Skip to main content
Radical Personas
DE EN

Note: This English translation is provided for convenience only. The German version is legally binding. Read the German version

Legal · Privacy

Privacy Policy.

Information on the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

Last updated: June 6, 2026

The corporate privacy policy (in German) is available at radical-innovators.com/de/privacy — both German versions are kept in sync.

Protecting your personal data is a matter of central importance to us. Below, we inform you in accordance with Art. 13 and 14 GDPR about which personal data we collect when you use this website and the product Radical Personas, the purposes for which we process it, the legal basis on which this is done, and the rights you have with regard to your data.

§1 Controller

Controller Within the Meaning of the GDPR

Radical Innovators GmbH
Robert-Stolz-Straße 8/Top 10
4020 Linz, Austria

Phone
+43 664 346 06 79
Email
contact@radicalpersonas.com
Represented by
Ing. Martin Kocijaz, Managing Director
Commercial register
FN 557123z (Landesgericht Linz)
VAT ID
ATU76870708

We are not legally required to appoint a data protection officer under Art. 37 GDPR. For data protection inquiries, please contact the email address listed above.

§2 Scope

Scope

This privacy policy applies to the marketing website radicalpersonas.com as well as to personal data arising in connection with information requests, proposal requests, and contract inquiries relating to the product Radical Personas. Use of the SaaS application itself (after registration / login) is governed by the in-product privacy policy, which is available within the application.

§3 Server Log Files

Provision of the Website & Server Log Files

Each time this website is accessed, our hosting provider automatically collects technical information that your browser transmits to us. This includes:

  • IP address of the requesting device
  • Date and time of access
  • Requested URL / content of the request
  • Access status / HTTP status code
  • Referrer URL (previously visited page)
  • Browser type, browser version, language, operating system

Purpose: providing the website, ensuring IT security, detecting and defending against attacks.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the technically sound and secure operation of the website.

Retention period: 7 days, unless longer retention is required in individual cases for security reasons (e.g., incident analysis).

§4 Cookies

Cookies & Local Storage

This marketing website does not set any tracking, analytics, or marketing cookies. No cross-site tracking takes place, and no advertising profile is created. The audience measurement described in §16 (Matomo) deliberately works without cookies.

Only technically necessary storage values may be set — values without which the basic functioning of the website cannot be guaranteed (e.g., a session identifier, or storing the selected mobile menu state). This data does not leave your browser.

Legal basis: Art. 6(1)(f) GDPR and §165(3) of the Austrian Telecommunications Act (TKG 2021) (technically necessary storage).

Note: different rules apply to the corporate website radical-innovators.com (which uses, among other things, Cookiebot and Google Analytics 4 with anonymized IP addresses). These are described separately in that site's privacy policy (in German).

§5 Contact

Contacting Us (Email, Form)

If you contact us by email or via a contact form, we process the data you provide (name, email address, company, message text, and telephone number where provided) for the purpose of handling your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Technical implementation of the form: Transmission is handled via the service Resend, Inc. (USA); processing takes place on US servers (AWS, Cloudflare). The third-country transfer is based on Standard Contractual Clauses under Art. 46 GDPR and the EU-US Data Privacy Framework.

Retention period: Data from inquiries that do not lead to a project is deleted within 6 months after the correspondence ends; if an inquiry results in a project, statutory retention periods apply (7 years under §132 of the Austrian Federal Fiscal Code (BAO) for business records).

§6 Newsletter

Newsletter

We do not send marketing newsletters. If you actively sign up for product or release notifications at a later time, the consent form will separately inform you about the purpose, the legal basis (Art. 6(1)(a) GDPR — consent), the dispatch tool used, and how to withdraw your consent.

§7 Web Hosting

Web Hosting

This website is operated by an EU-based web hosting provider. A data processing agreement under Art. 28 GDPR is in place with the hosting provider. The hosting provider processes the server log data described in §3 strictly according to our instructions and exclusively for the purpose of providing and securing the website.

§8 Product Context

Data Processing in the Product Radical Personas

When you use the SaaS product Radical Personas (after registration / login in the application), we process data that you actively enter — e.g., persona context information, test questions, uploaded documents, or review texts. The complete in-product privacy policy with all details is available within the application. In summary:

  • LLM providers: For AI-based inference, we select the best available language model (LLM) from several providers for each task in order to achieve the highest review quality. We provide an up-to-date subprocessor list to Enterprise and Business customers on request.
  • Inference region: Where contractually possible, we use the providers' EU endpoints.
  • No-training clause: Customer content is not used to train the language models we deploy. We have contractual assurances from all providers we use that API content will not be used for model training.
  • Third-country transfers: Where processing takes place outside the EEA (e.g., on providers' US endpoints), it is based on Standard Contractual Clauses under Art. 46 GDPR or — where available — the EU-US Data Privacy Framework.
§9 Recipients

Recipients / Processors

Personal data is disclosed to third parties only to the extent necessary to provide the respective service or where a legal obligation exists. Processors we use (Art. 28 GDPR):

  • EU web hosting provider (hosting of this website)
  • Resend, Inc. (USA) — delivery of form inquiries
  • Anthropic, PBC (USA) — LLM inference for product features
  • Stripe Payments Europe Ltd. (Ireland) — payment processing for subscriptions
  • Tax advisory / accounting (Austria, statutory obligations)

Business and Enterprise customers can obtain a complete, up-to-date subprocessor list on request (Art. 28(2) GDPR).

§10 Third Countries

Data Transfers to Third Countries

Where personal data is transferred to countries outside the European Economic Area (EEA) — in particular to the USA (Anthropic, Stripe US back office, Resend infrastructure, and Cloudflare where applicable) — this is done on the basis of the EU Commission's Standard Contractual Clauses under Art. 46(2)(c) GDPR and, where the recipient is certified, under the EU-US Data Privacy Framework pursuant to Art. 45 GDPR. We provide a copy of the safeguards on request.

§11 Retention

Retention Periods

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations:

  • Server log files: 7 days (see §3)
  • Contact emails without a project connection: up to 6 months
  • Project and contract correspondence, invoices: 7 years (§132 BAO)
  • Active product accounts: for the duration of the contract
  • After cancellation: a 30-day export window, followed by deletion of production content; invoice data remains subject to the statutory 7-year period
  • Consent-based data: until consent is withdrawn
§12 Your Rights

Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Access (Art. 15 GDPR) — confirmation of whether and which personal data we process about you
  • Rectification (Art. 16 GDPR) — correction of inaccurate data or completion of incomplete data
  • Erasure (Art. 17 GDPR) — the “right to be forgotten,” subject to the statutory requirements
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) — receiving your data in a structured, commonly used, machine-readable format
  • Objection (Art. 21 GDPR) — to processing based on legitimate interests, on grounds relating to your particular situation
  • Not to be subject to automated individual decision-making (Art. 22 GDPR)

To exercise your rights, an informal message to contact@radicalpersonas.com is sufficient. We respond to requests within the statutory period (Art. 12(3) GDPR — generally one month).

§13 Complaints

Right to Lodge a Complaint With the Supervisory Authority

Under Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority in Austria is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40–42
1030 Vienna, Austria
dsb@dsb.gv.at
www.dsb.gv.at

Alternatively, you may contact the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.

§14 Withdrawal

Withdrawal of Consent

Where the processing of your data is based on consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected. Consent may be withdrawn informally by emailing contact@radicalpersonas.com.

§15 Data Security

Data Security & Technical and Organizational Measures

We implement technical and organizational measures in line with the state of the art, in accordance with Art. 32 GDPR, to protect personal data against unauthorized access, loss, or manipulation. These include, among others:

  • Transport encryption (TLS 1.3) on all connections
  • Encryption of sensitive data at rest
  • Role-based and least-privilege access model, 2FA for administrative access
  • Regular security updates and patch management
  • Versioned backup strategy with separate recovery paths
  • Pen test reports and subprocessor list on request (Business/Enterprise)

ISO 27001 certification is part of our medium-term roadmap.

§16 Web Analytics

Audience Measurement With Matomo (Self-Hosted, Cookieless)

For statistical analysis of how this website is used, we use the open-source software Matomo. Matomo runs on our own server within the EUno analytics data is transmitted to third parties or to third countries.

Measurement takes place without cookies: no persistent identifier is stored on your device. Your IP address is truncated (the last 2 bytes are anonymized) and is not stored in plain text. No personal profiles are created and no cross-site tracking takes place.

Data processed (anonymized/aggregated): pages visited, date and time, approximate region of origin (derived from the truncated IP), referral source (referrer), browser and device type.

Purpose: needs-based design, improvement, and audience measurement of this website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in data-minimizing, statistical audience measurement). Since only data-minimizing, cookieless storage and access operations take place, we base the processing on your device on §165(3) of the Austrian Telecommunications Act (TKG 2021).

Retention period: The statistical data is deleted after no more than 6 months (180 days).

Objection: You can object to the anonymous measurement at any time using the following toggle:

Note: if you opt out, we store this choice in a technically necessary cookie so that we can continue to exclude you from measurement on this browser.

§17 Updates

Updates to This Privacy Policy

We update this privacy policy when changes to our processing activities or the legal framework require it. The current version is always available on this page. The version indicated under “Last updated” is authoritative.

Last updated: June 6, 2026 · Radical Innovators GmbH · FN 557123z · UID ATU76870708

Corporate privacy policy (in German): radical-innovators.com/de/privacy