Phasi AI Request demo
Privacy Policy

Privacy Policy

Last updated: April 16, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Yevgen Yeshchenko
Founder - SaaS Phasi AI
Im Egerten 7/1
74391 Erligheim
Germany
Phone: +49 1575 765 86 22
Email: hello@phasi.app

2. Scope of Application (B2B Only)

The Service is provided exclusively to business customers (B2B).

The processing of personal data of consumers within the meaning of applicable consumer protection laws is not intended.

The Customer is responsible for ensuring that only business-related personal data is processed when using the Service.

3. Categories of Processed Data

In the course of using the Service, the following categories of personal data may be processed:

3.1 Customer Data

  • Company name
  • Contact person name
  • Business address
  • Email address
  • Telephone number

3.2 User Data

  • Username
  • Email address
  • Roles and permission information

3.3 Contract and Billing Data

  • Subscription and plan information
  • Subscription status
  • Billing address
  • Tax or VAT identification number
  • Payment status
  • Invoice and transaction data
  • Bank account details provided by the Customer (where applicable)

3.4 Usage and System Data

  • Log data (e.g. login timestamps)
  • Technical metadata for system security
  • Error and debug information

4. Purposes of Data Processing

Personal data is processed for the following purposes:

  • Provision and operation of the Service
  • User and access management
  • Contract execution and billing
  • Communication with Customers
  • Ensuring system security and stability
  • Further development of the Service, in particular within an Early Access / Beta environment

5. Legal Bases

Personal data is processed on the basis of the following legal grounds under GDPR:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(f) GDPR (legitimate interests in operating, securing, and improving the Service)
  • Art. 6(1)(c) GDPR (compliance with legal obligations, e.g. tax and accounting requirements)

6. Payment Processing (Bank Transfer)

Payments for paid subscriptions are processed via bank transfer based on invoices issued by the Provider.

In this context, the Provider processes billing and payment-related data necessary for invoicing and payment reconciliation, including:

  • company and billing information,
  • invoice data,
  • tax and VAT information,
  • payment status and transaction references,
  • bank account details provided by the Customer (if applicable).

Bank account details provided by the Customer are used exclusively for the purpose of payment processing, invoice settlement, and financial reconciliation.

The Provider does not act as a payment service provider within the meaning of applicable payment services regulation and does not process card payments or operate payment infrastructure.

Payments are executed directly between the Customer and the Provider’s bank.

The Provider may store and process payment-related information, including bank account details, to the extent necessary for:

  • processing and allocating incoming payments,
  • issuing and managing invoices,
  • handling payment inquiries and disputes,
  • complying with statutory accounting and tax obligations.

Payment data is not used for any purpose other than contractual and legal requirements.

7. Data Processing on Behalf of the Customer

Where the Provider processes personal data on behalf of the Customer, this is carried out on the basis of a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

In such cases, the Customer remains the sole data controller with respect to the lawfulness of the processed content.

8. Data Disclosure to Third Parties

Personal data is disclosed to third parties only insofar as this is necessary for:

  • financial and accounting processes (e.g. banks, accounting tools),
  • compliance with legal obligations,
  • technical service providers (hosting and infrastructure).

No further disclosure takes place.

9. International Data Transfers

Where service providers process data outside the EU/EEA, such transfers are carried out in accordance with Art. 44 et seq. GDPR, in particular on the basis of Standard Contractual Clauses (SCCs), where required.

Technical service providers are used for hosting and infrastructure, including cloud services such as Supabase and Vercel.

The Provider reserves the right to change such providers at any time.

10. Cookies and Similar Technologies

The public website of Phasi AI currently does not use cookies or similar technologies for analytics, advertising, or tracking purposes.

Technically necessary cookies or similar technologies may be used where required to ensure the secure and proper operation of the website, including basic functionality, security, and protection against misuse.

Where login-protected areas or application environments (e.g. the Phasi AI dashboard) are used, additional session-related technologies may be applied to enable authentication, maintain sessions, and ensure system security.

Such technologies are used solely for functional and security purposes and do not require user consent under applicable data protection law where they are strictly necessary.

The Provider reserves the right to introduce additional cookies or similar technologies, including for analytics or service improvement purposes. Where required by applicable law, such technologies will only be used with appropriate user information and consent.

11. Data Retention

Personal data is stored only for as long as necessary for:

  • performance of contractual obligations,
  • compliance with statutory retention requirements,
  • the Provider’s legitimate interests.

Accounting, invoice, and payment-related records may be retained for the period required under applicable commercial and tax law.

Once the purpose ceases to apply, the data is deleted or anonymized.

12. Data Security

The Provider implements appropriate technical and organizational measures to protect personal data.

Financial and payment-related data is subject to additional access restrictions and is processed only by authorized personnel.

However, complete protection against unauthorized access cannot be guaranteed, especially in the context of an Early Access / Beta Service.

13. Rights of Data Subjects

Data subjects have the following rights under GDPR, subject to statutory requirements:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object

Requests may be addressed to the contact details listed in Section 1.

14. No Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

15. Changes to This Privacy Policy

The Provider reserves the right to amend this Privacy Policy at any time.

The current version is available on the website.

16. Contact

For questions regarding data protection, please contact:

hello@phasi.app