Home AI Consulting First Contact About Us Login DE
Home AI Consulting First Contact About Us Login DE

Privacy Policy

As of: November 24, 2025

1. Responsible Party

companycore ai UG (haftungsbeschränkt)
Sömmeringstraße 69, 50823 Cologne, Germany
Email: jan@companycore.ai
Represented by: Jan Bennefeld [cite: 2026-02-04]

2. Hosting & Infrastructure

Our systems consist of three separate areas, all of which are hosted at IONOS (Germany):

  • companycore.ai – static website
  • app.companycore.ai – web app for registered users
  • api.companycore.ai – API backend

In addition, we use:

  • Supabase (EU-west) – storage of user data, posts, chats, and calendar data
  • Google Gemini 2.5 Flash – generation of text suggestions based on content provided by the user
  • Stripe (planned) – payment processing for subscriptions

3. Processing of Personal Data in the Web App

a) Account & Registration

Registration and login in our web app take place via Supabase Auth, hosted in the EU region (eu-west-1). In this process, we process the following data:

  • Email address
  • A system-generated user identifier (UUID)

Passwords are processed exclusively by Supabase and stored in a securely hashed format. We ourselves never gain insight into passwords and do not store them in our systems.

In addition, Supabase stores technical metadata due to system requirements, such as:

  • Time of registration
  • Time of last login
  • Email address verification status

This data is required to provide access to the web app (Legal basis: Art. 6 Para. 1 lit. b GDPR).

b) Calendar & Social Media Posts

Users can manually create, edit, and schedule posts for LinkedIn within the app. A post is never published automatically. The user must:

  • Review the text
  • Select the date & time
  • Manually click "Schedule"

c) AI Functions (Gemini 2.5 Flash)

The AI receives exclusively inputs provided by the user, e.g.:

  • Company name
  • Company website
  • Post goals
  • Language, style, and tone
  • Desired text length
  • Inputs from chat dialogues

We never send LinkedIn data, tokens, or user profiles to Gemini.

4. Use of LinkedIn Integration

Our app offers the possibility to connect LinkedIn accounts to automatically publish manually reviewed and scheduled content.

a) Which data is processed

During the LinkedIn OAuth connection, we receive:

  • LinkedIn User ID (URN)
  • Access Token
  • Refresh Token
  • Information about managed company pages

We do not read contacts, profiles, messages, followers, or analytics.

b) Permissions used

  • w_member_social – publish on behalf of the user
  • rw_organization_admin – verify admin rights
  • w_organization_social – publish on behalf of a company page

c) Token Storage

Tokens are stored encrypted in our Supabase database. They are used exclusively to publish posts that the user has previously approved and scheduled.

d) Revocation of Connection

Users can disconnect their LinkedIn account at any time:

We delete all stored tokens within 24 hours.

5. Disclosure of Data

We only disclose personal data if:

  • You have given your consent (Art. 6 Para. 1 lit. a GDPR)
  • It is necessary for the fulfillment of a contract (Art. 6 Para. 1 lit. b)
  • There is a legal obligation (Art. 6 Para. 1 lit. c)

We never sell data and do not transmit anything to uninvolved third parties.

6. Data Protection Rights

You have the following rights according to the GDPR:

  • Information/Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection
  • Withdrawal of consent

Contact: jan@companycore.ai

7. Changes

We reserve the right to adjust this privacy policy if necessary.