Privacy Policy
1. Controller
Last Updated: May 2026
Honeydip Technologies GmbH
Papiermühlenweg 20
52070 Aachen
Germany
Email: privacy@honeydip.ai
The requirements for the mandatory appointment of a Data Protection Officer pursuant to Art. 37 (1) GDPR and § 38 (1) BDSG (German Federal Data Protection Act) are currently not met; therefore, no Data Protection Officer has been appointed. Inquiries regarding the exercise of your data subject rights and other data protection matters should be directed to: privacy@honeydip.ai.
Papiermühlenweg 20
52070 Aachen
Germany
Email: privacy@honeydip.ai
The requirements for the mandatory appointment of a Data Protection Officer pursuant to Art. 37 (1) GDPR and § 38 (1) BDSG (German Federal Data Protection Act) are currently not met; therefore, no Data Protection Officer has been appointed. Inquiries regarding the exercise of your data subject rights and other data protection matters should be directed to: privacy@honeydip.ai.
2. Scope
This Privacy Policy applies to the honeydip web application at honeydip.ai and the associated Google OAuth integration (hereinafter referred to as the "App"). It informs you about which personal data is collected, processed, and stored, and the legal basis for doing so.
3. Data Collected and Purpose
3.1 Google OAuth
When logging in via Google OAuth, Google transmits the following data to our App with your consent.
DataPurposeNamePersonalization of the user interfaceEmail AddressAccount identification, communicationGoogle User IDUnique assignment of the user accountWe do not collect any additional Google account data (no emails, no Drive files, no calendar entries).
DataPurposeNamePersonalization of the user interfaceEmail AddressAccount identification, communicationGoogle User IDUnique assignment of the user accountWe do not collect any additional Google account data (no emails, no Drive files, no calendar entries).
3.2 Usage Data
When using the App, technical data is automatically collected as required for secure operation:IP address (anonymized after 7 days)Browser type and versionOperating systemDate and time of accessPages visited and actions taken within the AppLegal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure operation).
3.3 Communication Data
If you contact us via email, we store your email address and the content of the message solely to process your request. Legal basis: Art. 6 (1) (b) GDPR.
4. Legal Basis
Processing is based on:Art. 6 (1) (b) GDPR — Performance of a contract (provision of the SaaS service)Art. 6 (1) (a) GDPR — Consent (Google OAuth consent during initial login; cookie consent via Cookiebot)Art. 6 (1) (f) GDPR — Legitimate interest (security, fraud prevention, technical operation)
5. Cookies and Consent Management
We use cookies on honeydip.ai and utilize Cookiebot as a Consent Management Platform to obtain and document your cookie consent in accordance with Art. 6 (1) (a) GDPR and § 25 TDDDG.
Cookie Categories
Category
Description
Legal Basis
Necessary
Session cookies for login and authentication
Art. 6 (1) (b) GDPR
Preferences
Storage of language settings and UI preferences
Consent (Art. 6 (1) (a) GDPR)
Statistics
Anonymized usage analysis
Consent (Art. 6 (1) (a) GDPR)
You can revoke or adjust your cookie consent at any time via the cookie banner on honeydip.ai.Cookiebot is operated by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. When the consent banner is loaded, your IP address is transmitted to Cybot and stored there for up to 12 months to prove your consent. Further information: cookiebot.com/en/privacy-policy.
6. Hosting and Technical Infrastructure
Our App is operated on servers from the following providers, with each of whom a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded.
Provider
Purpose
Location
Third-Country Transfer
Render Services, Inc.
Application Hosting (Backend/Frontend)
USA (primarily), multi-region
Yes — see Section 6a
Amazon Web Services (AWS)
Cloud infrastructure, data storage
EU (Frankfurt, eu-central-1)
No
6a. Data Transfer to Third Countries (Render)
Render Services, Inc. (525 Brannan St, San Francisco, CA 94131, USA) processes personal data primarily in the United States. This transfer takes place on the basis of appropriate safeguards pursuant to Art. 46 GDPR:Primary: EU-U.S. Data Privacy Framework (Adequacy Decision of the EU Commission)Fallback: EU Standard Contractual Clauses (SCC) pursuant to EU Commission Decision 2021/914, Module 2 (Controller to Processor), applicable law: IrelandA Data Processing Addendum (DPA) has been concluded with Render, which includes the EU SCCs and a UK Addendum (for UK transfers). Render holds SOC 2 Type II and ISO 27001 certifications. Further information: render.com/trust.
7. Disclosure to Third Parties
We do not disclose your data to third parties except:to the processors mentioned in Section 6 on the basis of Art. 28 GDPRto Cookiebot (Cybot A/S) as part of consent management (Section 5)if we are legally obliged to do so (e.g., by official order)Data is transferred to Google exclusively within the scope of the OAuth flow in accordance with the Google API Services User Data Policy.We do not sell personal data to third parties.
8. Use of Google Data
User data obtained via Google OAuth is used exclusively for the operation of the App. It is not used for advertising purposes, not sold to third parties, and not used for training AI models. This complies with the requirements of the Google API Services User Data Policy, including the Limited Use requirements.Honeydip's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
9. Data Security
We employ technical and organizational measures to protect your data:
- Transport Encryption: All connections are made exclusively via TLS 1.2/1.3 (HTTPS)
- Access Control: Access to personal data is restricted to authorized employees (least-privilege principle)
- Database Access: Production databases are not publicly accessible and can only be accessed via secured internal network connections
- Regular Backups: Data is backed up regularly and tested for recoverability
- Transport Encryption: All connections are made exclusively via TLS 1.2/1.3 (HTTPS)
- Access Control: Access to personal data is restricted to authorized employees (least-privilege principle)
- Database Access: Production databases are not publicly accessible and can only be accessed via secured internal network connections
- Regular Backups: Data is backed up regularly and tested for recoverability
10. Retention and Deletion
Data is stored as long as your user account is active. You can delete your account and all associated data at any time by sending an informal email to privacy@honeydip.ai. Following account deletion, personal data will be deleted within 30 days, unless legal retention obligations apply (e.g., tax retention periods of up to 10 years for invoice data).Technical access logs are automatically deleted after a maximum of 90 days.
11. No Automated Decision-Making
We do not use fully automated decision-making processes or profiling within the meaning of Art. 22 GDPR that have legal or similarly significant effects on you.
12. Your Rights
Under the GDPR, you have the following rights:
- Access (Art. 15) — What data do we store about you?
-Rectification (Art. 16) — Correction of inaccurate data
-Erasure (Art. 17) — Deletion of your data ("Right to be forgotten")
-Restriction of processing (Art. 18) — Limitation of data processing
-Objection (Art. 21) — Objection to processing
-Data portability (Art. 20) — Receipt of your data in a machine-readable format
-Withdrawal of consent (Art. 7 (3)) — at any time without giving reasons, without affecting the legality of previous processing
To exercise your rights, please contact: privacy@honeydip.aiIf there are justified doubts about the identity of the person exercising these rights, we are entitled, pursuant to Art. 12 (6) GDPR, to request additional information necessary to confirm your identity.
Additionally, you can revoke the App's access to your Google account at any time at myaccount.google.com/permissions.
We generally respond to requests within 30 days.
- Access (Art. 15) — What data do we store about you?
-Rectification (Art. 16) — Correction of inaccurate data
-Erasure (Art. 17) — Deletion of your data ("Right to be forgotten")
-Restriction of processing (Art. 18) — Limitation of data processing
-Objection (Art. 21) — Objection to processing
-Data portability (Art. 20) — Receipt of your data in a machine-readable format
-Withdrawal of consent (Art. 7 (3)) — at any time without giving reasons, without affecting the legality of previous processing
To exercise your rights, please contact: privacy@honeydip.aiIf there are justified doubts about the identity of the person exercising these rights, we are entitled, pursuant to Art. 12 (6) GDPR, to request additional information necessary to confirm your identity.
Additionally, you can revoke the App's access to your Google account at any time at myaccount.google.com/permissions.
We generally respond to requests within 30 days.
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for North Rhine-Westphalia is:
Landesbeauftragte for Datenschutz und Informationsfreiheit NRW
Postbox 20 04 44, 40102 Düsseldorf, Germany
poststelle@ldi.nrw.de
www.ldi.nrw.de
Landesbeauftragte for Datenschutz und Informationsfreiheit NRW
Postbox 20 04 44, 40102 Düsseldorf, Germany
poststelle@ldi.nrw.de
www.ldi.nrw.de
14. Changes to This Policy
We reserve the right to adjust this Privacy Policy as necessary, for example, in the case of new features or changed legal requirements. The current version is available at honeydip.ai/privacy. Significant changes will be notified to you by email.
Honeydip Technologies GmbH — privacy@honeydip.ai
Honeydip Technologies GmbH — privacy@honeydip.ai
