System Craft Victor Umanskiy — IT Integrator
Solutions
Business Chatbot Transcription tool Calendar Assistant
About Contact Imprint Privacy Admin
DE · EN
Country
Language
DE Deutsch EN English
EN English
Solutions Business Chatbot Transcription tool Calendar Assistant
About Contact Imprint Privacy Admin

Privacy Policy

1. Controller

System Craft
Victor Umanskiy, sole proprietor
Radolfzeller Str. 7, 81243 Munich, Germany
[email protected]

2. General Information on Data Processing

This privacy policy applies to our website, related demo subdomains, and the IT and AI solutions we provide.

We process personal data only to the extent necessary to provide our website and demo subdomains, our IT and AI solutions, and to communicate with prospects, users, and customers.

The legal bases for processing include in particular:

  • Art. 6(1)(b) GDPR (pre-contractual/contractual communication and service provision),
  • Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient operation of our services),
  • Art. 6(1)(a) GDPR (consent, e.g. for non-essential cookies/technologies).

3. Hosting, Delivery, and Technical Logs

Our website is provided via Cloudflare Pages. In this context, technically necessary data is processed (e.g. IP address, time of access, requested content, user agent, referrer) in order to deliver the website, ensure security, and analyze errors.

The processing is based on Art. 6(1)(f) GDPR.

4. Contact

If you contact us by email, contact form, or other communication channels, we process the data you provide (e.g. name, email address, message, and, if applicable, telephone number) to handle your request.

Legal basis:

  • Art. 6(1)(b) GDPR for pre-contractual or contractual matters,
  • Art. 6(1)(f) GDPR for other inquiries.

5. Live Chat on This Website

We use a live chat on our website provided by SendPulse Inc., 220 E 23rd St #401, New York, NY 10010, USA.

When you use the live chat, the messages you enter and the technical data required to provide the chat are processed by us and by our service provider SendPulse. This may include, in particular, chat messages, name, email address, telephone number, IP address, device/browser information, time of use, and pages visited.

The processing is carried out to answer your inquiry and to provide the chat function. The legal bases are Art. 6(1)(b) GDPR where your inquiry relates to pre-contractual or contractual communication, and Art. 6(1)(f) GDPR for other inquiries and the secure operation of the chat.

SendPulse may process data outside the EU/EEA. Further information about SendPulse and the applicable transfer safeguards is provided in section 12.

6. Common Processing for IT and AI Solutions

We develop and operate IT and AI solutions, including business chatbots, transcription functions, and assistant functions. Depending on the product and function, we may process messages, chat histories, channel identifiers, contact details, audio files, transcripts, calendar data, technical metadata, files, links, and usage information provided by or generated for the user.

Processing is carried out to provide the requested function, communicate with users, improve response and result quality, maintain reliable operation, diagnose errors, prevent misuse, and fulfill contractual or pre-contractual obligations.

The legal bases include Art. 6(1)(b) GDPR where processing is required to provide a requested service or for contractual or pre-contractual purposes, and Art. 6(1)(f) GDPR for secure, reliable, and efficient operation, error diagnosis, and misuse prevention.

7. Business Chatbots

Business chatbots process messages and the information users provide through the relevant communication channel. Depending on the setup, this may include chat histories, names, telephone numbers, email addresses, channel-specific identifiers, files, and information required to transfer an inquiry to a human contact.

This data is processed to answer inquiries, provide information configured by the relevant business, route requests, and enable human follow-up. The communication channel and providers used depend on the chatbot setup and may include website chat, WhatsApp, Telegram, SendPulse, OpenAI, Google Gemini, and AWS infrastructure.

Depending on the specific setup, we act towards our business customers as a processor or, in some areas, as an independent controller. The specific allocation of roles is governed by contract.

8. Telegram Transcription Bot

The Telegram Transcription Bot processes data that users submit through Telegram in order to provide transcription services. This may include:

  • the Telegram chat ID and message information required to receive requests and return results,
  • voice messages, audio files, and public Google Drive links submitted by the user,
  • generated transcripts and refined transcript text,
  • file size, monthly usage totals, quota limits, and the number of processed files,
  • technical processing records and error logs.

In addition to the common purposes described above, file size and usage records are processed to enforce monthly quotas and administer quota extensions.

Telegram provides the messages and files submitted to the bot. If a user submits a public Google Drive link, the bot accesses that link to download the file. Depending on the file and processing path, audio may be transcribed using OpenAI or AWS Transcribe. Generated transcript text may be processed using Google Gemini to improve readability.

Users must only submit recordings and other content that they are authorized to process and share. In particular, users are responsible for informing other persons and obtaining any permissions required for recorded conversations. Sensitive or confidential content should not be submitted.

Audio files, generated transcripts, and associated transcription-processing records stored in our AWS infrastructure are generally deleted within 60 days. Monthly usage and quota records linked to the Telegram chat ID may be retained for longer where required to operate the service, administer quota extensions, prevent repeated misuse, or establish and defend legal claims. Technical logs are generally retained for up to 90 days, unless a longer period is required to investigate a security or operational incident.

9. Calendar Assistant

The Calendar Assistant processes Telegram chat IDs, messages, short voice messages and their transcripts, conversation history, event drafts, and information about calendar events required to perform the user's requests.

When a user connects Google Calendar, we process the Google authorization data required to access and manage calendar events, including encrypted access and refresh tokens and the user's calendar timezone. Calendar access is limited to the permissions granted by the user. Connection data is retained while the calendar remains connected and is removed when the user disconnects it, subject to technical and legal retention requirements.

The Calendar Assistant uses Telegram for communication, Google Calendar for requested calendar operations, OpenAI for voice-message transcription, Google Gemini for understanding requests and generating responses, and AWS infrastructure for operation and storage. More detailed information about this standalone service is available in the privacy policy at calendar-assistant.org.

10. Service Providers and Communication Platforms

We use the following service providers and communication platforms to operate our website and solutions:

  • Amazon Web Services (AWS): technical infrastructure, storage, processing, and transcription, including AWS Lambda, DynamoDB, S3, and AWS Transcribe. Our infrastructure is generally operated in selected EU regions, including Ireland and Frankfurt depending on the service.
  • SendPulse: website live chat, connection of communication channels including WhatsApp, and management of chat histories and contact details.
  • OpenAI: AI-supported processing and audio transcription.
  • Google: Google Gemini for AI-supported processing, Google Drive for accessing public file links submitted by users, and Google Calendar for calendar functions authorized by users.
  • Cloudflare: website hosting and delivery.
  • Telegram: receiving bot messages and files and returning results.
  • Meta/WhatsApp: communication through WhatsApp where this channel is used. Our chatbot integrations access WhatsApp through SendPulse rather than through a direct integration with Meta. Meta and the relevant business account owner process data under their respective terms and privacy policies.

11. AI Processing (OpenAI, Google Gemini, Own Logic)

For certain functions, inputs and content may be transmitted to AI models. This may include, for example, messages, audio files, transcripts, calendar information, or other content provided by the user. We process only the data required for the respective request and function.

12. Recipients and International Data Transfers

Some providers may process personal data outside the EU/EEA. Where applicable, international transfers may rely on an adequacy decision adopted by the European Commission or on contractual safeguards such as the European Commission's Standard Contractual Clauses.

The following overview describes the transfer safeguards identified as of June 12, 2026:

  • Amazon Web Services (AWS): the AWS Data Processing Addendum incorporates the European Commission's Standard Contractual Clauses for relevant international transfers.
  • SendPulse: SendPulse's Data Processing Agreement incorporates the European Commission's Standard Contractual Clauses for relevant international transfers.
  • OpenAI: OpenAI's Data Processing Addendum provides for applicable adequacy decisions or the European Commission's Standard Contractual Clauses for relevant international transfers.
  • Google: applicable Google terms provide for adequacy decisions or the European Commission's Standard Contractual Clauses where relevant.
  • Cloudflare: Cloudflare's Data Processing Addendum provides for the EU-US Data Privacy Framework where applicable and the European Commission's Standard Contractual Clauses otherwise.
  • Telegram: Telegram states that transfers between its group companies use the European Commission's Standard Contractual Clauses.
  • Meta/WhatsApp: Meta and the relevant business account owner process data under their respective terms and privacy policies. Our chatbot integrations access WhatsApp through SendPulse rather than through a direct integration with Meta.

Further information about the applicable safeguards is available upon request.

13. Cookies and Similar Technologies

We use technically necessary technologies for the operation of the website. The live chat may also use cookies or similar technologies where these are required to provide the chat function. Non-essential cookies/technologies (e.g. for analytics/marketing) are set only after your consent.

Legal bases:

  • Section 25 TDDDG (consent for access to terminal devices where required),
  • Art. 6(1)(a) GDPR (consent),
  • Art. 6(1)(f) GDPR for technically necessary operations.

14. Storage Period and Deletion

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

Regular guidelines:

  • communication and function data: up to 180 days unless a service-specific section states a shorter period,
  • technical security/server logs: up to 90 days,
  • usage and quota records may be stored for longer where required for service operation, misuse prevention, quota administration, or legitimate evidence-retention interests,
  • longer storage where required by statutory obligations or legitimate evidence-retention interests.

Regardless of this, we delete or anonymize data upon request, unless statutory retention obligations prevent this.

15. Your Rights

Under the GDPR, you have in particular the following rights:

  • access (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection (Art. 21 GDPR),
  • withdrawal of consent with effect for the future (Art. 7(3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

16. Deletion Requests

For deletion requests, you can contact us at any time. The contact details can be found in section 1.

We review each request and implement it in accordance with legal requirements. Where data is processed by service providers, we also initiate the necessary steps with them.

17. Current Version and Changes

This privacy policy is current as of: June 12, 2026.
We reserve the right to update it if legal, technical, or organizational circumstances change.

System Craft

Victor Umanskiy - IT Integrator

Navigation

Business Chatbot Transcription tool Calendar Assistant About Contact

Legal

Imprint Privacy

Contact

Munich, Germany

Email: [email protected]