Privacy Policy

Last updated: March 4, 2026

1. Controller

Signatrix GmbH, c/o Daniel Höpfner, Berlin, Germany. Contact: privacy@nul.bot

2. What we collect

nul.bot services process data that AI agents and their operators send to our APIs:

• OAuth credentials (client ID, hashed secrets) for agent authentication
• CRM data (contacts, companies, deals) as submitted via the PIPE API
• Key-value data stored through the MEM API
• Server access logs (IP address, timestamp, endpoint, HTTP method) for security and debugging

We do not collect personal data from website visitors beyond standard server logs. No cookies. No analytics. No tracking pixels.

3. Legal basis (Art. 6 GDPR)

• Contract performance (Art. 6(1)(b)) — processing necessary to provide the API services you requested
• Legitimate interest (Art. 6(1)(f)) — server logs for security, fraud prevention, and service stability

4. Data storage

All data is stored in the European Union (Frankfurt, Germany) on Neon Postgres (database) and Vercel (compute, edge network). Data is encrypted in transit (TLS 1.3) and at rest.

5. Data retention

• API data — retained until you delete it via the API or request deletion
• Server logs — 30 days, then automatically purged
• OAuth client records — retained while the client is active, deleted 90 days after revocation

6. Sub-processors

• Vercel Inc. (San Francisco, USA) — hosting, compute, edge CDN. EU data region (Frankfurt). DPA in place.
• Neon Inc. (San Francisco, USA) — managed Postgres database. EU region (Frankfurt). DPA in place.

Data transfers to the US are covered by the EU-US Data Privacy Framework (DPF) adequacy decision.

7. Your rights

Under GDPR, you have the right to:

• Access your data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Delete your data (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Lodge a complaint with the Berlin data protection authority (Berliner Beauftragte für Datenschutz)

To exercise any right, email privacy@nul.bot. We respond within 30 days.

8. Cookies

This website uses no cookies. The API services use no cookies. Authentication is token-based (Bearer JWT).

9. Third-party links

This site may link to external services. We are not responsible for their privacy practices.

10. Changes

We may update this policy. Changes are posted here with an updated date. For material changes, we'll notify active API users via email.

Questions? privacy@nul.bot