Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Allgemeiner Hintergrund

Privacy Policy

(Last updated: 27.10.25)

This privacy policy explains how personal data is processed on the website www.getventa.ai (hereinafter referred to as the "website") and app.getventa.ai ("web app") by april.eleven GmbH. april.eleven GmbH only processes data that is necessary for the provision and security of the website and its services, and does so in accordance with the principle of data minimisation. "Personal data" is any information relating to an identified or identifiable natural person (data subject), such as name, address, telephone number, date of birth, email address or IP address. Information that cannot be attributed to a specific person, for example due to anonymisation, is not considered personal data.

1. Controller

The controller responsible for the processing of personal data on the website within the meaning of the General Data Protection Regulation (GDPR) is:

april.eleven GmbH

Am Kartoffelgarten 14

81671 Munich

info@getventa.ai

+49 (0)89 215 39 144

For data protection enquiries or to exercise your rights as a data subject, please contact privacy@getventa.ai.

2. Data Protection Officer

The following person has been appointed as data protection officer:

Kertos GmbH

Brienner Straße 41

80333 Munich

Germany

Email: dsb@kertos.io

3. Data Processing on Our Website

3.1. Provision of the website

  • Purpose of processing: We process your data to ensure the reliable operation of the website, enable user-friendly access to our website, and maintain IT security.
  • Recipients:
    • Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hosting)
    • Volentio JSD Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom (provision and optimisation of website content by Content Delivery Network (CDN) to improve loading times and user experience)
  • Processed data: IP address of the requesting device, Method (e.g. GET, POST), date and time of the request, Address of the website accessed and path of the requested file, Previously accessed or requesting website/file (HTTP referrer), if applicable, Information about the browser and operating system used, Version of the HTTP protocol, HTTP status code, size of the delivered file, Request information such as language, content type, content encoding, character encoding.
  • Legal basis: Art. 6(1)(f) GDPR (Legitimate interest in secure and user-friendly operation).
  • Storage period: Deleted as soon as no longer required, but after 30 days at the latest, unless there is a legal obligation to retain it.
  • Further information: https://webflow.com/legal/privacy; https://www.volentio.com/privacy-policy

3.2. Google Fonts

  • Purpose: Display of website content and fonts.
  • Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Processed data: Access data (e.g. IP address, time of error), Device information (e.g. device type, operating system), Browser data (e.g. browser type, version), Location data (e.g. country based on IP address).
  • Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR in a technically secure, uniform and appealing presentation.
  • Storage period: Deleted as soon as the purpose of the presentation has been achieved.
  • Third country transfer: Data may be transferred to servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR). Standard contractual clauses (SCCs) are also in place.
  • Further information: https://policies.google.com/privacy.

3.3. Newsletter/manual

  • Purpose: Sending email newsletters to provide information about products, services and company activities; downloading the manual.
  • Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.
  • Processed data: Contact details (e.g. email address, name), Technical data (e.g. time of access, IP address), Usage data (e.g. open rates, click behaviour).
  • Legal basis: Consent in accordance with Art. 6(1)(a) GDPR.
  • Storage period: Stored for as long as you are subscribed to the newsletter. Deleted after you unsubscribe, unless legal retention obligations prevent this.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the end of each newsletter. https://legal.hubspot.com/privacy-policy

4. Book a demo/trial

  • Purpose: Collection of contact information for planning and conducting product demonstrations or meetings.
  • Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (Forms).
  • Processed data: Contact information (e.g. name, email address), Company data (e.g. company name, position), Appointment preferences (e.g. desired date, time), Technical data (e.g. IP address, browser type).
  • Legal basis: Fulfilment of a contract or pre-contractual measures in accordance with Art. 6(1)(b) GDPR for demo bookings, legitimate interest in accordance with Art. 6(1)(f) GDPR for optimisation and customer support.
  • Storage period: Stored for the duration of the business relationship and beyond in accordance with the statutory retention periods.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://legal.hubspot.com/de/privacy-policy

5. Live chat

  • Purpose: Provision of customer service and live chat functions on our website.
  • Recipient: Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA (EU server).
  • Processed data: Communication data (e.g. chat history, messages), Technical data (e.g. IP address, browser type), Usage data (e.g. visit time, pages viewed), Any personal data provided voluntarily (e.g. name, email address).
  • Legal basis: Consent in accordance with Art. 6(1)(a) GDPR or legitimate interest in accordance with Art. 6(1)(f) GDPR (efficient customer service).
  • Storage period: Stored for the duration of the customer relationship and deleted after expiry of the statutory retention periods or upon revocation of consent.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://www.intercom.com/legal/privacy. The use of Intercom Chat is voluntary. You can revoke your consent at any time with future effect.

6. Job Applications

  • Purpose: Selection of applicants for possible employment.
  • Recipient: Y Combinator Management, LLC, 335 Pioneer Way, Mountain View, CA 94041, USA.
  • Processed data: Name, Email address, Telephone number, Curriculum vitae (CV), Cover letter, Other application documents provided by you, IP address, Browser type and version, Operating system, Date and time of access.
  • Legal basis: Art. 6(1)(b) GDPR (implementation of pre-contractual measures) and Section 26(1) BDSG; Art. 6(1)(f) GDPR (legitimate interest in efficient application process).
  • Storage period: Stored until the application process is completed. In the event of rejection, stored for six months after notification of the decision. In the event of legal dispute, may be stored longer. If hired, stored in your personnel file for the duration of employment. You can withdraw your application at any time.
  • Further information: https://www.ycombinator.com/legal#privacy

7. Analytics and Tracking (Website)

  • Purpose: To continuously optimise our website and adapt it to your requirements. Information is collected using cookies, web storage, fingerprinting, tags, and pixels.
  • Legal basis:
    • Technically necessary tools: Legitimate interest pursuant to Art. 6(1)(f) GDPR or performance of a contract/pre-contractual measures pursuant to Art. 6(1)(b) GDPR, in conjunction with Section 25(2) TDDDG.
    • Optional tools: Exclusively with your consent in accordance with Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.
Website Cookie Table
Name of the cookie Provider Purpose Category Storage period
ph_phc_JUqOUtKM1iJAp4f3LjKu5pH6ZZA7ukPleVNWPIubbGn_posthog PostHog User behaviour tracking using PostHog Marketing/tracking cookies 11 months 30 days
IDE Google Ads Used for programmatic advertising Marketing/tracking cookies 1 year 25 days
_ga Google Analytics User differentiation for analysis of website usage Statistics cookies 1 year 1 month
_ga_[ID] Google Analytics User differentiation for website usage analysis Statistics cookies 1 year 1 month
_gcl_au Google Tag Manager Conversion tracking via Google services Technically necessary cookies 2 months 29 days
__cf_bm HubSpot Protection against bots in the context of forms Technically necessary cookies 30 minutes
CookieConsent Cookiebot Stores the decision to consent to cookies Technically necessary cookies 34 years 2 months

7.1. Google Analytics 4

  • Purpose: Web analytics.
  • Recipients: Google Ireland Limited and Google, LLC.
  • Processed data: Device data (e.g. IP address, device type), Browser data, Usage data, Event data, Location data, Source and traffic data, Conversion and goal achievement data.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Third country transfers: Transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and Standard Contractual Clauses (SCC).
  • Further information: https://policies.google.com/privacy.

7.2. Google Tag Manager

  • Purpose: Management and triggering of website tags via a uniform interface.
  • Recipients: Google Ireland Limited and Google, LLC.
  • Processed data: Access data, Device data, Browser data, Event data, Location data.
  • Storage period: Cookies stored for up to 90 days.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional SCCs.
  • Further information: https://policies.google.com/privacy

7.3. Google Ads

  • Purpose: Display of personalised advertisements, placement and optimisation of advertising campaigns, and measurement of reach.
  • Recipient: Google Ireland Limited (operator for the EU) and Google LLC.
  • Processed data: Online identifiers (e.g. cookie ID, advertising ID), IP address (truncated/anonymised), Browser information, Information about user behaviour, Usage data, Device information.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Storage period: Cookies stored for up to 90 days.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional SCCs.
  • Further information: https://policies.google.com/privacy

7.4. LinkedIn Insight Tag

  • Purpose: Analysis and optimisation of our LinkedIn company page and improvement of our social media strategy.
  • Recipient: LinkedIn Ireland Unlimited Company.
  • Processed data: Aggregated usage data, Demographic information, Interaction data, Visitor statistics.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Storage period: Data stored by LinkedIn for 24 months and made available to us in aggregated form.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://www.linkedin.com/legal/privacy-policy. Note: We only have access to aggregated statistics.

7.5. Posthog (Website/App)

  • Purpose: Analysis of user behaviour, improvement of product functionality and optimisation of user experience.
  • Recipient: PostHog Inc., 2261 Market Street #4388, San Francisco, CA 94114, USA.
  • Processed data: Usage behaviour, Device information, IP address (anonymised), Event data, User-defined properties.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Storage period: Stored for 180 days, then automatically deleted or anonymised.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://posthog.com/privacy

7.6. Intellimize

  • Purpose: Personalisation and optimisation of website content to improve user experience and conversion rates.
  • Recipient: Intellimize Inc., 1161 Mission Street, San Francisco, CA 94103, USA.
  • Processed data: Visitor activities, Device information, IP address (anonymised), User interactions, Referrer URL.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Storage period: Stored for 26 months.
  • Third country transfer: Data transfer to the USA based on EU standard contractual clauses (Art. 46(2)(c) GDPR).
  • Further information: https://www.intellimize.com/privacy-policy

8. Contact by E-mail

  • Purpose: Processing and responding to your enquiry.
  • Processed data: Name, Email address, Content of your message.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in communicating with you). If the enquiry is aimed at concluding or performing a contract, Art. 6(1)(b) GDPR applies.
  • Storage period: Only stored for as long as is necessary to process your enquiry.

9. Social Media Online Presence (LinkedIn)

  • Purpose: Communication, information about products/services, and analysis of the use of our online presences.
  • Recipient: LinkedIn Ireland Unlimited Company.
  • Processed data: Demographic information, Professional information, Interaction data, Usage statistics, Content preferences.
  • Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR (Legitimate interest in effective information and communication).
  • Storage period: In accordance with the data protection guidelines of the respective platforms.
  • Third country transfer: Possible transfer to the USA and other third countries.
  • Further information: https://legal.linkedin.com/pages-joint-controller-addendum; https://www.linkedin.com/legal/privacy-policy. Note: We have no influence on the independent data processing by platform operators.

8. International Data Transfers

Personal data is primarily processed within the EU/EEA. Transfers to "third countries" are carried out exclusively in compliance with the GDPR and with appropriate safeguards. A transfer is permissible if at least one of the following conditions is met:

  1. The European Commission has determined that an adequate level of data protection exists (Adequacy Decision).
  2. Standard contractual clauses (SCCs) have been agreed with the recipient.
  3. Further appropriate safeguards pursuant to Art. 46 GDPR exist.
  4. In certain exceptional cases pursuant to Art. 49 GDPR.

9. Recipients

The personal data is only disclosed if:

  • You have given us your express consent (Art. 6(1)(a) GDPR).
  • The disclosure is necessary to safeguard our legitimate interests or to assert, exercise or defend legal claims (Art. 6(1)(f) GDPR).
  • We are legally obliged to disclose it (Art. 6(1)(c) GDPR).
  • This is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR).

Possible recipients are:

  • Processors: External service providers (e.g. hosting, payment processing) who only process data in accordance with our instructions.
  • Public authorities: Authorities and state institutions (e.g. tax authorities, courts) to fulfil legal obligations.

10. Data Security and Protective Measures

We use appropriate technical and organisational measures to ensure the security and confidentiality of your personal data, protecting against unauthorised access, manipulation, loss or misuse. Measures are regularly reviewed and adapted.

Please note: Data transmission over the Internet can always be subject to security vulnerabilities. Unencrypted communication (e.g. standard e-mail) carries the risk that data may be read by third parties.

11. Storage Period and Deletion/Blocking of Data

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage only takes place if required by EU or national regulations (statutory retention period) or for the fulfilment of a contractual relationship.

12. Rights of Data Subjects

You have the following rights with regard to your personal data:

  • Right to information (Art. 15 GDPR): Request information about the data we process, its purpose, recipients, and storage period.
  • Right to rectification (Art. 16 GDPR): Request the immediate rectification of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): Request the erasure of your data, particularly if it is no longer necessary or the processing was unlawful.
  • Right to restriction of processing (Art. 18 GDPR): Request the restriction of processing, e.g. if the accuracy of the data is disputed.
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, and machine-readable format, or request its transfer to another controller.
  • Right to withdraw consent (Art. 7(3) GDPR): Withdraw your consent at any time with effect for the future.
  • Right to object (Art. 21 GDPR): Object to the processing of your personal data at any time for reasons arising from your particular situation, in particular in connection with direct marketing.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

13. Web App

When using our platform, we process all personal data collected on behalf of our customer and act as a processor. We are the controller for the following processing:

13.1. Error Monitoring

  • Purpose: Monitoring and improving the stability and technical performance of the website through error detection and analysis.
  • Recipient: Functional Software, Inc. d/b/a Sentry (EU server).
  • Possible data processed: Access data, Event data, Usage data, Device information, Browser data, Location data.
  • Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR.
  • Storage period: Stored for up to 90 days and then deleted or anonymised.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://sentry.io/privacy/

13.2. Analysis and Tracking (Web App)

  • Legal basis:
    • Technically necessary tools: Legitimate interest pursuant to Art. 6(1)(f) GDPR or performance of a contract/pre-contractual measures pursuant to Art. 6(1)(b) GDPR, in conjunction with Section 25(2) TDDDG.
    • Optional tools: Exclusively with your consent in accordance with Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.
Web App Cookie Table
Name of the cookie Provider Purpose Category Storage period
__session Venta Authentication of the user on the website Technically necessary 1 year
csrf Venta Ensuring protection against CSRF attacks Technically necessary Session
intercom-device-id-syph84u Intercom Identification of the device for Intercom services Preference and convenience 2 years
intercom-session-syph84u Intercom Session management for intercom services Preference and convenience 1 year
ph_phc_JUQuQtkMiJap4f3IKu5ph6ZZA7ukPleVNWPlubbGn_posthog PostHog User behaviour tracking using PostHog Marketing/tracking cookies 2 years
ph_phc_nRYMdn1BVwt6DprRqxBshYhFLGcwqVP23I6G2sXLUx_postho PostHog Recording of user interactions and actions Marketing/tracking cookies 2 years

13.2.1. Intercom

  • Purpose: Analysis of user behaviour to optimise the user experience and improve our service.
  • Recipient: Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA.
  • Processed data: Usage data, Device information, User data, Event data, Aggregated analysis data.
  • Legal basis: Consent in accordance with Art. 6(1)(a) GDPR.
  • Storage period: Analysis data stored for a maximum of 24 months. Personal data stored for the duration of use of our service.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://www.intercom.com/legal/privacy

13.2.2. PostHog

  • Purpose: Analysis of user behaviour, improvement of product functionality and optimisation of the user experience by recording interactions and events on our web app.
  • Recipient: PostHog Inc., 2261 Market Street #4388, San Francisco, CA 94114, USA (EU server).
  • Processed data: Usage behaviour, Device information, IP address (anonymised), Event data, User-defined properties.
  • Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG (Consent).
  • Storage period: Data is stored for 180 days, after which it is automatically deleted or anonymised.
  • Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
  • Further information: https://posthog.com/privacy
Change History
Date Version Reason
27.10.25 1.0 First version of the revised privacy policy in the new format.
Information according to § 5 TMG
april.eleven GmbH
Am Kartoffelgarten 14, 81671 Munich
Germany
Commercial register: 279522
Registration court: Munich
april.eleven technology Inc
1111B S Governors Ave
#6279 Dover, DE 19904
United States
Represented by:
Lucas Spreiter
Stefan Reuther
Value added tax ID Value added tax identification number in accordance with § 27 a of the Value Added Tax Act:
DE356949695
Web design & web development
Halbstark GmbH
www.halbstark.de
Allgemeiner Hintergrund