Privacy Policy

Neurolytics GmbH i.G., Jochen Wingerter, Im Storchennest 24, 76872 Erlenbach, Germany. Email: kontakt@neurolytics-solutions.de

When you use SwiftCheck, we process the following personal data:

• Account data: email address, name (optional), company (optional)
• Authentication data: password hash (bcrypt — plaintext is never stored)
• Uploaded documents: PDFs (letters of credit, shipping documents) — stored encrypted (AES-256-GCM)
• Analysis results: AI-generated compliance reports linked to your project
• Technical log data: IP addresses (stored as SHA-256 hash, never in plaintext), timestamps, and action types in the audit log

Processing is carried out on the following legal bases under the GDPR:

• Art. 6(1)(b) GDPR – Performance of a contract (provision of the SwiftCheck service)
• Art. 6(1)(c) GDPR – Compliance with legal obligations
• Art. 6(1)(f) GDPR – Legitimate interests (security and operation of the service)

SwiftCheck is built on the principle of Privacy by Design:

• All uploaded files are stored encrypted using AES-256-GCM. The encryption key never leaves the server.
• File names are replaced with random hex strings — no conclusions about content can be drawn.
• IP addresses are stored exclusively as SHA-256 hashes in the audit log.
• Temporary plaintext files (used for AI analysis) are deleted immediately after processing.
• Passwords are hashed using bcrypt (cost factor 12) and are never stored in plaintext.
• All communication is exclusively over HTTPS (TLS 1.2+).

The Anthropic API (Claude) is used for AI-powered document analysis. A Data Processing Agreement (DPA) is in place with Anthropic. Uploaded document content is transmitted temporarily to Anthropic for analysis and is not subsequently used to train models (per API terms of service).

The server is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, in a German data centre. A data processing agreement is in place.

Your data is stored for as long as your account is active. Upon account deletion, all personal data as well as uploaded documents and analyses are permanently and irrevocably deleted within 30 days. Audit log entries contain no personal plaintext data (only hashed IDs) and are deleted after 12 months.

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise your rights, please contact: kontakt@neurolytics-solutions.de

You also have the right to lodge a complaint with the competent data protection supervisory authority.

SwiftCheck uses only a technically necessary HTTP-only session cookie (sc_session) containing your encrypted session ID. No marketing cookies, tracking cookies or third-party cookies are used. A cookie consent banner is therefore not required (§ 25(2) TTDSG).