Privacy Policy

1. General Information

The following information provides a simple overview of what happens to personal data when this website is visited. Personal data is any data with which a person can be personally identified.

The operator of these pages takes the protection of personal data very seriously. The use of the website is generally possible without providing personal data. Insofar as personal data is collected on the pages (for example by entering it into the search field), this is always done on a voluntary basis.

Responsible Party

The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Simon Stumpf
Waldstraße 16a
67245 Lambsheim
Email: support@ideenatlas.eu

Data Security

For security reasons and to protect the transmission of confidential content, this site uses TLS encryption which also extends to the database connections in the background. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and the lock symbol that appears beside it.

2. Hosting and Server Log Files

Hosting by Hetzner

This website is hosted by an external service provider (Hetzner Online GmbH). The personal data collected on this website is processed on the host's servers. The server locations are in Nuremberg, Germany (within the European Union).

The host is: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

The host is used in the interest of a secure, fast, and efficient provision of the online offer (Art. 6 Para. 1 lit. f GDPR).

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which the browser automatically transmits. These are:

• Browser type and browser version
• Operating system used
• Referrer URL (the previously visited page)
• Hostname of the accessing computer
• Time of the server request
• IP address (anonymized if applicable)

These data are not combined with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded. The data is generally deleted automatically after a short period.

Content Delivery Network (Cloudflare)

To protect against attacks and to optimize loading times, the service “Cloudflare” is used as a reverse proxy. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Data traffic between this website and the user's end device flows through the Cloudflare network. Cloudflare is certified under the EU-US Data Privacy Framework ensuring an adequate level of data protection for data transfer to the USA.

3. Data Collection and Storage on the End Device

Cookies, Local Storage & IndexedDB

The internet pages partially use so-called cookies or local storage technologies of the browser. These do not cause any damage to the end device and do not contain viruses. They serve to make the offer more user-friendly, effective, and secure.

The following technically necessary technologies are used:

• JSESSIONID (Cookie): Serves to identify the current session on the server (deleted after the session ends).
• XSRF-TOKEN (Cookie): Serves security purposes and prevents Cross-Site Request Forgery attacks.
• lang (Cookie): Saves the user's preferred language setting (e.g., 'en' or 'de') to display the website correctly on subsequent visits.
• IndexedDB (Local Cache): Search results are temporarily stored locally in the browser to prevent accidental deletion. This data remains on the end device.

The storage of this data takes place on the basis of Sect. 25 Para. 2 No. 2 TDDDG (technically strictly necessary). The subsequent processing takes place on the basis of Art. 6 Para. 1 lit. f GDPR (Legitimate Interest).

4. Core Functions: AI Processing and Search

Functionality of the Search Pipeline

The application accepts text inputs, analyzes them, and searches an internal database for relevant scientific publications (papers). The process is technically divided into two steps:

1. Reformulation (external): The input is first optimized by an AI interface.
2. Vector Search (internal): With the optimized text, a search is performed in the internal vector space on the server. The determination of results takes place locally on the server; there is no transfer of database content to Google or other third parties.

Important: The external reformulation of the input only takes place when using the Ideenatlas website. When using the API, the input text is not optimized, and the search pipeline is technically a single-step process.

Usage of the API

Ideenatlas provides a public programming interface (API) that allows external services and AI agents to perform search queries programmatically. Requests received via this API are not forwarded to third parties.

Use of Google Gemini

For content optimization and reformulation of the search query, the interface (API) of Google Gemini is used. The provider for users in the European Economic Area (EEA) and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

All requests to the Google Gemini API are sent from servers located within the European Union (EU). According to Google's terms of service for API requests originating from the EEA, the UK, and Switzerland, the submitted inputs (prompts) and the generated responses are not used to improve Google's services or to train AI models. This processing takes place in accordance with the terms for 'Paid Services', even if Ideenatlas currently uses the free API tier.

Regardless, it is recommended not to enter any personal or sensitive data into the search field. The legal basis for the processing to provide the search functionality is our legitimate interest in a functional and high-quality online service (Art. 6 Para. 1 lit. f GDPR).

Further information can be found in the Gemini API Terms of Service.

Real-time Translation (internal)

The optional translation feature is executed directly on the application's server infrastructure. When a text is selected for translation, it is sent to the server, translated into the target language, and the result is streamed directly back to the browser.

During this process, neither the original text nor the translation is permanently stored. The processing occurs solely for the purpose of translation at the moment of the request ('fire-and-forget'). This data is not shared with external third parties such as Google or other service providers. The legal basis for this processing is the legitimate interest in providing a multilingual user interface (Art. 6 Para. 1 lit. f GDPR).

Real-time TTS (internal)

The optional Text-To-Speech functionality is executed directly on the application's server infrastructure. When a text is selected for reading, it is sent to the server, where the language is automatically recognized, synthesized using an appropriate Piper TTS model, and the result is streamed directly back to the browser.

During this process, neither the original text nor the resulting audio is permanently stored. The processing occurs solely for the purpose of reading aloud at the moment of the request ('fire-and-forget'). No data is shared with external third parties such as Google or other service providers. The legal basis for this processing is the legitimate interest in providing an accessible user interface (Art. 6 Para. 1 lit. f GDPR).

5. Rights of the Data Subject

Within the framework of the applicable legal provisions, the following rights exist against the operator at any time:

• Right to access (Art. 15 GDPR): There is a right to receive information free of charge about the origin, recipient, and purpose of the stored personal data.
• Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR): There is a right to request the rectification or erasure of this data.
• Right to restriction of processing (Art. 18 GDPR): Under certain circumstances, the restriction of the processing of personal data may be requested.
• Right to object (Art. 21 GDPR): An objection may be lodged against the processing of the data (in particular on the basis of Art. 6 Para. 1 lit. f GDPR).
• Right to lodge a complaint (Art. 77 GDPR): In the event of infringements of the GDPR, the data subject has a right to lodge a complaint with a supervisory authority.

To exercise these rights and for further questions regarding personal data, contact can be made via the email address given above.