Privacy Policy

Penetra GbR, represented by Bora Çakıroğlu, Okan Tan Çuğun and Tolga Kaan Eryılmaz, Connollystraße 3, 80809 München, Germany, e-mail: info@penetra.ai. A data protection officer is not currently required by law.

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR), and to withdraw consent. You may lodge a complaint with a supervisory authority (Art. 77 GDPR); the competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

Our hosting provider is Amazon Web Services, operated via AWS Amplify in the eu-central-1 (Frankfurt, Germany) region. When you access the site, access data are automatically processed in log files (IP address, date/time, page requested, data volume, browser type, operating system, referrer URL) based on our legitimate interest in secure, stable operation (Art. 6 (1)(f) GDPR). Log files are deleted after no more than 30 days. All infrastructure is pinned to eu-central-1; a data processing agreement under Art. 28 GDPR is in place with AWS.

This site uses TLS encryption for security (shown by "https://").

If you contact us by e-mail, we process your details to handle the request (Art. 6 (1)(b)/(f) GDPR) and delete them once no longer needed.

In our interactive demo ("Workbench") you can upload PDF documents to test the anonymization. The uploaded file is transmitted via a same-origin endpoint to our EU-hosted backend (AWS, eu-central-1), processed solely in memory and discarded immediately after the request – it is not stored, not analyzed in terms of content, and not used to train models. A predefined demonstration result is returned. To illustrate the audit feature we only log technical event metadata (a random session ID, the type of action, a timestamp); these logs contain neither the content of uploaded documents nor your IP address. Please still do not upload real personal data. Legal basis: Art. 6 (1)(b) and (f) GDPR.

This website uses no tracking or analytics services and sets no marketing or statistics cookies; a consent banner is therefore not required. The only technically necessary mechanism used is local storage (localStorage) of your selected language (German/English), which is not transmitted to us. Legal basis: § 25 (2) TDDDG in conjunction with Art. 6 (1)(f) GDPR.

We use Amazon Web Services (eu-central-1) as a processor for hosting, application operation and database, under an Art. 28 GDPR data processing agreement.

We process personal data only as long as necessary for the stated purposes or as required by statutory retention periods.

This privacy policy is as of June 2026. The current version is always available on this page.