Privacy Policy

Last Updated: 2026-04-12

dbl9 GmbH ("dbl9," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website(s), use our products and services, or otherwise interact with us. This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect Personal Data.

This Policy applies to the dbl9 website(s) at https://dbl99.de, the dbl9 Platform platform, and any related services, applications, or communications (collectively, the "Services").

1. PERSONAL DATA WE COLLECT

We collect the following categories of Personal Data:

1.1. Information You Provide Directly

• Account Information: Name, email address, phone number, company name, job title, and other registration details when you create an Account.
• Payment Information: Billing address, payment card details, or other financial information necessary to process transactions. Payment processing is handled by our third-party payment processors; we do not store full payment card numbers.
• Communications: Information you provide when you contact us for support, submit inquiries, or otherwise communicate with us.
• Content and Input Data: Any data, content, files, or materials you submit to or through the Services, including data submitted to AI Features ("Input Data").
• Survey and Feedback Data: Responses to surveys, questionnaires, or feedback forms.

1.2. Information We Collect Automatically

• Usage Data: Information about your interactions with the Services, including features used, actions taken, timestamps, frequency, and duration of use.
• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences, and referring URLs.
• Log Data: Server logs, error reports, and diagnostic data.
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixels, and similar technologies. See our Cookie Policy at https://dbl99.de/legal/cookies for details.

1.3. Information We Receive from Third Parties

• Third-Party Integrations: If you connect Third-Party Services to your Account, we may receive information from those services as authorized by you.
• Business Partners: We may receive information from our business partners, resellers, or referral partners.
• Public Sources: We may collect information from publicly available sources for business purposes.

2. HOW WE USE PERSONAL DATA

We use Personal Data for the following purposes:

2.1. To Provide and Operate the Services

• Creating and managing your Account
• Processing transactions and billing
• Providing customer support and responding to inquiries
• Delivering, maintaining, and improving the Services
• Processing Input Data through AI Features to generate output

2.2. To Communicate with You

• Sending transactional communications (e.g., service updates, security alerts, account notifications)
• Sending marketing communications where permitted by law (you may opt out at any time — see Section 7)
• Responding to your requests and inquiries

2.3. To Improve and Develop the Services

• Analyzing usage patterns to improve functionality and user experience
• Conducting research and development
• Generating aggregated, anonymized, or de-identified analytics and insights
• Identifying and fixing bugs, errors, and security issues

2.4. To Ensure Security and Compliance

• Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with legal obligations, legal processes, and government requests
• Protecting the rights, property, and safety of dbl9, our users, and the public

2.5. AI-Specific Data Use

• No Training on Customer Data Without Consent. We do not use Customer Data or Input Data to train general-purpose AI models without your prior written consent.
• Service Improvement. We may use aggregated, anonymized data derived from use of AI Features to improve the accuracy and performance of the Services, provided such data cannot reasonably identify you or any individual.

3. LEGAL BASES FOR PROCESSING (EEA/UK/SWISS INDIVIDUALS)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we process your Personal Data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you or to take steps at your request before entering into a contract (Article 6(1)(b) GDPR).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Services, marketing, fraud prevention, and security, provided these interests are not overridden by your rights (Article 6(1)(f) GDPR).
• Consent: Where you have provided your consent for specific processing activities, such as marketing communications or optional cookies (Article 6(1)(a) GDPR).
• Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject (Article 6(1)(c) GDPR).

4. HOW WE SHARE PERSONAL DATA

We may share Personal Data in the following circumstances:

4.1. Service Providers and Sub-Processors

We share Personal Data with third-party service providers and sub-processors who perform services on our behalf, such as hosting, payment processing, analytics, customer support, and email delivery. These providers are contractually obligated to protect Personal Data and may only use it to provide services to us. A list of our current sub-processors is available at https://dbl99.de/legal/subprocessors.

4.2. Affiliates

We may share Personal Data with our Affiliates for purposes consistent with this Policy.

4.3. Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, Personal Data may be transferred to the acquiring entity or successor.

4.4. Legal and Compliance

We may disclose Personal Data where required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.5. With Your Consent

We may share Personal Data with third parties where you have provided your consent.

We do not sell Personal Data.

5. INTERNATIONAL DATA TRANSFERS

dbl9 operates globally. Your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other countries where dbl9 or its service providers operate.

When we transfer Personal Data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): EU Commission-approved standard contractual clauses.
• UK International Data Transfer Agreement (IDTA): For transfers from the UK.
• Data Privacy Framework: dbl9 operates within the European Union and complies with GDPR requirements for data protection.
• Other Safeguards:

You may request a copy of the safeguards we use by contacting us at privacy@dbl99.de.

6. DATA RETENTION

We retain Personal Data for as long as necessary to fulfill the purposes described in this Policy, including:

• Account Data: For the duration of your Account and for 30 days thereafter, unless a longer retention period is required by law.
• Transaction Data: As required by applicable tax, accounting, and financial reporting obligations.
• Usage and Log Data: For up to 12 months from collection.
• Marketing Data: Until you opt out or withdraw consent.

When Personal Data is no longer required, we securely delete or anonymize it in accordance with our data retention policies.

7. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

7.1. Rights Under GDPR (EEA/UK/Switzerland)

• Right of Access: Request confirmation of whether we process your Personal Data and obtain a copy thereof.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure: Request deletion of your Personal Data in certain circumstances.
• Right to Restriction: Request restriction of processing of your Personal Data.
• Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority.

7.2. Rights Under CCPA/CPRA (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected.
• Right to Delete: Request deletion of Personal Data we have collected.
• Right to Correct: Request correction of inaccurate Personal Data.
• Right to Opt-Out of Sale/Sharing: We do not sell or share Personal Data as defined under the CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

7.3. Exercising Your Rights

To exercise any of these rights, please contact us at privacy@dbl99.de or use the mechanisms provided in your Account settings. We will respond to verified requests within the timeframes required by applicable law.

7.4. Marketing Opt-Out

You may opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@dbl99.de
• Adjusting your communication preferences in your Account settings

8. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee security training
• Incident response procedures

While we take reasonable steps to protect Personal Data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. CHILDREN'S PRIVACY

The Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child under 16, we will take steps to delete such data promptly. If you believe we have collected information from a child, please contact us at privacy@dbl99.de.

10. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party services you access.

11. CHANGES TO THIS POLICY

We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on our website and updating the "Last Updated" date. For material changes that significantly affect how we process Personal Data, we will provide additional notice (e.g., email notification or in-Service alert) at least 30 days before the changes take effect.

12. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

Data Protection Officer / Privacy Team dbl9 GmbH Gewerbegebiet N 11

Neustadt, Brandenburg 16845 Germany

Email: privacy@dbl99.de DPO Contact: privacy@dbl99.de

As dbl9 is established in the EU, no external EU representative is required.

dbl9 Privacy Policy v1.0