the allocation of responsibility between Stripe and us applies accordingly.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

12. Cookies and Local Storage

On the kontorion.eu website we set no tracking cookies and use no advertising pixels. No third-party scripts for advertising, social media or cross-site tracking are loaded.

The only technical mechanism we use is:

  • a temporary entry in your browser's SessionStorage (lang-checked), which prevents language detection from running multiple times during a session; the entry is automatically deleted when the browser tab is closed and contains no personal data.

During checkout you are redirected to pages operated by Stripe (checkout.stripe.com, billing.stripe.com, portal.stripe.com). Stripe may set its own cookies on these pages; these are governed exclusively by Stripe's privacy policy (see section 10).

Legal basis: § 25(2) no. 2 TTDSG (storage access strictly necessary to provide a service expressly requested by the user) and Art. 6(1)(f) GDPR.

13. Changes to this Privacy Policy

We update this privacy policy when legal requirements or the procedures actually used on the website change. The version published at https://kontorion.eu/en/datenschutz is always authoritative. The date stated above reflects the current version.

As of: May 2026

Book a demo

15 minutes, no sales presentation. Describe your business model, we show you the matching blueprint.

Prefer email? Reach us at contact@frontieralgorithmics.com