Privacy Policy

Last Updated: January 23, 2026

This Privacy Policy applies to AKI.IO GmbH, the website https://aki.io, and all related services, including the AI model hosting platform (together the “Services”). AKI.IO GmbH acts as the controller within the meaning of Art. 4(7) GDPR.

1. Controller

AKI.IO GmbH
Marienburger Str. 1
10405 Berlin, Germany
Email: privacy@aki.io

2. Principles of Processing

We process personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality pursuant to Art. 5 GDPR. Access to personal data is restricted to authorised personnel on a strict need-to-know basis and protected by appropriate technical and organisational measures in line with ISO/IEC 27001.

All processing is carried out exclusively within the European Economic Area (EEA). No data is transferred to third countries.

3. Categories of Personal Data

We process the following categories of personal data:

  • Identification data (name, username, title)
  • Contact and master data (email address, billing address, phone number)
  • Financial and payment data (registered address, bank details, VAT-ID)
  • Transaction data (payments)
  • Technical data (IP address, device and browser information)
  • Account and profile data (login credentials, support requests)
  • Usage data (interaction with website and services)

4. Legal Bases for Processing

Each processing activity is based on one dominant legal basis:

  • Art. 6(1)(b) GDPR: performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR: compliance with a legal obligation
  • Art. 6(1)(f) GDPR: legitimate interests
  • Art. 6(1)(a) GDPR: consent, where explicitly obtained

Our legitimate interests include ensuring IT security, preventing fraud and misuse, maintaining platform stability, and conducting proportionate B2B communication.

5. Account Registration and Service Provision

For registration, authentication, and management of user and company accounts, we process identification, contact, and login data.

Dominant legal basis: Art. 6(1)(b) GDPR.

6. Communication and Contractual Information

We process contact data exclusively to provide contractual information, service-related notices, billing communications, and other transactional emails necessary for the performance of the contract. No marketing or promotional emails are sent.

Dominant legal basis: Art. 6(1)(b) GDPR.

7. Billing and Payments

Payment, invoicing, and transaction data are processed to execute payments and comply with statutory accounting and tax obligations.

Dominant legal basis: Art. 6(1)(b) GDPR; for statutory retention, Art. 6(1)(c) GDPR.

8. Technical Logs, Security, and Error Analysis

Technical logs and usage data are processed solely to ensure platform security, stability, and error resolution. Processing is limited to what is technically necessary.

Dominant legal basis: Art. 6(1)(f) GDPR.

9. Legal Obligations and Compliance

We process personal data to comply with legal obligations, including tax law, accounting, anti-money laundering, sanctions, and regulatory requirements.

Dominant legal basis: Art. 6(1)(c) GDPR.

10. Fraud Prevention and Sanctions Screening

Identification and transaction data may be processed to prevent fraud and perform sanctions list checks.

Dominant legal basis: Art. 6(1)(f) GDPR (in combination with applicable EU sanctions law where relevant).

11. B2B AI Model Hosting and Processing on Behalf of Customers

When customers use our platform to process personal data via hosted AI models, AKI.IO acts as a processor within the meaning of Art. 28 GDPR. Processing is carried out solely on documented instructions of the customer.

Customer-provided content, including prompts, inputs, and generated outputs, is not logged, stored, or analysed by AKI.IO. Processing occurs exclusively in volatile memory for the purpose of providing the requested service.

A Data Processing Agreement (DPA) is made available during company registration and can be accessed at any time in the authenticated user backend.

12. Website Analytics (Matomo)

We use the web analytics tool Matomo, hosted on our own servers within the EEA, to analyse website usage.

Dominant legal basis: Art. 6(1)(f) GDPR.

No data is transferred to third countries. You may object to this processing at any time via this opt-out mechanism:

13. Communication Requests

Personal data transmitted via email, phone, or contact forms is processed solely to handle inquiries.

Dominant legal basis: Art. 6(1)(b) GDPR or, where no contractual relationship exists, Art. 6(1)(f) GDPR.

14. Social Media Presence and Joint Controllership

We operate official social media accounts. For certain processing activities, we act as joint controllers with the respective platform providers pursuant to Art. 26 GDPR.The essence of the joint controller arrangement is as follows: the platform provider is primarily responsible for data processing relating to platform operation, analytics, advertising, and account management, while we are responsible for processing related to communication, content management, and interaction with users on our pages. Data subjects may exercise their rights against either controller.

Dominant legal basis: Art. 6(1)(f) GDPR.

15. Data Retention

Personal data is deleted or anonymised within 90 days once the processing purpose no longer applies. Statutory retention obligations remain unaffected.

16. Rights of Data Subjects

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

17. Supervisory Authority

Berlin Commissioner for Data Protection and Freedom of Information.
Friedrichstrasse 21910969 Berlin, Germany
Phone: 030 13889-0
Fax: 030 2155050
Email: mailbox@datenschutz-berlin.de
https://www.datenschutz-berlin.de/

18. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

19. Cookies

We use cookies to display our websites, provide services, check for outages, and take measures against spam, fraud, and abuse (necessary cookies). We also collect data on website statistics and interactions to improve the quality of our services (statistical cookies). You can object to the use of statistical cookies, such as anonymized personal data, in the cookie settings without restricting the functionality of the website.

20. Amendments

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.