🚀 Excited?

Hello future AI Provider 👋

Imprint
Information and disclosure pursuant to § 5 of the Austrian E‑Commerce Act.Xinity FlexCo
Am Gestade 5/2
1010 Vienna, AustriaCommercial Court: Vienna
Company Register No.: in formation
VAT ID No.: in formation
Managing Directors: Alexander Zehetmaier, Jonas Vander
Email: [email protected]Corporate Purpose
Software as a ServiceLine of Business
IT servicesChamber Membership
Vienna Chamber of Commerce
Professional regulations: Austrian Trade Regulation Act (Gewerbeordnung)Supervisory / Trade Authority
Municipal Authority of Vienna (Magistrate of Vienna)

# Privacy NoticeLast updated: 10/10/2025
Scope: These notices apply to the website xinity.ai## 1) ControllerXinity FlexCo
Am Gestade 5/2
1010 Vienna, Austria
Contact: [email protected]## 2) Hosting, platform & rolesOur website is provided via Carrd (website builder & hosting). Carrd notes that individual site owners (i.e., us) are responsible for the privacy practices of their sites. The service is operated from the United States, which means processing may occur there. CarrdWeb traffic is routed through Cloudflare (CDN/security service). Cloudflare sets certain strictly necessary cookies to protect the site and keep it available (see cookie list). Cloudflare classifies these cookies as “strictly necessary” and processes cookie data by default in data centers in the United States; with the Data Localization Suite, customers can steer processing/logging regionally. Cloudflare Docs## 3) Contact & newsletter (MailerLite, no reCAPTCHA)If you contact us via a form or subscribe to the newsletter, we process the data you enter (e.g., name, email address, message).* Purpose: Responding to your inquiry and/or sending information/newsletters.
* Legal bases:
* Inquiries: Art. 6(1)(b) GDPR (pre-contractual communication) or Art. 6(1)(f) GDPR (legitimate interest in communication).
* Newsletter: Consent (Art. 6(1)(a) GDPR) — a separate, not pre-ticked checkbox. Pre-ticked boxes are not valid consent (EDPB Guidelines; CJEU “Planet49”). European Data Protection Board
* Proof of consent & double opt-in: We use MailerLite as a processor. MailerLite provides GDPR tools like double opt-in and logs (timestamp, IP, source) to document consent. We recommend enabling double opt-in. mailerlite.com
* Roles & agreements: We are the Controller; MailerLite is our Processor (DPA). MailerLite operates its services with data center hosting in the EU and provides a DPA (incl. SCCs/sub-processors). mailerlite.com
* Withdrawal: You can withdraw your consent at any time with future effect (unsubscribe link in every email).UTM parameters (optional): If enabled, Carrd can send UTM parameters as additional form fields (e.g., utm_source, utm_medium, etc.). Carrd> Note: We do not use reCAPTCHA. If reCAPTCHA is enabled in the future, we will inform you in advance and — where required — obtain consent.## 4) Server logs & securityOur hosting/platform provider records technically necessary data (e.g., IP address, user agent, date/time) to ensure operation, security, and error diagnostics. Legal basis: Art. 6(1)(f) GDPR (security/fraud prevention).## 5) Cookies & similar technologiesWe do not use analytics, marketing, or profiling cookies. Only strictly necessary mechanisms are used, primarily by Cloudflare, to keep the website secure and available. Such necessary cookies do not require prior consent but should be explained transparently. Cloudflare Docs### Necessary cookies (Cloudflare)cfbm — Used for bot management. Helps Cloudflare distinguish automated traffic (bots) from legitimate visitors to protect the site from abuse. Typically expires after about 30 minutes of inactivity.cfclearance — Stores that a visitor has passed an anti-bot/challenge check (e.g., a JavaScript challenge), so they don’t have to pass it repeatedly. Duration is variable and depends on your zone configuration.cfuvid (only if specific rate-limiting rules are active) — Distinguishes individual users behind the same IP address so rate limits can be applied fairly. Set only when such rules are active; duration is variable.cflb (only if Cloudflare Load Balancer is used) — Provides session affinity so you stay on the same origin during a session. Storage duration ranges from seconds up to ~24 hours, depending on configuration.cfobinfo and cfuse_ob (only if Always Online is active) — Enable serving cached content when the origin is temporarily unavailable. These exist briefly (typically around 30 seconds).Cloudflare classification & data transfers: Cloudflare designates the above as “strictly necessary” cookies. Cookie data may be processed in the United States by default; with the Data Localization Suite, processing/logging can be regionally limited. Cloudflare Docs## 6) Future tools (currently inactive)We currently do not use analytics or marketing tools (e.g., Google Analytics, Meta Pixel) and no embedded media with tracking. If we implement such tools in the future, we will load them only after consent (opt-in) and update this notice. Pre-ticked boxes are not permitted; consent must be actively given. European Data Protection Board## 7) Legal bases, retention, recipientsWe process personal data only insofar as necessary to provide the website, to communicate with you, or — for the newsletter — based on consent. Retention periods depend on purpose/legal obligations; inquiries are typically deleted after [e.g., 6–12 months], unless statutory retention requires longer.## 8) International data transfersWhere service providers process data outside the EEA (e.g., the United States), we safeguard transfers using appropriate guarantees (e.g., Standard Contractual Clauses/SCCs) and/or rely on the protections provided by the vendors (see Cloudflare/MailerLite DPA/privacy information). Cloudflare Docs## 9) Your rightsYou have the rights of access, rectification, erasure, restriction, data portability, and objection (Art. 21 GDPR). You may withdraw consent at any time with future effect. You also have the right to lodge a complaint with a supervisory authority (e.g., in Austria: DSB).