Privacy Policy

This privacy policy informs you, pursuant to Art. 13 and Art. 14 GDPR, about the processing of personal data when you visit the website zensu.dev and when you use the Zensu platform at app.zensu.dev.

1. Controller

The controller within the meaning of the GDPR is:

MK IT Consulting
Owner: Marcel Karras
Enderstr. 94
01277 Dresden
Germany
Email: [email protected]

2. Hosting and data location

The Zensu platform is operated on the Open Telekom Cloud (OTC) in data centres within the European Union (region eu-de, Frankfurt). No transfer of personal data to third countries outside the EEA takes place.

3. Data collected and processing purposes

3.1 Server log files: When the website is accessed, technical data is stored in server logs (IP address, date/time, requested resource, referrer, user agent). Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operation and security). Storage period: a maximum of 14 days.

3.2 Registration (closed beta): When you sign up for the closed beta we process your email address to administer your account. Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

3.3 Platform use: When you actively use the Zensu platform, the content you enter (features, tests, documents, configurations) is stored. Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

3.4 Contacting us: If you contact us by email, your details are processed to handle the enquiry. Legal basis: Art. 6 (1) (b) or (f) GDPR.

4. Cookies and tracking

On the marketing website zensu.dev we use no tracking or analytics cookies. No data is transmitted to third-party providers such as Google Analytics or Facebook Pixel. On the platform at app.zensu.dev we use only technically necessary cookies for authentication (session token).

5. Disclosure to third parties

Your personal data is only disclosed to processors within the meaning of Art. 28 GDPR: hosting (Deutsche Telekom AG / Open Telekom Cloud, data centres in the EU), email delivery (SendGrid Inc., USA — only where activated), and AI-assisted features in the Product Studio (OpenRouter Inc., USA — only where activated). A data processing agreement under Art. 28 GDPR is in place with the hosting provider. Where personal data is transferred to providers in a third country (USA), this is done on the basis of appropriate safeguards pursuant to Art. 46 GDPR (EU Standard Contractual Clauses).

6. Storage period

Personal data is stored only for as long as necessary for the respective processing purposes or as required by statutory retention obligations (e.g. section 257 HGB, section 147 AO). Account data is deleted 30 days after the account is closed.

7. Data-subject rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). To exercise these rights, please contact [email protected] .

8. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for the provider is the Saxon Data Protection and Transparency Officer (Sächsischer Datenschutz- und Transparenzbeauftragter, www.saechsdsb.de).

9. Changes to this privacy policy

We reserve the right to adapt this privacy policy in order to keep it aligned with current legal requirements or to implement changes to our services. The version in force at the time then applies to your next visit.

Other languages: Deutsch