Privacy Policy

How we handle your data

1. Introduction

Welcome to Applied Optimization. This Privacy Policy explains how we collect, use, shares, and protects information in relation to our AI Chatbot service (the “Chatbot”) provided on this website.

We are committed to protecting your privacy. This policy outlines our practices concerning the data processed when you interact with our Chatbot. By using the Chatbot, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

Beyond Simulations GmbH
Am Eich 9d
22113 Oststeinbek
Germany

Email: info@beyond-simulations.com

3. Information We Collect

When you interact with our Chatbot, we collect and process the following types of information:

• Chat Interactions: This includes the questions, prompts, and text you submit to the Chatbot (“Prompts”) and the responses generated by the Chatbot (“Responses”). We do not store any personal data and all prompts are anonymized.
• Technical Data: We may automatically collect technical information associated with your interaction, such as timestamps, session identifiers for service functionality. This data is processed on our self-hosted server at Hetzner in Germany.
• Usage Data: We may collect aggregated and anonymized data about how the Chatbot is used to monitor performance and improve the service.

4. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Operate the Chatbot: To receive your Prompts, process them using AI models, and deliver Responses back to you.
• To Route Requests: To manage communication between our Chatbot interface and the underlying AI models via intermediary services.
• For Safety and Content Moderation: To analyze Prompts and/or potential Responses for harmful, inappropriate, or policy-violating content using designated services by Mistral AI acting as guardrails, aiming to ensure safer interactions.
• For Service Improvement: To analyze usage patterns to understand user needs, troubleshoot issues, and enhance the Chatbot’s performance and capabilities.
• For Security and Monitoring: To maintain the security of our service, prevent fraud, and monitor for potential misuse.
• To Comply with Legal Obligations: To meet any applicable legal or regulatory requirements.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving the Chatbot service and maintaining its security, provided these interests are not overridden by your data protection rights.
• Consent: In some cases, we might ask for your explicit consent for specific processing activities (e.g., using conversation data for fine-tuning models beyond basic service provision).
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

6. Data Sharing and Third Parties

To provide the Chatbot service, your Prompts are processed by and shared with the following third-party services and infrastructure providers:

• Chatbot Interface (Dify): The user interface for the Chatbot runs on our own instance of Dify hosted on Hetzner servers in Germany.
• LLM Observation (Langfuse): We use Langfuse to observe the usage of the LLM models we use. Your Prompts (and generated responses) pass through Langfuse to reach the selected LLM provider or guardrail service. The data is stored on our self-hosted server at Hetzner in Germany.
• Hosting Provider (Hetzner): Our instance of Dify and Langfuse is self-hosted on servers provided by Hetzner Online GmbH. Hetzner acts as a data processor providing the infrastructure. We store application data and interaction logs on these servers, located within Germany. Review Hetzner’s privacy policy to understand how they handle data passing through their service: [Link to Hetzner Privacy Policy]
• Mistral AI: We use Mistral AI models for two primary purposes: (1) as one of the LLM options to generate Responses to your Prompts, and (2) as a guardrail service to check Prompts and/or potential Responses (which may have been generated by either Google Gemini or Mistral AI itself) for safety, appropriateness, and compliance with content policies before a final response is delivered to you. When Mistral AI is used for either generation or guardrail checking, your data (relevant Prompts and/or potential Responses) is processed according to Mistral AI’s terms and privacy policy. Find more information here: [Link to Mistral AI Privacy Policy]

Important Note on Third-Party Processing: These LLM and guardrail providers process your data to generate Responses or perform safety checks. They may use data according to their own policies, potentially including service improvement, subject to their terms. We encourage you to review their respective privacy policies. We do not explicitly share personal identifiers like your name or email through the Chatbot interaction unless you voluntarily include such information in your Prompts.

7. Data Storage, Security, and Retention

• Storage: Chat interaction data (Prompts, Responses) and technical logs may be stored temporarily or persistently (depending on configuration) on our Dify and Langfuse instance hosted on Hetzner servers in Germany.
• Security: We implement reasonable technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. This includes using HTTPS encryption for data transmitted between your browser, our server, and the LLM providers. Access to the backend systems is restricted.
• Retention: We retain chat interaction data and technical logs only for as long as necessary to fulfill the purposes outlined in this policy, for troubleshooting, security logging, service improvement, or as required by law. Retention periods vary depending on the type of data and our operational needs.

8. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal data:

• Right to Access: You can request copies of your personal data that we hold.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure (‘Right to be Forgotten’): You can request the deletion of your personal data under certain conditions.
• Right to Restrict Processing: You can request the limitation of how we process your data under certain conditions.
• Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Right to Object: You can object to our processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided in Section 2 (Data Controller). We may need to verify your identity before processing your request.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the “Last Updated” date at the top. We encourage you to review this policy periodically for any changes.