Anliego Back to home
Legal

Privacy Policy

Last updated: May 2026

This policy explains what personal data Anliego collects, how we use and protect it, and the choices and rights you have.

Draft template — not yet legally reviewed. This is placeholder scaffolding. Have qualified legal counsel review and finalize it, and replace every [bracketed] placeholder with your real details before launch.

1. Who we are and scope

Anliego is a software service that helps businesses monitor their online reviews, draft AI-assisted replies in their brand voice, run review-request campaigns, and embed rating widgets on their websites. This Privacy Policy explains how we collect, use, share, and protect personal data when you visit anliego.de, create an account, or use our service.

The data controller is Luis Riedhammer, Föhrenweg 2, 58638 Iserlohn. For the purposes of the EU/UK GDPR, we act as a controller for data about our account holders and website visitors, and as a processor for the end-customer and review data our customers ask us to handle on their behalf.

This policy applies to visitors and customers in the EU, the EEA, the DACH region, the United Kingdom, and the United States. If you do not agree with this policy, please do not use the service.

2. Data we collect

We collect the following categories of personal data, depending on how you interact with us:

  • Account and contact data: your name, work email, company name, role, password (stored hashed), and preferences you set in the product.
  • Usage and analytics data: log data, device and browser information, IP address, pages viewed, features used, and similar diagnostic information, used to operate and improve the service.
  • Review and business data from connected platforms: when you connect an account such as a Google Business Profile, we access business profile details, reviews, ratings, reviewer display names, and related metadata so we can display, monitor, and help you respond to them.
  • Content you generate: review replies, campaign messages, brand-voice settings, and other content you create or upload in the product.
  • Payment data: billing is handled by our payment processor, Stripe. We receive limited details such as your billing name, country, the last four digits of your card, and subscription status. We do not collect or store full card numbers.
  • Communications: messages you send us for support, sales, or feedback.

3. How and why we use your data

We use personal data to:

  • Provide, maintain, and secure the service, including authenticating you and syncing reviews from connected platforms.
  • Generate AI-assisted reply drafts and run review-request campaigns that you initiate and control.
  • Process payments, manage subscriptions, and send service and billing notifications.
  • Provide customer support and respond to your requests.
  • Monitor, troubleshoot, analyze, and improve the performance and features of the service.
  • Send product updates or marketing where permitted, which you can opt out of at any time.
  • Comply with legal obligations and enforce our terms.

4. Legal bases under GDPR

Where the GDPR applies, we rely on the following legal bases to process personal data:

  • Performance of a contract: to provide the service you have signed up for and to administer your account and billing.
  • Legitimate interests: to secure, operate, analyze, and improve the service, and to send relevant business communications, balanced against your rights and interests.
  • Consent: for certain cookies, optional marketing, and for connecting third-party accounts such as Google. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation: where we must process data to comply with applicable law, such as tax and accounting requirements.

5. Google user data

When you connect a Google account, we use the Google Business Profile API and the Google Places API to access business and review data you authorize. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This means we only access the scopes needed to provide features you have requested, we use Google user data solely to provide and improve those user-facing features, and we do not sell Google user data, use it for advertising, or allow humans to read it except where you explicitly request support, where it is necessary for security or to comply with applicable law, or where the data has been aggregated and anonymized.

You can disconnect your Google account at any time from within the product or via your Google account settings, which revokes our ongoing access.

6. Sub-processors

We rely on a small set of trusted service providers to run the service. They process personal data only on our instructions and under contractual data-protection commitments. Current categories include:

  • Payments: Stripe, for billing and subscription management.
  • Cloud and infrastructure: Google Cloud and our serverless hosting and database providers (for example, our application hosting platform and managed Postgres provider).
  • Communications: email and SMS delivery providers used to send review requests, notifications, and account messages.
  • Analytics and error monitoring: providers that help us understand usage and detect issues.

7. Data sharing and disclosures

We do not sell your personal data. We share data only as described in this policy: with the sub-processors above, with the connected platforms you choose to integrate, and where required by law, court order, or to protect the rights, safety, and security of Anliego, our users, or the public.

If we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, and we will notify you and any applicable authority where required.

8. International data transfers

We serve customers in both the EU/EEA and the United States, and some of our providers process data outside your home country. Where we transfer personal data from the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), together with supplementary measures where appropriate.

You can request more information about these transfer mechanisms using the contact details below.

9. Data retention

We keep personal data only for as long as needed to provide the service and for the purposes described in this policy. Account data is retained for the life of your account and for a reasonable period afterward to meet legal, accounting, and dispute-resolution requirements.

Review and business data synced from connected platforms is retained while your integration is active; when you disconnect an integration or close your account, we delete or anonymize the associated data within a reasonable period, subject to legal retention obligations and backup cycles.

10. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data, subject to legal exceptions.
  • Portability: receive certain data in a structured, machine-readable format.
  • Restriction and objection: object to or restrict certain processing, including processing based on legitimate interests or direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.
  • California (CCPA/CPRA): rights to know, access, correct, and delete personal information, and the right to opt out of the sale or sharing of personal information. We do not sell your personal data, and we do not share it for cross-context behavioral advertising.

11. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the service, and understand how it is used. Strictly necessary cookies are always active; analytics and other optional cookies are used only where permitted, and in the EEA and UK only with your consent.

You can manage non-essential cookies through our cookie controls where available, and through your browser settings. Disabling some cookies may affect how the service works.

12. Data security

We follow industry-standard practices to protect personal data, including encryption in transit, access controls, hashing of credentials, and regular review of our systems. While we do not currently hold formal certifications such as SOC 2 or ISO 27001, we design the service with security in mind and continually work to improve it.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities as required by law.

13. Children

Anliego is a business tool intended for use by organizations and adults. It is not directed to children, and we do not knowingly collect personal data from anyone under 16 in the EEA or under 18 in the United States. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our service, technology, or legal requirements. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email or within the product. Your continued use of the service after an update means you accept the revised policy.

15. How to contact us

If you have questions about this policy or want to exercise your rights, contact us at privacy@anliego.de or by writing to Luis Riedhammer, Föhrenweg 2, 58638 Iserlohn.

Our data protection contact can be reached at [DPO / privacy contact email]. If you are in the EEA or UK and believe we have not addressed your concern, you have the right to lodge a complaint with your local supervisory authority. This policy is governed by the laws of [Jurisdiction].

Privacy Policy · Anliego