Privacy Policy

Argumentree ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We operate as a business-to-business (B2B) SaaS platform providing structured argumentation, meeting intelligence, and collaborative decision-making tools. Our Service is designed for organizations and their authorized users.

This Privacy Policy is designed to help you understand:

• What personal data we collect and why
• How we use and protect your data
• Your rights under GDPR and German data protection law
• How we comply with data protection regulations
• Who to contact with privacy questions

Our Commitment: We collect only the data necessary to provide and improve our Service. We do not sell your personal data to third parties. We implement strong security measures and respect your data rights under applicable law.

For the purposes of the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG), the data controller for your personal data is:

Important Note on Roles: The specific role we play in processing your data depends on the context:

• For Service Data (account information, billing, usage analytics): We are the data controller
• For Customer Data (content you upload, discussions, arguments): You are the data controller and we are the data processor

See Section 12 for detailed explanation of these roles.

3.1 Who This Policy Applies To:

• Organization Administrators: Individuals who register an Organization account and manage subscriptions
• Authorized Users: Employees, contractors, or agents of customer organizations who access the Service
• Website Visitors: Anyone browsing argumentree.ai or related websites
• Mobile App Users: Users of our iOS and Android applications

3.2 What This Policy Covers:

• Personal data collected through the Argumentree Service
• Data collected via our website, mobile apps, and related platforms
• Communications with us (support emails, feedback forms)
• Cookies and tracking technologies

3.3 What This Policy Does NOT Cover:

• Third-Party Services: When you click links to external websites or services, their own privacy policies apply
• Customer's Internal Policies: Your organization may have additional privacy policies governing how they use the Service
• Offline Activities: In-person meetings, phone calls, or offline interactions unrelated to the Service

3.4 Relationship to Other Documents:

This Privacy Policy should be read together with:

• Our Terms of Service - Legal agreement governing Service use
• Our Data Processing Agreement (DPA) - For customers processing EU personal data
• Our Cookie Policy (Section 16 of this document)

We collect different types of data depending on how you interact with our Service. Below is a comprehensive breakdown:

We collect personal data through the following methods:

5.1 Directly From You:

• When you register for an account
• When you fill out forms on our website or in the Service
• When you subscribe to a paid plan
• When you create or upload content (arguments, discussions, documents)
• When you contact support or communicate with us
• When you complete surveys or provide feedback
• When you connect a blockchain wallet for authentication

5.2 Automatically Through Service Use:

• Technical data collected by our servers when you access the Service
• Cookies and tracking technologies (see Section 16)
• Log files recording system activity
• Analytics tools monitoring Service performance
• Error reports and diagnostic data

5.3 From Third Parties:

• Payment processors (Stripe) - Payment confirmation and fraud prevention data
• Cloud infrastructure providers (Microsoft Azure) - Server logs and performance metrics
• Wallet providers - Public blockchain addresses for authentication (if you use wallet login)

5.4 From Other Users in Your Organization:

• Your Organization administrator may invite you to the Service, providing your name and email
• Other users may mention or tag you in discussions
• Organization admins can view activity of users in their Organization

Under GDPR, we must have a lawful basis to process your personal data. Below we explain which legal basis applies to each processing activity:

Legitimate Interest Balancing:

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your rights and freedoms. Key considerations:

• Service improvement: Benefits all users with better features and performance
• Security monitoring: Protects all users from fraud and attacks
• B2B marketing: Limited to existing customers, easy opt-out available
• Support: Necessary to resolve issues and provide assistance

You have the right to object to processing based on legitimate interest. See Section 13 for how to exercise this right.

We use your personal data for the following purposes:

7.1 To Provide the Service:

• Create and manage your Organization account
• Authenticate users and control access
• Enable creation and management of discussions, arguments, and proposals
• Provide AI-powered features (argument analysis, translations, sentiment analysis)
• Store and retrieve Customer Data per your instructions
• Enable collaboration features (mentions, notifications, sharing)
• Process blockchain wallet authentication (if enabled)
• Generate analytics dashboards and reports

7.2 For Billing & Payment:

• Process subscription payments and renewals
• Generate invoices and receipts
• Handle refunds and billing disputes
• Comply with tax and accounting obligations
• Detect and prevent payment fraud

7.3 For Service Improvement & Development:

• Analyze usage patterns to improve features
• Identify and fix bugs or technical issues
• Test new features and optimizations
• Conduct internal research and development
• Create anonymized and aggregated analytics (no personal data)

7.4 For Security & Fraud Prevention:

• Monitor for suspicious activity and unauthorized access
• Investigate security incidents and breaches
• Enforce our Terms of Service and Acceptable Use Policy
• Protect against fraud, spam, and abuse
• Maintain system integrity and availability

7.5 For Customer Support:

• Respond to your inquiries and support requests
• Troubleshoot technical issues
• Provide guidance on Service features
• Process feedback and feature requests

7.6 For Communications:

• Send transactional emails (account notifications, password resets, billing)
• Notify you of Service updates or changes
• Send product announcements and feature updates (B2B marketing, opt-out available)
• Conduct user surveys (optional participation)

7.7 For Legal Compliance:

• Comply with legal obligations (tax, accounting, data protection laws)
• Respond to lawful requests from authorities
• Enforce our legal rights and defend against claims
• Comply with court orders or regulatory requirements

We DO NOT sell your personal data to third parties. We only share data in the following limited circumstances:

8.1 Service Providers (Subprocessors):

We engage carefully vetted third-party service providers to perform functions on our behalf. These providers process data only per our instructions and are bound by data protection agreements.

8.2 Within Your Organization:

• Authorized Users in your Organization can access shared discussions and data per permissions you configure
• Organization administrators can view user activity and manage account settings
• This is necessary to provide collaborative features and is expected in a B2B context

8.3 Business Transfers:

• If Argumentree is involved in a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring entity
• We will notify you via email and/or prominent Service notice before any transfer
• The acquiring entity will be bound by this Privacy Policy or provide equivalent protection

8.4 Legal Requirements & Protection of Rights:

We may disclose personal data if required to:

• Comply with legal obligations (court orders, subpoenas, regulatory requests)
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Argumentree, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to lawful requests from law enforcement or government authorities

8.5 With Your Consent:

• We may share data with third parties if you explicitly consent
• You can withdraw consent at any time for future sharing

8.6 Anonymized & Aggregated Data:

• We may share anonymized, aggregated statistics that cannot identify you or your Organization
• Example: "50% of users prefer feature X" or "Average discussion length is 45 minutes"
• This data is not personal data under GDPR

Primary Data Location: Your data is primarily hosted on Microsoft Azure servers in Germany (Germany West region), ensuring data remains within the European Union.

9.1 Transfers Outside the EU/EEA:

In limited circumstances, your data may be transferred to countries outside the EU/EEA for specific services:

9.2 GDPR-Compliant Transfer Mechanisms:

All international data transfers comply with GDPR Chapter V requirements through one or more of the following mechanisms:

• EU-US Data Privacy Framework: For US service providers certified under this framework (e.g., Stripe)
• Standard Contractual Clauses (SCCs): European Commission-approved contractual terms ensuring adequate protection
• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection
• Supplementary Measures: Additional technical and organizational safeguards (encryption, access controls, data minimization)

9.3 Your Rights Regarding International Transfers:

• You can request information about the safeguards in place for international transfers
• You can obtain copies of the SCCs or other transfer mechanisms we use
• You can object to specific transfers (note: this may limit Service functionality)
• Perplexity AI is used only by the Argumentree.AI product for web-search research features. If you do not use Argumentree.AI, no data is sent to Perplexity. Core AI features (translation, argument analysis) are processed within the EU via Azure AI.

9.4 Future Changes:

We are actively working to minimize international data transfers by:

• ✅ Completed: Hosting all core data in Azure Germany
• ✅ Completed: AI processing moved to Azure Sweden Central (EU). Only web-search features (Perplexity) require US data transfer.
• 📋 Planned: Evaluating EU-based alternatives for remaining US services

We will update this Privacy Policy and notify you of any changes to international transfer practices that materially affect your data.

10.1 Where Your Data is Stored:

• Primary Storage: Microsoft Azure cloud infrastructure, Germany West datacenter (Frankfurt region)
• Backup Storage: Geo-redundant backups within EU region
• Database: Encrypted at rest on Azure managed databases
• File Storage: Customer-uploaded files stored in Azure Blob Storage (Germany)

10.2 Security Measures:

We implement industry-standard technical and organizational measures to protect your data:

10.3 Your Security Responsibilities:

• Use strong, unique passwords for your account
• Never share your password or authentication credentials
• Enable two-factor authentication (if available)
• Log out from shared devices
• Report suspected security issues immediately to security@argumentree.ai
• Keep blockchain wallet private keys secure (if using wallet authentication)

10.4 Data Breach Notification:

• If a personal data breach occurs, we will notify you without undue delay and no later than 72 hours after becoming aware (GDPR Article 33)
• Notification will include: nature of the breach, categories of data affected, likely consequences, and measures taken
• We will also notify the German Data Protection Authority (BfDI) as required by GDPR
• You will be notified via email to your administrator address and/or in-app notification

10.5 Limitations:

While we implement strong security measures, no system is 100% secure. The internet and electronic communications are inherently insecure. We cannot guarantee absolute security, but we commit to:

• Maintaining commercially reasonable security standards
• Promptly addressing vulnerabilities
• Transparently communicating security incidents
• Continuously improving our security posture

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

11.1 Retention Schedule:

11.2 Account Deletion Process:

Users can request deletion of their account through Settings > Privacy > Delete Account. The deletion process includes:

What Gets Deleted vs Anonymized:

Deletion Timeline:

• Production Systems: Data deleted within 7 days after grace period ends
• Backup Systems: Purged within 60 days (normal backup rotation)
• Email Confirmation: You will receive email confirmation when deletion is complete

11.3 Legal Hold Exceptions:

Notwithstanding the retention schedule above, we may retain data longer if:

• Required by applicable law or regulation
• Necessary for legal claims or litigation (data placed on "legal hold")
• Required by court order or government authority
• Needed to enforce our Terms of Service or investigate violations

11.4 Data Export (Article 20 - Data Portability):

You can export all your personal data through Settings > Privacy > Export My Data.

Export File Structure:

• profile.json/csv - Your account information
• arguments.json/csv - All arguments you created
• discussions.json/csv - Your discussion contributions
• votes.json/csv - Your voting history
• consent-history.json - Record of your consent preferences

11.5 GDPR Email Notifications:

We send automated email notifications to keep you informed about your data rights actions:

Email Delivery:

• All GDPR-related emails are sent to your registered email address
• Emails are transactional (not marketing) and cannot be unsubscribed
• Check your spam folder if you don't receive expected notifications
• All emails are logged for audit purposes

11.6 Data Handling Upon Refund:

If you request and receive a refund under our 30-Day Money-Back Guarantee or any other refund policy, the following data handling applies:

• Data Preservation Period: Your organization's data (discussions, arguments, users) is preserved for 30 days following the refund. This allows time for data export if needed.
• Account Status: Your subscription is cancelled immediately upon refund, and your organization reverts to the free tier with associated feature limitations.
• Billing Data Retention: We retain billing records (payment history, refund records, invoices) for 7 years to comply with German tax law (§ 147 AO) and accounting requirements.
• Refund Processing Data: Data related to your refund request (reason for refund, processing dates, Stripe transaction IDs) is retained for fraud prevention and customer service purposes.
• Re-subscription: If you re-subscribe within 30 days, your full organization data is restored. After 30 days, standard data deletion policies apply.
• Your Rights: You may request full account and data deletion at any time after a refund using the GDPR deletion process described above.

Understanding data controller and data processor roles is important for GDPR compliance, especially for B2B services.

12.1 When We Are the Data Controller:

For Service Data (data about your use of the Service), Argumentree is the data controller:

• Account registration information (organization name, admin email)
• Billing and payment data
• Usage analytics and technical data (login times, features used, IP addresses)
• Support communications
• Marketing communications (to the extent we send them)

Our Responsibility: We determine the purposes and means of processing this data. We are responsible for GDPR compliance for Service Data, including responding to data subject rights requests.

12.2 When We Are the Data Processor:

For Customer Data (content you create and upload), YOU (the customer) are the data controller and we are the data processor:

• Arguments, discussions, and debates you create
• Comments, questions, proposals from your users
• Meeting transcripts (when feature is enabled)
• Uploaded documents and files
• Any personal data within the above content

Our Responsibility: We process Customer Data only according to your documented instructions (via your use of the Service features). We provide technical and organizational measures to protect Customer Data per GDPR Article 28.

12.3 Data Processing Agreement (DPA):

• If your Customer Data includes personal data of EU/EEA data subjects, a Data Processing Agreement (DPA) is required under GDPR Article 28
• Our standard DPA incorporating Standard Contractual Clauses (SCCs) is available at: argumentree.ai/dpa
• The DPA forms part of these Terms when you use the Service to process EU personal data
• Enterprise customers can negotiate custom DPA terms

12.4 Your Responsibilities as Data Controller:

• Legal Basis: Ensure you have a legal basis to process personal data of your Authorized Users and any end-users
• Consent: Obtain necessary consents from individuals whose data you process
• Privacy Notice: Provide your own privacy notice to your Authorized Users explaining how their data is processed
• Data Subject Rights: Respond to data subject rights requests from individuals in your Customer Data
• Data Quality: Ensure Customer Data is accurate, relevant, and lawfully processed
• No Illegal Content: Do not upload data that violates laws or third-party rights

12.5 Our Assistance to You:

As your data processor, we will assist you in fulfilling your GDPR obligations:

• Data Subject Requests: We provide tools to help you respond to access, rectification, erasure, and portability requests
• Data Breach Notification: We notify you within 72 hours of any breach affecting Customer Data
• Data Protection Impact Assessments (DPIAs): We provide information to assist with DPIAs
• Security Audits: We make available security documentation and certifications

Under the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG), you have the following rights regarding your personal data:

Additional Rights:

• Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
• Right to Not Be Subject to Automated Decision-Making (Article 22): You have the right to not be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. See Section 14 for AI-related rights.
• Right to Lodge a Complaint: You can lodge a complaint with a data protection supervisory authority if you believe we have violated your rights.

13.1 Consent Management Center:

You can manage all your consent preferences in one place through Settings > Privacy:

Key Features of Our Consent System:

• Granular Control: Manage each consent category independently
• Real-time Effect: Changes take effect immediately - no page reload needed
• Consent History: We maintain an audit trail of all consent changes
• Export Included: Your consent history is included in data exports
• No Dark Patterns: Withdrawal is as easy as granting consent

How to Exercise Your Rights:

Supervisory Authority Contact:

You have the right to lodge a complaint with the German Data Protection Authority or your local supervisory authority:

The Service uses artificial intelligence (AI) and machine learning to enhance your experience. Under GDPR Article 22, you have rights regarding automated decision-making.

14.1 AI-Powered Features:

• Argument Quality Analysis: Automated evaluation of argument strength and coherence
• Logical Fallacy Detection: Identification of reasoning errors
• Sentiment Analysis: Detection of emotional tone in discussions
• Content Translation: Automated translation across 10 languages
• Meeting Transcription: Speech-to-text conversion [Future feature]
• Smart Suggestions: AI recommendations for improving arguments
• Compromise Generation: AI-assisted identification of common ground

14.2 AI Service Providers:

• Translation & Argument Analysis: Azure AI / Meta Llama (Sweden Central, EU) — default provider. Perplexity Sonar API (US) — used only by Argumentree.AI for web-search research. Provider may be changed by your organization's administrator.
• Fallacy Detection & Debate Analysis: Azure AI / Meta Llama (EU) — real-time processing, no data retained by provider
• Transcription: [Future feature — provider to be specified before launch]

14.3 Data Processing for AI:

• AI features analyze your content in real-time to provide insights
• Data is sent to AI providers via encrypted connections
• We do NOT use your identifiable Customer Data to train AI models that benefit other customers
• AI providers are contractually prohibited from using your data for their own model training
• Processing is limited to providing services to you specifically

14.4 Automated Decision-Making (GDPR Article 22):

• No Solely Automated Decisions: AI features provide suggestions and analysis, not final decisions
• All AI outputs are advisory - human judgment is always required
• AI does not make decisions that produce legal effects or similarly significantly affect you
• Example: AI may suggest an argument has a logical fallacy, but YOU decide how to respond

14.5 Your Rights Regarding AI:

• Right to Human Review: If you believe an AI analysis adversely affected a decision in your Organization, request human review at support@argumentree.ai
• Right to Explanation: We provide explanations of how AI scores and analyses are determined
• Right to Opt-Out: Disable certain AI features (translations, suggestions) in Organization settings
• Right to Object: Object to AI processing under GDPR Article 21

14.6 Transparency & Labeling:

• AI-generated content is clearly labeled (e.g., "AI-generated summary", "AI quality score")
• You can distinguish between human-created and AI-assisted content
• We provide context on how AI reached its conclusions where technically feasible

Argumentree supports optional blockchain wallet authentication (Ethereum, Cardano, Polkadot) as an alternative login method. This section explains how we handle blockchain-related data.

15.1 What Wallet Data We Collect:

• Public wallet address (e.g., 0x1234...abcd)
• Wallet type/provider (e.g., MetaMask, Nami, Polkadot.js)
• Cryptographic signatures for authentication verification
• Wallet connection timestamps

15.2 How Wallet Authentication Works:

• You connect your wallet (which remains under YOUR control)
• We request a cryptographic signature to prove you own the wallet address
• We store only your public wallet address (which is already public on blockchain)
• Each login requires a new signature from your wallet
• This provides secure, password-free authentication

15.3 Public Nature of Wallet Addresses:

• Already Public: Wallet addresses are publicly visible on blockchain explorers by design
• Pseudonymous, Not Anonymous: While not directly linked to your real name, wallet addresses can be tracked across blockchain transactions
• Privacy Settings: You can choose to hide your wallet address from other users in your Organization settings
• DAO Context: In DAO governance contexts, displaying wallet addresses may be expected for transparency

15.4 No On-Chain Data Storage:

• NOTHING from your Service activity is stored on any blockchain
• All discussions, arguments, and meeting data are stored in our secure off-chain databases
• Blockchain is used ONLY for authentication signatures
• This avoids GDPR "right to erasure" vs blockchain immutability conflicts

15.5 Your Wallet Security Responsibilities:

• Secure your private keys: We recommend hardware wallets for maximum security
• Never share private keys: We will NEVER ask for your private keys
• Beware of phishing: Always verify you're connecting to the official Argumentree domain
• Lost wallet = lost access: If you lose wallet access and haven't set up email/password, you cannot recover your account
• Set up backup login: We strongly recommend enabling email/password authentication as a backup

15.6 Data Retention for Wallet Addresses:

• Wallet addresses are retained until you delete your account
• Upon account deletion, wallet addresses are removed per our standard deletion process (Section 11)
• Since wallet addresses are public blockchain data anyway, deletion from our database doesn't affect blockchain visibility

15.7 No Cryptocurrency Payments:

While we support wallet authentication, we do NOT accept cryptocurrency for Service payments. All payments are processed via traditional methods (credit card, bank transfer) through Stripe.

We use cookies and similar tracking technologies to provide, secure, and improve our Service. This section explains what cookies we use and how you can control them.

16.1 What Are Cookies:

Cookies are small text files stored on your device by your web browser. They allow websites to remember your preferences and actions over time.

16.2 Complete Cookie Inventory:

Below is a comprehensive list of all cookies set by Argumentree.AI. All cookies are first-party cookies (set by Argumentree.AI, not third parties). Cookies are set on the parent domain (.argumentree.ai) to enable seamless authentication across subdomains (landing page, app, API).

16.3 Cookie Consent Banner:

• When you first visit argumentree.ai, you'll see our custom cookie consent banner
• Essential cookies are enabled automatically (necessary for Service operation)
• Analytics and Marketing cookies require your explicit consent before activation
• You can change your preferences at any time in account settings or via the cookie banner

16.4 Managing Cookie Preferences:

You have several options to control cookies:

• In-Service Settings: Manage cookie preferences in your Account Settings → Privacy → Cookies
• Cookie Banner: Click "Cookie Settings" in the banner to modify your choices
• Browser Settings: Configure your browser to block or delete cookies
  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Preferences → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

16.5 Other Storage Technologies:

In addition to cookies, we use the following browser storage mechanisms:

• localStorage: Persistent browser storage for:
  • cookieConsentPreferences — Detailed consent record (analytics, marketing, timestamp)
  • theme — Your UI theme preference (light/dark)
  • i18nextLng — Your language preference
  • draftContent — Auto-saved drafts to prevent data loss
• sessionStorage: Temporary storage cleared when you close the browser. Used for transient UI state only.
• Server Log Files: Our servers automatically record technical information for security and debugging purposes:
  • IP address (anonymized after 30 days)
  • Browser type and version
  • Pages requested and timestamps
  • Error logs for troubleshooting

16.6 Do Not Track (DNT):

We respect Do Not Track browser signals. If you enable DNT, we will:

• Disable all optional tracking (analytics and marketing cookies)
• Only use essential cookies necessary for Service operation
• Not track your activity across other websites

17.1 Types of Communications:

We may send you the following types of emails:

17.2 B2B Marketing (Soft Opt-In):

Under German and EU law, we may send marketing communications to existing B2B customers about similar services based on legitimate interest, provided:

• You are an existing customer (active or recent subscription)
• Communications relate to similar services you've purchased
• We provide an easy, free opt-out in every email
• We honor all opt-out requests immediately (within 48 hours)

17.3 How to Opt-Out (Unsubscribe):

• Email Link: Click "Unsubscribe" at the bottom of any marketing email
• Account Settings: Manage preferences in Account Settings → Notifications → Email Preferences
• Email Request: Email privacy@argumentree.ai with "Unsubscribe" in subject line

17.4 Custom Marketing Tool:

We use a custom internal marketing tool to manage email communications. This means:

• Your email data is NOT shared with third-party email marketing platforms
• All communications are sent from our own infrastructure
• We maintain full control over your contact data
• Email tracking (opens, clicks) is minimal and used only for engagement metrics

17.5 Communication Preferences:

You can customize:

• Email Frequency: Weekly digest vs. immediate notifications
• Content Types: Select which types of updates you want to receive
• Language: Choose your preferred language for communications
• Time Zone: Optimize send times for your location

18.1 Age Restriction:

Argumentree is a business-to-business (B2B) service intended for use by adults aged 18 years and older. The Service is not directed at children, and we do not knowingly collect personal data from individuals under 18.

18.2 Account Registration Requirements:

• By creating an account, you confirm you are at least 18 years old
• If accepting on behalf of an organization, you confirm you have authority to bind that organization
• Our Terms of Service explicitly require users to be 18+

18.3 No Intentional Collection from Children:

• We do not knowingly collect, use, or disclose personal data from anyone under 18
• We do not target marketing or advertising to children
• We do not create profiles or accounts for children
• The Service does not include features designed for children

18.4 If We Discover Data from a Minor:

If we become aware that we have collected personal data from someone under 18:

• We will delete that data immediately from our systems
• We will terminate the account associated with the minor
• We will notify the Organization administrator if applicable
• We will document the deletion for compliance purposes

18.5 Customer Organization Responsibilities:

If you are an Organization administrator:

• Verify Age: Ensure all Authorized Users in your Organization are 18 or older
• Employee/Contractor Age: If your organization employs individuals under 18, do not grant them access to the Service
• Parental Consent: Even with parental consent, we do not permit users under 18
• Liability: You are responsible for ensuring compliance with age restrictions within your Organization

18.6 Compliance with Children's Privacy Laws:

• We comply with applicable children's privacy laws where we operate
• GDPR (EU): Age of digital consent is 16 in most EU countries; our 18+ requirement exceeds this
• COPPA (US): Applies to services directed at children under 13; Argumentree is not directed at children
• We do not require special parental consent because our Service is not available to minors

19.1 External Links:

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by Argumentree. For example:

• Documentation links to external resources
• Integration links to partner services
• Educational content or references
• Community forum links
• Social media links

19.2 Our Responsibility (Limited):

• We are NOT responsible for the privacy practices, content, or policies of third-party websites or services
• We do NOT endorse third-party services simply by linking to them
• We do NOT control how third parties collect, use, or share your data
• This Privacy Policy does NOT apply to third-party services

19.3 Third-Party Integrations:

We may offer integrations with third-party services (e.g., productivity tools, cloud storage). When you enable these integrations:

• You authorize data sharing between Argumentree and the third-party service
• The third party's privacy policy and terms of service apply to their processing of your data
• You can disconnect integrations at any time in account settings
• We will inform you about data sharing before enabling any integration

19.4 Subprocessors vs. Third-Party Links:

Distinction: Subprocessors (Section 8) are service providers we engage to help deliver our Service (e.g., Azure hosting, Stripe payments). Third-party links are external websites/services you choose to visit. We control subprocessors through data processing agreements; we do not control third-party websites.

19.5 User-Shared Links:

• Authorized Users may post links to external resources in discussions
• We do not pre-screen or approve user-shared links
• Clicking on user-shared links is at your own risk
• Report inappropriate or malicious links to support@argumentree.ai

20.1 Overview:

In accordance with the Digital Services Act (DSA) and our commitment to maintaining a safe platform, we process certain personal data for content moderation purposes.

20.2 Data Processed for Moderation:

• Content Reports: When you report content as potentially violating our Community Guidelines, we collect the report reason, your account ID, and timestamp
• Reported Content: The content being reported (AI research, arguments, or user-generated content) and associated metadata
• Moderation Decisions: Records of actions taken (warnings, content removal, account restrictions) and the reasoning behind decisions
• Appeals: Any appeals you submit regarding moderation decisions, including your stated grounds for appeal

20.3 Legal Basis (GDPR Art. 6):

• Legal Obligation: We are required under DSA Art. 14-17 to moderate illegal content and provide notice-and-action mechanisms
• Legitimate Interest: Maintaining platform safety and enforcing our Terms of Service
• Contract Performance: Providing the Service as described in our Terms

20.4 Retention of Moderation Data:

• Content Reports: Retained for 2 years after resolution to handle appeals and demonstrate compliance
• Moderation Decisions: Retained for 3 years as required by DSA for audit purposes
• Removed Content: Preserved for 6 months after removal to enable appeals, then permanently deleted
• Repeat Infringer Records: Retained for the duration of account existence plus 1 year

20.5 Your Rights Regarding Moderation:

• Statement of Reasons: Per DSA Art. 17, you will receive a clear explanation for any moderation action affecting your content or account
• Appeal Rights: You may appeal moderation decisions within 14 days of receiving the Statement of Reasons
• Access Rights: You may request access to moderation records related to your account under GDPR Art. 15
• Out-of-Court Resolution: Per DSA Art. 21, you may submit disputes to certified out-of-court dispute settlement bodies

20.6 Automated Content Moderation:

We may use automated tools to detect obviously illegal content (e.g., CSAM hash-matching). Per GDPR Art. 22, decisions significantly affecting your account will always include human review. You have the right to contest automated decisions and request human intervention.

20.7 Reporting Concerns:

To report content or submit a moderation appeal:

• Use the flag icon on any content within the platform
• Email: abuse@argumentree.ai
• See our Community Guidelines for detailed moderation policies

20.1 Right to Modify:

We may update this Privacy Policy from time to time to reflect:

• Changes to our Service or business practices
• New features or functionality
• Legal or regulatory requirements
• Improved clarity or organization
• Feedback from users or regulators

20.2 Notice of Material Changes:

For material changes that significantly affect how we process your personal data:

• We will notify you at least 30 days before the changes take effect
• Notification will be sent via email to your administrator address
• We will also display a prominent notice in the Service
• The updated Privacy Policy will be posted at argumentree.ai/privacy with the "Last Updated" date

Material changes include:

• Changes to data retention periods
• New categories of personal data collected
• New purposes for processing
• Changes to international data transfers
• New third-party recipients of data
• Reduced data protection standards

20.3 Non-Material Changes:

Minor changes (corrections, clarifications, formatting) may be made without advance notice. These include:

• Fixing typographical errors
• Updating contact information
• Adding examples for clarity
• Reorganizing sections
• Administrative updates

20.4 Acceptance of Changes:

• Continued Use = Acceptance: Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy
• Objection: If you do not agree to material changes, you may terminate your account per the Terms of Service Section 18.2
• Refund: If you terminate within 30 days of material privacy changes, you may be eligible for a pro-rated refund

20.5 Version History:

• We maintain an archive of previous Privacy Policy versions
• You can view past versions at argumentree.ai/privacy/archive
• Each version is timestamped and clearly labeled

20.6 Review Recommendation:

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data. The "Last Updated" date at the top of this document shows when changes were last made.

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

21.1 Response Time:

• We aim to respond to privacy inquiries within 5 business days
• Data subject rights requests will be processed within one month (GDPR requirement)
• Security incidents will receive immediate attention

21.2 Supervisory Authority:

You have the right to lodge a complaint with a data protection supervisory authority:

If you are located outside Germany, you may also contact your local data protection authority. A list of EU/EEA authorities is available at: European Data Protection Board

Depending on your location, you may have additional privacy rights under local laws. This section provides information for residents of specific regions.

22.1 International Users:

If you are located outside the regions listed above, you may still exercise the rights described in Section 13 (GDPR rights). We apply GDPR as our baseline standard globally, providing strong privacy protection regardless of location.

22.2 Evolving Privacy Laws:

Privacy laws are rapidly evolving worldwide. We monitor developments and update our practices to comply with new requirements. If new laws in your region grant additional rights, we will honor them even if not explicitly listed here.