Data Controller
ProDocs GmbH
Im Steig 9, 72501 Gammertingen, Germany
Email: info@prodocs.app
ProDocs GmbH
Im Steig 9, 72501 Gammertingen, Germany
Email: info@prodocs.app
Essential cookies only (no consent required):
Firebase Auth Session (Google Ireland Ltd.) – Authentication, maintaining login status. Duration: Session.
CSRF Token (ProDocs) – Protection against cross-site attacks. Duration: Session.
Cookie Consent (ProDocs) – Stores your cookie preference. Duration: 1 year.
What we do NOT use: No Google Analytics, no advertising cookies, no Crashlytics, no third-party trackers, no social media plugins.
Firebase Authentication (Google Ireland Ltd.) – Email, password hash, login status.
Google Cloud Firestore – User profile, document metadata, deadlines, email connections.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Google Cloud Storage – Storage of uploaded documents (images, PDFs).
Google Cloud Document AI – Scanned documents are sent to Google for OCR text recognition.
Anthropic Claude API (Anthropic Inc., USA) – Document images + OCR text are transmitted for AI analysis, categorization, and chat.
Google Gemini API (Fallback) – Same data as Claude, used when Claude is unavailable.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Only when actively enabled by the user:
Gmail API (Google) – Read access to emails and attachments.
Microsoft Outlook/Graph API (Microsoft Corp., USA) – Read and send access to emails.
IMAP (iCloud, GMX, WEB.DE) – Read access to emails.
Legal basis: Art. 6(1)(a) GDPR (consent). You can revoke consent at any time in the app settings.
Anthropic Inc. (Claude API) – AI document analysis. Secured by EU Standard Contractual Clauses (SCCs).
Microsoft Corp. (Outlook/Graph API) – Email integration. Secured by EU-US Data Privacy Framework.
Google LLC – Certified under EU-US Data Privacy Framework. Data processing in europe-west3 (Frankfurt, Germany).
Google Cloud Run (europe-west3, Frankfurt) – Backend hosting for all API requests.
Google Cloud Logging (Serilog) – Application logs including user ID, request paths, error messages.
All-Inkl (Saxony, Germany) – Website hosting for prodocs.app. Server logs are rotated after 7 days.
Contact form & newsletter – Processed server-side on our All-Inkl web space in Germany. No third-party services (e.g. Formsubmit, Mailchimp) are involved. IP addresses are only stored as HMAC hashes for rate limiting, never in plain text.
Fonts, favicons and background video are self-hosted on our server. No connections are made to Google Fonts, Framer CDN or Pexels.
When you subscribe, we store:
• Email address – to deliver the newsletter.
• Sign-up timestamp – as proof of consent.
• Confirmation timestamp – set once you click the DOI link.
• IP address (HMAC-hashed, not in plain text) – for spam and abuse protection.
The confirmation email itself contains no promotional content – only the confirmation link and the mandatory legal notice. Without clicking the link, no further messages are sent; the pending entry is auto-deleted after 7 days.
You can unsubscribe at any time via the link in every newsletter email. Your data is erased immediately upon unsubscribe.
Legal basis: Art. 6(1)(a) GDPR (consent).
Under GDPR you have the right to:
• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Delete your data (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent (Art. 7(3))
Contact: info@prodocs.app
Supervisory authority: State Commissioner for Data Protection, Baden-Württemberg, Germany.
Last updated: April 2026