Last updated: May 2026
The data controller within the meaning of the GDPR is:
Holger Teske UG (haftungsbeschränkt)
Kurt-Huber-Str. 4a
82131 Gauting
Germany
E-Mail: hello@deep-ocr.com
When you access this website, the web server temporarily processes your IP address in order to deliver the requested content to your device. Beyond this transient processing, no access data is retained in persistent log files at the web server level. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the secure operation of this website).
Hosting and technical operations are carried out by us on infrastructure provided by Hetzner Online GmbH, located in Germany (processor). A data processing agreement pursuant to Art. 28 GDPR is in place with this provider. No transfer to third countries takes place.
Note: In addition to the pure web server operation, a separate, privacy-friendly analytics service runs on the same infrastructure. The data processed and its scope are transparently documented in Section 4.
You can send us an inquiry via the contact form. We process the fields you complete: name, email address, optionally phone number, and your message.
Mail delivery is handled via Google Workspace (Google Ireland Limited, Dublin). The corresponding data processing agreements and EU Standard Contractual Clauses for any third-country transfers are in place; Google Workspace is certified under the EU-US Data Privacy Framework.
The legal basis is Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry). Your inquiry and the related correspondence will be deleted once processing has been completed — at the latest upon expiry of statutory retention obligations (up to 10 years for contract-relevant content).
We use Rybbit, a privacy-friendly website analytics tool that runs on the same infrastructure as our website (see Section 2 on hosting). No cookies are set and no data is transmitted to third parties.
The following are collected: page views, time on page, referrer, browser and device information, and an approximate region at city level. To distinguish between returning and new visits, Rybbit derives a daily-rotating anonymous identifier from your IP address and browser fingerprint. The IP address itself is not persistently stored in clear text.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in analyzing and optimizing our website as well as detecting errors and security incidents). You can object to web analytics at any time by enabling the “Do Not Track” setting in your browser — Rybbit respects this signal.
When you create an account and use our service (API and Developer Center), we process the following personal data to the extent necessary to provide and bill for the service:
The legal basis is Art. 6(1)(b) GDPR (performance of the user agreement) and Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable provision of the service, including abuse and error detection).
To provide the service, we engage the following providers as processors. Processors used for the operation of the website and for web analytics are listed in Sections 2 and 4.
Data processing agreements (DPAs) pursuant to Art. 28 GDPR are in place with all processors. Document processing takes place exclusively within the EU. Where processors are based outside the EEA, data processing is governed by EU Standard Contractual Clauses pursuant to Art. 46 GDPR.
Uploaded documents are used solely for in-memory processing and are discarded immediately after completion. No document content is persistently stored on our servers. Neither we nor our processors use your documents or extracted data to train, fine-tune, or improve AI models.
Our website itself does not set any cookies and uses no comparable tracking technologies. Once you sign in to the service, only your authentication token is stored in your browser's local storage (localStorage). This storage is strictly necessary for the provision of the service you have explicitly requested (§ 25(2) no. 2 TDDDG) and is therefore not subject to consent requirements.
Personal data is deleted as soon as the purpose for processing no longer applies, at the latest upon expiry of the statutory retention periods (generally 6 or 10 years for tax-relevant data).
Under the GDPR, you have the right to:
To exercise your rights: hello@deep-ocr.com