BriefCode

Privacy Policy

Last updated: March 2026

1. Controller

Pavel Chachotkin Grellstraße 2, 10409 Berlin Email: pvl.chechetkin@gmail.com

2. Overview of Data Processing

BriefCode is a privacy-friendly service for analyzing German official letters. Processing is designed to collect as little personal data as possible.

3. What Data We Process

IP Address

Your IP address is temporarily processed in memory for rate limiting (max. 10 requests/hour). It is not stored or logged. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against abuse).

Anonymized Letter Text

The text of your letter is extracted directly on your device using OCR. Personal data (names, addresses, tax IDs, IBANs, etc.) is automatically replaced with placeholders on your device before the text reaches our system. Only the anonymized text is transmitted for analysis. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing the service).

Language Setting

Your chosen output language is used to generate the analysis. This is not personal data.

4. Data Storage

We do not store any user data. There is no database, no user accounts, no cookies, and no tracking. All data exists only during your active session in memory and is deleted when you close the page.

5. Data Processor and Infrastructure

For AI-powered analysis, we use the Claude model by Anthropic, hosted on Amazon Web Services (AWS) in Frankfurt, Germany (EU region eu-central-1). Only anonymized text (without personal data) is transmitted. All data processing occurs within the European Union. No data is transferred to third countries. Legal basis: Art. 6(1)(f) GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place.

Amazon Web Services EMEA SARL

38 Avenue John F. Kennedy, L-1855 Luxembourg

Cloud infrastructure for AI processing (EU region Frankfurt)

Anthropic, PBC

548 Market St, San Francisco, CA 94104, USA

Developer of the Claude AI model (provided via AWS EU infrastructure)

6. Data Retention in AI Processing

Anonymized text is processed in real-time and deleted immediately after the response is generated. No inputs or outputs are stored by the AI system. Your data is never used for training, fine-tuning, or improving AI models. The service operates with immediate data deletion — all data exists only during the active API call.

7. Cookies and Tracking

This website does not use cookies, tracking technologies, or analytics services. Fonts are self-hosted — no external font services are used.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Since we do not store any personal data, these rights generally cannot be exercised as there is no data to delete or rectify.

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority depends on your state or the registered office of the controller.

10. Changes

We reserve the right to update this privacy policy as needed to adapt to changed legal requirements or changes to our service.