Privacy Policy

Last updated: May 2026
This privacy policy informs you in accordance with Articles 13 and 14 GDPR about how we process personal data when you use our website fastwrite.io or our services (web app and Word add-in).
---
1. Controller
DocuTrust GmbH, Rennbahnstraße 2, 22111 Hamburg, Germany
Email: info@fastwrite.io
Managing Directors: Andre Timofeev, Timothy Williams, Moritz Ledeganck
Local Court of Hamburg, HRB 191525
For data protection enquiries, please contact us at info@fastwrite.io.
---
2. Visiting our Website
When you visit our website, technically necessary data is processed (truncated IP address, date and time, browser and device information, referrer, page accessed). This data is stored in server log files and deleted or anonymised after 30 days.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the stable and secure operation of the website).
---
3. Cookies and Consent Management
We use cookies and similar technologies. Strictly necessary cookies (login, security tokens, storage of cookie preferences) are used on the basis of Section 25(2) No. 2 TDDDG in conjunction with Article 6(1)(f) GDPR. All other cookies — particularly for statistics and marketing purposes — are only set with your consent in accordance with Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. You provide your consent through our own consent solution when you first visit the website and may withdraw it at any time with effect for the future via "Cookie Settings" in the footer.
---
4. User Account
To use our services, you create a user account. We process your email address, your name, your encrypted password, and — if you sign in via Google or Microsoft — the profile data transmitted to us by the respective provider.
Legal basis: Article 6(1)(b) GDPR (performance of a contract).
‍Retention period: for the duration of the user relationship; promptly deleted upon account deletion, unless retention obligations apply.
---
5. Our AI-Powered Services
In the course of providing our services, we process the content you input or upload (texts, documents, sources, queries). For this purpose, we use the following processors:
To provide language model functionality (text generation, suggestions, AI Supervisor), we use one or more of the following providers depending on the feature and availability:
- OpenAI Ireland Ltd., Dublin, Ireland (with processing partly taking place in the USA by OpenAI L.L.C.)
- Google Ireland Ltd., Dublin, Ireland — "Gemini" model (with processing partly taking place in the USA by Google LLC)
- Anthropic Ireland Limited, Dublin, Ireland — "Claude" model (with processing partly taking place in the USA by Anthropic PBC)
We have contractually agreed with all of the above providers that your content will not be used to train their models. Short-term storage by these providers takes place exclusively for security and abuse-prevention purposes (typically a maximum of 30 days).
In addition, we use Voyage AI Innovations Inc. (USA) to improve the relevance of search results (reranking) and Pinecone Systems, Inc. (USA) as a vector database for the semantic retrievability of your documents.
Legal basis: Article 6(1)(b) GDPR (performance of a contract).
Notice pursuant to Article 50 EU AI Act: When using our services — in particular the AI Supervisor — you are interacting with an AI system. Generated content may contain errors or so-called hallucinations. Please review all output carefully before further use. Please also do not enter any special categories of personal data (Article 9 GDPR) or any personal data of third parties without an appropriate legal basis into our services.
---
6. AI Supervisor (Chat Function)
Through the chat function "AI Supervisor", you can submit queries to our AI system. We process your inputs, any document excerpts you include, timestamps, and the link to your user account. The technical processing takes place via the providers listed in Section 5.
Chat histories are stored in our infrastructure so that you can access past conversations. There is no automatic deletion — you can delete chats yourself at any time, and they are deleted upon termination of your user relationship.
No automated decision-making with legal effect within the meaning of Article 22 GDPR takes place.
Legal basis: Article 6(1)(b) GDPR.
---
7. Payment Processing
For payment processing, we use Stripe (Stripe Payments Europe Ltd., Dublin, Ireland; with data flows to the USA). The data required for payment is transmitted directly to Stripe; for further information, see https://stripe.com/privacy.
Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (fraud prevention).
---
8. Hosting and Technical Infrastructure
Our website fastwrite.io is hosted by Webflow, Inc. (USA). Our web app is provided via Vercel Inc. (USA). For backend functions, authentication, and database storage we use Appwrite Cloud (Appwrite Inc., USA) with a data centre in Frankfurt am Main, Germany — your data is therefore stored within the EU. Data processing agreements pursuant to Article 28 GDPR are in place with all three providers.
Legal basis: Article 6(1)(b) and (f) GDPR.
---
9. Web Analytics
We use Umami (Umami Software, Inc., USA) in its cloud variant for cookie-free, privacy-friendly reach measurement. Umami collects aggregated usage data (page views, time on page, browser and device information) without using cookies and without persistent personal storage. Identification of individual users is not possible. A data processing agreement pursuant to Article 28 GDPR is in place with the provider.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in statistical reach measurement to optimise our services). As Umami does not place cookies or comparable technologies on your end device, Section 25 TDDDG does not apply.
For further information, see https://umami.is/privacy.
---
10. Newsletter
If you sign up for our newsletter, we process your email address to send you information about our products and services. Sign-up takes place via the double opt-in procedure: after registering, you will receive a confirmation email containing an activation link — only after clicking this link will your registration become effective.
For sending the newsletter, we use Twilio SendGrid (Twilio Inc., USA). A data processing agreement pursuant to Article 28 GDPR is in place with the provider.
Legal basis: Article 6(1)(a) GDPR (consent). You may withdraw your consent at any time with effect for the future via the unsubscribe link contained in every email.
---
11. Contact
If you contact us by email, we process your information in order to handle your enquiry.
‍Legal basis: Article 6(1)(b) or (f) GDPR. The data is deleted once your enquiry has been processed and no retention obligations apply.
If you contact us via the WhatsApp link provided on our website, WhatsApp Ireland Ltd. processes the communication data as an independent controller. For further information, see https://www.whatsapp.com/legal/privacy-policy-eea.
---
12. Retention Periods
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations — in particular 10 years for accounting and invoicing data (Section 147 AO, Section 257 HGB) and 3 years for other contract data (Section 195 BGB). Server log files are deleted or anonymised after 30 days. Uploaded documents and chat histories are deleted upon deletion by you or upon termination of the user relationship.
---
13. International Data Transfers
Some of the providers listed above process data in the USA or other third countries. We ensure an adequate level of data protection through the European Commission's adequacy decision under the EU-US Data Privacy Framework (for recipients certified under the DPF; see the list at https://www.dataprivacyframework.gov), through Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR, and through additional technical and organisational measures.
---
14. Your Rights
Under the GDPR, you have the following rights: access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), objection to processing based on legitimate interests and an unconditional right to object to direct marketing (Article 21), and withdrawal of consent with effect for the future (Article 7(3)). To exercise these rights, please contact info@fastwrite.io.
You also have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). The competent authority for us is the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit), Ludwig-Erhard-Straße 22, 20459 Hamburg, mailbox@datenschutz.hamburg.de.
---
15. Data Security
We implement appropriate technical and organisational measures pursuant to Article 32 GDPR — in particular TLS encryption for data in transit, encryption of stored data, access restrictions on a need-to-know basis, regular backups, and staff training.
---
16. Updates and Amendments
We update this privacy policy in response to legal, technical, or organisational changes. The current version is available on our website at all times; we will notify you of material changes in good time.
---
Last updated: May 2026 · DocuTrust GmbH · fastwrite.io