Privacy Policy


Effective Date: 05. June 2025

1. Introduction

Welcome to Dawn of Data (“we,” “us,” or “our”). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, process, and disclose your information when you use our software and services (collectively, the “Service”) designed to help organizations assess, plan, track, and communicate effective data strategies.

This policy applies to all users of Dawn of Data, including registered account holders and individuals whose data may be processed as part of a shared assessment.

As we are based in the European Union (EU), this policy is drafted to comply with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

2. Data Controller

The data controller responsible for your personal data collected through the Dawn of Data Service is:

Kobold AI UG (haftungsbeschränkt)
Birkenstraße 14, 86567 Hilgertshausen-Tandern, Germany
Email: privacy@dawnofdata.com

3. Information We Collect

We collect various types of information in connection with the Services, including:

a. Account and Registration Information:

  • Identifiers: Full name, email address.
  • Authentication Data: Password (stored in a hashed format).
  • Company Information: Company name, industry, company size range, revenue range.
  • User Preferences: Language preference (English/German).
  • Business Context (for AI & Service Personalization): Primary business model, key business priorities.
  • Payment Information: If you subscribe to a paid tier (Pro, Enterprise), our payment processor (Stripe) will collect payment details. We do not store your full credit card information on our servers.
  • Stripe Customer ID: If applicable, for managing subscriptions.

b. Data Strategy Input Data (provided by you or your colleagues):

  • Assessment Data:
    • Likert scale responses (1-6) for predefined and custom topics.
    • Qualitative answers (free-text responses) for predefined and custom topics.
    • Colleague feedback (similar to self-assessment data, provided by individuals you invite).
  • Custom Topics: If you customize the assessment framework, we store the custom questions and maturity scale descriptions you create.
  • Plan Data:
    • Action steps (manually defined or AI-generated and then edited/accepted by you), including titles, descriptions, effort levels, impact levels.
    • AI-generated plan summaries and pillar best practice reviews.
  • Track Data:
    • Progress updates on action steps (status, target month/year, visual status).
    • Use case details: title, description, owner name, status, potential/actual monetary value, value period, feasibility/viability/desirability scores, KPIs, data sources, target start/end dates, notes.
  • Data for AI Plan Generation: Information from your assessment (scores, gaps), company context, and potentially prior step titles are sent to our LLM provider (Anthropic Claude) to generate plan recommendations and summaries.

c. Usage Data and Technical Information:

  • Log Data: When you access our Service, our servers automatically record information, including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Device Information: Information about the device you are using to access the Service.
  • Cookies and Similar Technologies: We may use cookies to operate and administer our Service, gather usage data, and improve your experience. See Section 8 (“Cookies and Tracking Technologies”) for more details.

d. Communication Data:

If you contact us for support or other inquiries, we will collect your contact information and the content of your communications.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service:
    • To create and manage your account.
    • To enable you to conduct data strategy assessments (self and shared).
    • To allow you to customize assessment topics (for Pro/Enterprise tiers).
    • To generate gap analyses and visualizations based on your assessment data.
    • To facilitate action planning, including generating AI-powered plan recommendations and summaries using Anthropic Claude (for Pro/Enterprise tiers).
    • To enable you to track progress on your data strategy actions and use cases.
    • To generate and export reports (XLSX, PDF).
    • To process payments for paid services through Stripe.
  • To Improve and Personalize the Service:
    • To understand how users interact with our Service to improve its functionality and user experience.
    • To personalize your experience, such as by using your language preference.
    • To provide more relevant AI-generated content by understanding your company context and business priorities.
  • To Communicate With You:
    • To send you service-related announcements, updates, security alerts, and administrative messages.
    • To respond to your inquiries and provide customer support.
    • To send you marketing communications (with your consent, where required by law).
  • For Security and Compliance:
    • To protect the security and integrity of our Service.
    • To prevent fraud and abuse.
    • To comply with legal obligations and enforce our terms.

5. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

  • Performance of a Contract (Article 6(1)(b) GDPR): We process your personal data when necessary to perform our contractual obligations to you (e.g., to provide the core features of the Dawn of Data service as described in our Terms of Service, including AI-powered features for paid tiers).
  • Legitimate Interests (Article 6(1)(f) GDPR): We process your personal data for our legitimate interests, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include improving our Service, ensuring security, preventing fraud, and direct marketing (where permissible and balanced against your rights).
  • Consent (Article 6(1)(a) GDPR): In some cases, we may ask for your consent to process your personal data (e.g., for certain marketing communications or use of non-essential cookies). You can withdraw your consent at any time.
  • Legal Obligation (Article 6(1)(c) GDPR): We may process your personal data to comply with legal obligations (e.g., tax and accounting requirements).

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with third parties in the following circumstances:

  • Service Providers (Data Processors): We engage third-party service providers to perform functions and provide services to us. These are data processors acting on our behalf and under our instruction. They include:
    • LLM Provider (Anthropic Claude): To provide AI-powered plan generation and summary features. We send relevant assessment data, company context, and planning inputs to Anthropic for processing. Anthropic processes this data according to its own privacy policies and security practices. We have a Data Processing Addendum (DPA) with Anthropic where applicable.
    • Payment Processor (Stripe): To process payments for paid subscriptions. Stripe handles your payment information directly according to its privacy policy.
    • Hosting Providers: To host our application and store your data. Our hosting providers are located within the EU/EEA.
    These service providers are contractually bound (via DPAs where required by GDPR) to protect your data and use it only for the purposes for which it was disclosed.
  • Colleagues You Invite (Shared Assessments): If you use the feature to share an assessment with colleagues, the assessment questions and framework will be shared with them. Their responses will be collected and may be aggregated or displayed to you within the Service, as per the feature’s design. Their email addresses will be used for sending the invitation based on your instruction.
  • Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users of the Service, or protect against legal liability.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your information may be transferred as part of the transaction, subject to standard confidentiality arrangements and compliance with data protection laws.

7. Data Retention

We will retain your personal data for as long as your account is active or as needed to provide you with the Services. We will also retain and use your personal data as necessary to comply with our legal obligations (e.g., German commercial and tax law requires retention of certain documents for up to 10 years), resolve disputes, and enforce our agreements.

Typically, data associated with an assessment round will be retained for the duration of your active use of the Service or until you request deletion of your account or specific data, subject to our legal and operational needs. You can delete your account and associated data via your profile settings, which will trigger an erasure process subject to legal retention periods.

Data processed by Anthropic Claude for AI features is subject to Anthropic’s data retention policies. We do not permit Anthropic to use your data to train their general models unless explicitly stated otherwise and agreed upon.

8. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include data encryption (e.g., for passwords and data at rest/in transit where appropriate), access controls, regular security assessments, and pseudonymization or anonymization where feasible.

However, no internet or email transmission is ever fully secure or error-free. While we strive to protect your personal data, we cannot guarantee its absolute security.

9. Your Data Protection Rights (GDPR)

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right to Access (Article 15 GDPR): You have the right to request copies of your personal data.
  • Right to Rectification (Article 16 GDPR): You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (Right to be Forgotten) (Article 17 GDPR): You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing (Article 21 GDPR): You have the right to object to our processing of your personal data where it is based on legitimate interests (Article 6(1)(f) GDPR) or for direct marketing purposes.
  • Right to Data Portability (Article 20 GDPR): You have the right to request that we transfer the data that we have collected and that you provided to us to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
  • Right to Withdraw Consent (Article 7(3) GDPR): If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes GDPR. For users in Germany, this would typically be the data protection authority in the federal state (Bundesland) where you reside, work, or where the alleged infringement took place. A list of German data protection authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

To exercise any of these rights, please contact us using the contact details provided in Section 2. We will respond to your request within one month, as required by GDPR, or inform you if an extension is necessary.

10. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your country or the European Economic Area (EEA) where the data protection laws may differ. This applies particularly to our use of third-party service providers such as Anthropic (for AI features) and Stripe (for payment processing), which may have servers in the United States or other countries.

When we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. This may include:

  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses – SCCs).
  • For transfers to the US, we may rely on providers certified under the EU-U.S. Data Privacy Framework, where applicable and recognized as providing adequate protection.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

11. Cookies and Tracking Technologies

We use cookies that are strictly necessary for the operation of our Service. These include session cookies for maintaining your login state and cookies for remembering your preferences (like language). We do not currently use cookies for analytics or marketing purposes that would require separate consent under ePrivacy directives or GDPR beyond what is necessary for providing the service requested by you.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use some portions of our Service.

[Optional: If you expand cookie usage: We will provide a detailed Cookie Policy and a consent management tool if we introduce cookies for analytics, personalization beyond basic functionality, or marketing. For now, our cookie usage is limited to essential operational cookies.]

12. Children’s Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under 16 without verification of parental consent, we take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top. If we make material changes (e.g., changes to the purposes of processing or categories of data shared), we will provide you with more prominent notice, such as by email or through a notification within the Service, before the change becomes effective, and obtain your consent if required by law.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, your data protection rights, or our data practices, please contact us at:

Kobold AI UG (haftungsbeschränkt)
Birkenstraße 14, 86567 Hilgertshausen-Tandern, Germany
Email: privacy@dawnofdata.com