Zur deutschen Version wechseln

Privacy Policy

Last Updated: November 19, 2025

1. Controller

The controller responsible for data processing on this website is:

pi-optimal UG (limited liability)
Unter den Linden 15
72762 Reutlingen
Germany

Managing Director: Jochen Luithardt
Commercial Register: Stuttgart District Court HRB 797217
VAT ID: DE451632183
Email: hello@pi-optimal.com

Data Protection Officer: No data protection officer has been appointed as the legal requirements for this do not apply (fewer than 20 employees regularly engaged in data processing).

Website: This privacy policy applies to pi-optimal.com (company website)
Product Website: pi-automate.com (separate privacy policy applies)

2. General Information on Data Processing

The protection of your personal data is very important to us. We process your data exclusively on the basis of legal provisions (GDPR, BDSG, TTDSG). This privacy policy informs you about the most important aspects of data processing within the scope of our website.

Personal Data

Personal data is all information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes in particular name, email address, and IP address.

Purpose of This Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online offering and the associated websites, functions, and content (hereinafter collectively referred to as "online offering" or "website").

About This Website

This website (pi-optimal.com) serves as our company information site, providing information about pi-optimal UG, our team, and our product pi-automate. This is a purely informational website without user accounts, forms, or interactive features beyond email contact.

Scope

This privacy policy applies to the company website pi-optimal.com. For our product website pi-automate.com, a separate privacy policy applies which you can find at https://pi-automate.com/privacy.

3. Hosting and Technical Infrastructure

3.1 Microsoft Azure Hosting

Our website is hosted on Microsoft Azure servers. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter "Azure").

Server Locations:

Azure West Europe (Netherlands)
Azure Germany West Central
All servers are located within the European Union

Processed Data:

IP address of the accessing computer
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes (referrer)
Browser and operating system

Purpose: The processing is necessary to provide the website, ensure system security, and defend against attacks.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing and securely operating our website).

Storage Duration: Server log files are stored for a maximum of 90 days and then automatically deleted.

Data Transfer: All servers are located in the European Union. No transfer to third countries occurs. Microsoft Azure processes data on our behalf under a standard Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

3.2 Azure Content Delivery Network (CDN)

We use Azure CDN to deliver website content faster and more reliably. All resources (fonts, scripts, stylesheets, images) are hosted on our own Azure CDN infrastructure.

Processed Data:

IP address (for routing purposes only)
Requested resources
Technical access data (browser, timestamp)

Purpose: Fast and reliable delivery of website content, improvement of loading times.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing a fast, reliable website).

Special Note: We host all resources (including fonts) on our own CDN. No data is shared with external providers like Google Fonts or external CDNs. This ensures maximum privacy protection for our visitors.

Storage Duration: CDN logs are stored for a maximum of 90 days.

4. Web Analytics with Plausible Analytics

We use Plausible Analytics, a privacy-friendly web analytics tool, to analyze and improve the use of our website. Plausible is self-hosted on our own Azure infrastructure.

Special Features of Plausible:

✓ No cookies are set
✓ No collection of personal data
✓ IP addresses are not stored
✓ No data sharing with third parties
✓ 100% GDPR compliant
✓ Self-hosted on our own servers

Processed Data:

Pages visited
Referrer (where the visitor came from)
Browser and operating system (anonymized)
Device type (desktop, mobile, tablet)
Country (derived by temporarily processing the IP address to determine location; the IP address itself is NOT stored)

Purpose:

Analysis of user behavior to improve the website
Detection of technical problems
Optimization of user experience
Understanding which information is most relevant to visitors

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and improving our website).

Storage Duration: Aggregated, anonymous statistics are stored indefinitely. Since no personal data is collected, there is no privacy risk.

No Cookies or Consent Required: Since Plausible does not use cookies and does not store personal data, no consent is required under § 25 TTDSG. No cookie banner is needed.

Self-Hosted: Unlike cloud-based analytics services, we host Plausible on our own Azure infrastructure, ensuring that no data leaves our control or is shared with third parties.

5. Contact via Email

You can contact us via email at hello@pi-optimal.com for partnership inquiries, business questions, press inquiries, career opportunities, or other matters.

Processed Data:

Your email address
Your name (if provided)
Company name and position (if provided)
Message content
Email metadata (date, time, subject line)

Purpose: Processing and responding to your inquiry.

Legal Basis:

Art. 6(1)(b) GDPR (pre-contractual measures) if your inquiry relates to potential business cooperation
Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries and maintaining business relationships)

Storage Duration:

General inquiries: 3 years or until you request deletion, whichever comes first
Business partnership inquiries that lead to contracts: Subject to statutory retention periods (typically 6-10 years under HGB/AO)
Press inquiries: 2 years or until you request deletion
Career inquiries: See Section 5.1 below

Recipients: Your email is received and processed exclusively by pi-optimal UG. No data is shared with third-party email service providers. All email communication is handled through our own systems.

No Automated Responses: We do not use automated email systems or chatbots. All responses are handled personally by our team.

5.1 Career Inquiries

If you contact us regarding career opportunities or send us your application documents:

Additional Data Processed:

CV/Resume
Cover letter
References (if provided)
Application-related documents

Purpose: Evaluation of your application for current or future positions.

Legal Basis: Art. 6(1)(b) GDPR (pre-contractual measures) and § 26 BDSG (employment relationship).

Storage Duration:

If you are hired: Data becomes part of your personnel file
If you are not selected: 6 months after completion of the application process, then deleted
You can request earlier deletion at any time

Consent for Talent Pool: We will ask for your explicit consent if we would like to keep your application on file for future opportunities beyond the 6-month period.

6. Cookies

Our website does not use cookies for marketing or tracking purposes. We do not set any cookies beyond those that may be technically necessary for basic website functionality.

What Are Cookies?

Cookies are small text files that are stored on your device by your browser. Cookies cannot execute programs or transfer viruses to your computer.

Current Cookie Usage

Our website currently does NOT use any cookies. The website functions entirely without cookies, as:

Plausible Analytics does not use cookies
We have no user accounts or login systems
We do not use marketing or tracking tools

No Tracking Cookies

We explicitly do NOT use:

Marketing cookies
Advertising cookies
Social media tracking cookies
Analytics cookies
Third-party cookies

Future Cookie Usage

Should we introduce technically necessary cookies in the future (e.g., for new features), we will:

Update this privacy policy
Only use cookies that are technically necessary
Inform visitors appropriately

Your Browser Settings

You can configure your browser to reject all cookies if desired. Since our website does not currently use cookies, this will not affect your ability to use our website.

7. External Links

Our website may contain links to external websites, including:

Social media profiles (LinkedIn, Twitter, etc.)
Partner websites
Press articles
Industry resources
Our product website (pi-automate.com)

Important: We have no influence on the content and data processing practices of external websites. When you click on an external link, you leave our website, and the privacy policy of the respective external site applies.

We are not responsible for:

The privacy practices of external websites
The content of external websites
The security of external websites
Data processing by external websites

Recommendation: Review the privacy policies of external websites you visit through our links.

Product Website: For pi-automate.com, our separate product privacy policy applies: https://pi-automate.com/privacy

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

8.1 Right of Access (Art. 15 GDPR)

You have the right to obtain information about the data we store about you. This includes in particular:

The processing purposes
The categories of personal data
The recipients or categories of recipients
The planned storage duration
The existence of a right to rectification, deletion, restriction, or objection
The existence of a right to complain
The origin of the data if it was not collected from us

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of incorrect or the completion of incomplete data.

8.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data if:

The data is no longer necessary for the purposes for which it was collected
You have withdrawn your consent and there is no other legal basis
You have objected to the processing and there are no overriding legitimate grounds
The data was processed unlawfully
Deletion is necessary to fulfill a legal obligation

Deletion may be refused if statutory retention obligations (e.g., HGB, AO: typically 6-10 years for business records) exist.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data if:

The accuracy of the data is disputed by you (during verification)
The processing is unlawful and you decline deletion
We no longer need the data, but you need it to assert, exercise, or defend legal claims
You have objected to the processing (pending verification of overriding legitimate grounds)

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

This applies to: Email communications you sent to us (we can provide these in standard formats like .eml or .pdf).

8.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

When you object: We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

If the processing is based on your consent (e.g., consent to keep your application in our talent pool), you have the right to withdraw this consent at any time. The lawfulness of the processing carried out until the withdrawal remains unaffected.

How to Withdraw: Send an email to hello@pi-optimal.com stating your withdrawal.

8.8 Right to Complain (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany
Phone: +49 711 615541-0
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

Exercising Your Rights

To exercise your rights, please contact: hello@pi-optimal.com

Response Time: We will respond to your request without undue delay and in any event within one month of receipt. If necessary, this period may be extended by two further months, taking into account the complexity of the request. We will inform you of any such extension.

Identity Verification: To protect your privacy, we may ask you to verify your identity before processing your request.

9. Data Security

We take the protection of your personal data very seriously and implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access.

Encryption

Transport Encryption: We use TLS/SSL encryption (Transport Layer Security / Secure Socket Layer) for all data transmitted between your browser and our servers. You can recognize encrypted connections by:

The "https://" in the address bar
The lock symbol in your browser's address bar

Encryption Standard: We support TLS 1.2 and TLS 1.3 with strong cipher suites. As a rule, we use 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit encryption as a fallback.

Storage Encryption: Data stored on Azure servers is encrypted at rest using Azure Storage Service Encryption with 256-bit AES encryption.

Technical Security Measures

Our security measures include:

Network Security: Firewalls, DDoS protection, intrusion detection systems
Access Controls: Role-based access control (RBAC), multi-factor authentication for team access
Monitoring: Continuous security monitoring, automated alerts for suspicious activities
Updates: Regular security updates and patches for all systems
Input Validation: Strict validation and sanitization of all inputs
Backup Systems: Regular backups with encrypted storage

Organizational Security Measures

Access Restrictions: Only authorized employees (2-5 people, all in Germany/EU) have access to data
Confidentiality: All team members are bound by confidentiality agreements
Training: Regular data protection training for all team members
Incident Response: Documented procedures for responding to data breaches
Regular Audits: Periodic review of security measures and compliance

Azure Security

Microsoft Azure provides enterprise-grade security including:

ISO 27001, ISO 27018, SOC 2 certifications
Physical security of data centers
Redundancy and backup systems
99.9% availability SLA

Continuous Improvement

Our security measures are continuously improved in accordance with technological developments and threat landscapes. We regularly review and update our security practices.

10. No Disclosure to Third Parties

We do not sell, rent, or otherwise disclose your personal data to third parties except as explicitly stated in this privacy policy.

When We Share Data

We only disclose your data to third parties if:

You have given explicit consent (Art. 6(1)(a) GDPR)
Legal obligation (Art. 6(1)(c) GDPR) - e.g., response to court orders, tax authorities
Contract performance (Art. 6(1)(b) GDPR) - e.g., if business cooperation requires it
Legitimate interests (Art. 6(1)(f) GDPR) - e.g., legal defense, fraud prevention

Data Processors (Art. 28 GDPR)

We use the following data processor who processes data on our behalf:

Microsoft Azure

Service: Cloud hosting, CDN
Location: European Union (Netherlands, Germany)
Legal Basis: Standard Data Processing Agreement (DPA) under Art. 28 GDPR
Processing: Hosting, content delivery, log storage

No Other Third Parties: We do NOT use:

Email marketing services (we use our own email system)
External analytics services (Plausible is self-hosted)
External CDN services (Azure CDN only)
CRM services
Chat services
Social media pixels
Advertising networks
Newsletter services

Self-Built Systems

We deliberately built our own systems for:

Email communication
Data storage
Analytics (hosting Plausible ourselves)

This means: We maintain complete control over your data and do not share it with third-party service providers.

11. Data Transfer to Third Countries

We do NOT transfer your personal data to third countries (countries outside the European Economic Area – EEA).

Current Status

All services and data processing occur exclusively within the European Union:

Hosting: Azure West Europe (Netherlands) and Germany West Central
CDN: Azure CDN (EU regions)
Analytics: Self-hosted Plausible on Azure EU servers
Team: All team members (2-5 people) are located in Germany/EU
Email: Processed and stored in Germany/EU only

Microsoft Azure

While Microsoft Corporation is a US company, we have contractually ensured that:

All data is stored and processed on Azure servers in the EU
Microsoft processes data only on our behalf (data processor under Art. 28 GDPR)
Standard Contractual Clauses (SCCs) are in place as additional safeguard
No access from US authorities under CLOUD Act (data stays in EU)
Azure's EU Data Boundary commitment applies

Future Changes

Should a data transfer to third countries become necessary in the future, this will only occur:

With your express consent (Art. 6(1)(a), Art. 49(1)(a) GDPR), or
On the basis of an adequacy decision by the EU Commission (Art. 45 GDPR), or
Using appropriate safeguards such as EU Standard Contractual Clauses (Art. 46 GDPR)

We will inform you and update this privacy policy before implementing any such changes.

12. No Automated Decision-Making

We do NOT use automated decision-making or profiling as defined in Art. 22 GDPR. No automated systems make decisions about you that have legal effects or similarly significantly affect you.

This means:

We do not use automated scoring or profiling systems
All business decisions (e.g., partnership evaluations, hiring decisions) involve human review
We do not use AI for decision-making about individuals
No automated systems evaluate or categorize visitors

13. Protection of Minors

Our website is aimed at business audiences and is not intended for use by individuals under 18 years of age.

We do not knowingly collect personal data from persons under 16 years of age. Persons under 16 years of age should not transmit personal data to us without the consent of their parents or legal guardians.

If we become aware that we have collected personal data from a person under 16 without parental consent, we will delete that data promptly.

If you believe we may have collected data from a minor, please contact us immediately at hello@pi-optimal.com.

14. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to comply with current legal requirements or to reflect changes to our services.

When We Update

This privacy policy may be updated when:

Legal requirements change (new GDPR guidance, court decisions)
We add new features or services to the website
We change data processing practices
We receive feedback that clarifies needed improvements

How We Notify You

Significant Changes: We will announce significant changes prominently on our website
Minor Updates: Minor clarifications or formatting changes will be updated without specific notice
Date: The "Last Updated" date at the top of this document shows when the last change was made

Your Responsibility

For your next visit to our website, the new privacy policy will apply. We recommend reviewing this privacy policy periodically, especially if you have ongoing communication with us.

15. Contact for Privacy Questions

If you have questions about the collection, processing, or use of your personal data, or regarding your data subject rights, please contact:

pi-optimal UG (limited liability)
Data Privacy Inquiries
Jochen Luithardt
Unter den Linden 15
72762 Reutlingen
Germany

Email: hello@pi-optimal.com
Company Website: pi-optimal.com
Product Website: pi-automate.com (separate privacy policy)

Response Time: We will respond to privacy inquiries within 30 days.

Additional Information:

Imprint - Legal information about pi-optimal UG
Product Privacy Policy - For our product website

16. Supervisory Authority Contact

For complaints or concerns about data protection, you can contact the responsible supervisory authority directly:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany

Phone: +49 711 615541-0
Fax: +49 711 615541-15
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

Office Hours: Monday to Thursday: 8:00 AM - 5:00 PM, Friday: 8:00 AM - 3:00 PM

Note: This privacy policy has been prepared with the utmost care based on current GDPR requirements. However, it does not constitute legal advice. For specific legal questions, we recommend consulting a qualified attorney specialized in data protection law.

Effective Date: This privacy policy is effective as of November 19, 2025.

About This Document

This privacy policy is provided in accordance with:

Art. 13 and 14 GDPR (Information obligations)
§ 13 TMG (Telemedia Act)
§ 15 TMG (Duties of service providers)

For questions about this privacy policy or our data protection practices, please contact hello@pi-optimal.com.