Privacy Policy

1. Introduction

This Privacy Policy explains how Arbor Technologies GmbH ("Glara," "we," "us," or "our") collects, uses, and protects personal data when you use our website and services.

B2B Service: Our Services are for businesses only. We process personal data of business users (employees at customer companies), not end consumers.

2. Personal Data We Collect

2.1 Account Information

What we collect:

• Name
• Business email address
• Company name
• Job title (if provided)
• Password (encrypted)

Why: To create your account, provide the Services, and communicate with you

Legal basis: Contractual necessity

2.2 Usage Data

What we collect:

• Login times and IP addresses
• Features and pages you access
• Settings and preferences
• Device information (browser, operating system)
• Performance and error logs

Why: To operate the Services, improve features, ensure security, and troubleshoot issues

Legal basis: Legitimate interests

2.3 Payment Information

What we collect:

• Billing name and address
• VAT number (if applicable)
• Payment method details (last 4 digits only)
• Transaction history

Why: To process payments and maintain billing records

Legal basis: Contractual necessity and legal obligation

Note: Payment card details are collected and stored by Stripe. We don't store full card numbers.

2.4 Communications

What we collect:

• Email correspondence
• Support ticket content
• Feedback and survey responses

Why: To respond to inquiries and improve the Services

Legal basis: Contractual necessity and legitimate interests

2.5 Marketing Data

What we collect:

• Name and email address
• Communication preferences
• Email engagement (opens, clicks)

Why: To send newsletters and product updates

Legal basis: Consent - you can withdraw anytime

3. Business Data We Process

3.1 Business Data from Integrations

When you connect third-party platforms, we may access:

E-commerce platforms (Shopify, Centra, etc.):

• Product catalog (names, descriptions, SKUs, prices)
• Store configuration
• Anonymized transaction data (sales, revenue, number of transactions)

Analytics platforms (Google Analytics, Shopify Analytics, etc.):

• Website traffic and user behavior
• Conversion data
• Attribution metrics

Public data collection:
We may also collect publicly available product information from the internet, including product pages, descriptions, and other publicly accessible data.

This is commercial data, not personal data. We don't collect end-consumer information (customer names, emails, addresses, or payment details). Transaction data is anonymized and aggregated—we never access individual customer purchase details.

3.2 AI Platform Queries

We send product data to AI platforms (OpenAI, etc.) to analyze product visibility. This data is commercial (product names, descriptions) - not personal data.

4. How We Use Personal Data

We use personal data to:

• Provide the Services: Create accounts, process payments, provide support
• Improve the Services: Analyze usage patterns, develop new features
• Communicate: Send service updates, respond to inquiries
• Security: Detect fraud, prevent abuse, maintain audit logs
• Legal compliance: Comply with tax, accounting, and legal requirements
• Marketing: Send newsletters and product updates (with consent)

5. Who We Share Personal Data With

We share personal data with service providers who help us operate the Services, including hosting providers, payment processors (Stripe), analytics tools, and email service providers. All service providers are contractually obligated to protect data and use it only for specified purposes. A complete list is available upon request at [email protected].

We may also disclose personal data if required by law, court order, or government request, or to protect our rights and safety.

If Glara is involved in a merger, acquisition, or sale of assets, personal data may transfer to the successor entity. We'll notify you before this occurs.

6. International Data Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We use appropriate safeguards including EU Standard Contractual Clauses, EU-US Data Privacy Framework certification, and encryption for all transfers.

7. How Long We Keep Data

We retain personal data only as long as necessary to provide the Services, comply with legal obligations (such as tax and accounting requirements), resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.

Marketing data is retained until you withdraw consent.

8. Your Data Protection Rights

You have the right to:

• Access your personal data and receive a copy
• Rectification - correct inaccurate data (update most information in your account settings)
• Erasure - request deletion when no longer necessary (subject to legal retention requirements)
• Restriction - limit processing in certain circumstances
• Data portability - receive your data in machine-readable format (JSON, CSV)
• Object - object to processing based on legitimate interests
• Withdraw consent - unsubscribe from marketing emails anytime

How to exercise your rights:
Contact [email protected] or mail us at Torstraße 109, 10119 Berlin, Germany.
We'll respond within one month (may extend to three months for complex requests).

Right to complain:
You can lodge a complaint with the supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
Website: https://www.datenschutz-berlin.de

9. Cookies

We use cookies and similar technologies to provide and improve the Services.

Strictly Necessary Cookies:
Session cookies for authentication, security, and core functionality. These are required for the Services to work and don't require consent.

Analytics Cookies:
Used to understand website usage, measure performance, and improve the Services. You can control these via browser settings or our cookie banner.

Third-Party Cookies:
Service providers (payment processors, analytics tools, hosting providers) may set their own cookies.

Managing Cookies:
You can control or disable cookies through your browser settings, but this may limit functionality. Consult your browser's help documentation for instructions.

10. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, or misuse. These include encryption, access controls, secure authentication, and regular security updates.

11. Data Breach Notification

If a personal data breach poses a risk to your rights, we will:

• Notify the supervisory authority within 72 hours
• Notify affected individuals without undue delay if the breach poses high risk

12. Children's Privacy

Our Services aren't directed at individuals under 18. We don't knowingly collect data from minors. If we discover we've collected data from someone under 18, we'll delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices, Services, or legal requirements. We'll provide 30 days' advance notice of material changes via email or account dashboard. Continued use after changes constitutes acceptance.

14. Third-Party Links

Our website may link to third-party websites and services. This policy doesn't apply to them. Review their privacy policies separately.

15. Compliance

This Privacy Policy complies with GDPR. For UK users, this policy also complies with UK GDPR and the Data Protection Act 2018.

16. Contact Us

For privacy questions or to exercise your data protection rights, contact us at:

We'll respond to data subject requests within one month.

You can also lodge complaints with the supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
Website: https://www.datenschutz-berlin.de