1.1. Jaschu Ventures UG (haftungsbeschränkt) (hereinafter referred to as "Avanty") processes personal data on the basis of this declaration in accordance with the principles described below in the context of providing its service to the customer.
1.2. In addition, the terms of use under https://avanty.app/legal/terms-of-use regulate the rights and obligations of the user of the services of Avanty and of Avanty itself, in connection with the relevant data protection laws, in particular in the context of the processing of user's data.
1.3. As part of the service of Avanty, Avanty provides a Chrome extension that data scientists can use to get smart AI features in their Metabase instance. Avanty does not store or access any of the user's customer data, however, it does process and sometimes store (i.e., in logs) the SQL queries and metadata such as the database schema about the charts stored in Metabase.
2.1. The Avanty service is accessible via a Google Chrome browser extension. Avanty collects and processes the personal data transmitted by the user, in particular in relation to SQL queries and metadata such as the database schema of tables available in Metabase.
When the services are used for the first time, certain data may be collected automatically or upon request as part of the user's initial registration.
When the user registers by providing their e-mail address and password to Avanty, the following personal information is processed and stored:
Display name
E-Mail address
Password
Alternatively, users can choose to register via third-party services, including GitHub. When a user registers through so-called Social Login via GitHub, the following personal information is processed and stored:
Github display name
Github email address
GitHub profile ID
GitHub token to access read-only information about the user's GitHub profile
This data is automatically transmitted to Avanty when contact is made in order to provide the service and related functions. This data processing is necessary for the performance of the contract for the Avanty service in accordance with Art. 6 (1) lit. b) DS-GVO.
3.2.1. If the User actively uses Avanty, additional personal information about the User will be collected during the course of the usage, which the User voluntarily shares with Avanty (such as SQL queries and metadata). This information is used by Avanty to provide its services. The processing of this data is thus necessary for the fulfillment service according to Art. 6 para. 1 lit. b) DS-GVO, as far as this data is provided.
3.3.1. To improve the functions and performance features of Avanty and to prevent and eliminate misuse and malfunctions, Avanty uses the personal data described in section 3.1 and 3.2. Avanty has a legitimate interest in ensuring the functionality and error-free operation of its service and to be able to offer a market- and interest-oriented service. The legal basis for this is Art. 6 para. 1 lit. f) DS-GVO.
3.3.2. Avanty creates aggregated group analyses from anonymized information, from which no conclusion can be drawn about the individual user, via which statistical information and evaluations can be created. Such information is also used, for example, to prove the use of the service to third parties who pay for the use of the service, such as employers.
Avanty may cooperate from time to time with research partners and also provide them with anonymized information for research purposes as part of special projects. An inference to the specific person of the user is not possible here, as all identification information of the customer is removed by Avanty before such a transfer. The legal basis for this is § 27 BDSG.
We do not directly collect your payment information and we do not store your payment information. We use Stripe as a third-party, PCI-compliant, payment processor which collects payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via customer portals, we do not have access to, or process, your credit card information.
If Avanty is requested by authorities or in the context of legal disputes to provide information to authorities, courts, or other third parties, Avanty will comply with such requests to the extent that it is legally obliged to do so. The legal basis for such release of personal data is Art 6 para.1 lit c DS-GVO.
The Products and Services are not intended to be marketed to children under the age of 16. Avanty does not knowingly collect or store personal information from children under the age of 16.
For the storage of customer data, Avanty uses a service provider with a physical server location in Frankfurt, Germany. This service provider is Digital Ocean Inc. based in the USA.
The location of Avanty's storage services may change at any time.
| Company Name | Description of processing | Country in which Sub-processing will take place |
|---|---|---|
| DigitalOcean | Database Hosting | United States, Germany |
| Render, Inc. | Server Hosting | United States, Germany |
| Vercel | Website Hosting | United States |
| OpenAI, Inc. | Artifical Intelligence Services | United States |
| ActiveCampaign, LLC ("Postmark") | E-Mail services | United States |
| Stripe, Inc. | Payments | United States |
| Upstash, Inc. | Queueing Service | United States |
| Axiom, Inc. | Logging | United States |
| Conva Ventures, Inc. ("Fathom") | Website Analytics | Canada, United States |
| Amazon Web Services EMEA SARL | Networking | United States, Germany |
Within the scope of the purposes described in section 3, Avanty uses partner companies that process personal data on behalf of Jaschu Ventures UG (haftungsbeschränkt).
A data transfer of personal data of the user to third parties does not take place without the consent of the user, unless such a transfer is permitted by law. If processors such as cloud providers and other service providers are used and personal data is transferred to them, they are carefully selected. It is concluded to the agreements on the order processing to legally relevant specifications, these are monitored and instructed within the scope of the applicable regulations.
The service providers used are either based in the EU or in a country in which the EU has established a sufficient level of data protection. Companies from the USA, meet the requirements for a sufficient level of data protection by agreeing to standard contractual clauses in accordance with the requirements of the GDPR.
Insofar as third parties are used for the use of Avanty that have their registered office outside the EU or process data outside the EU, the user declares their consent for such data transfer outside the EU. The specific consent given is listed at the end of this privacy policy.
The personal data stored by Avanty will be deleted as soon as they are no longer required for the purpose for which they were collected and Avanty is not obliged to store them for a longer period due to legal obligations. As a rule, the user's personal data will be deleted with the request to terminate the use of the service, unless other purposes, such as billing purposes, require further storage. In this case, the data will only be deleted after the purpose has ended.
Automated decision-making within the meaning of Art. 22 DSGVO is generally not used.
The user may at any time request information about the personal data processed by Avanty as well as its correction, deletion or restriction of processing. He can object to the processing of his personal data at any time and demand the transfer of the personal data to himself or to a third party. If the user has given consent to Avanty for the processing of personal data, the user may revoke such consent at any time. In this case, the lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. The revocation is possible by e-mail or in writing and should be sent to the address provided below. After the revocation, personal data may be further processed to the extent permitted by law. The Berlin Commissioner for Data Protection and Freedom of Information is the supervisory authority responsible for complaints.
The controller for the processing of personal data is Jaschu Ventures UG (haftungsbeschränkt), Email: support@avanty.app, Managing Director Jan Wilhelm.
With questions about data protection law can be contacted to the data protection officer at the following e-mail address: support@avanty.app
By using the Avanty service, you consent to Jaschu Ventures UG (haftungsbeschränkt) processing and using your personal data, including but not limited to any data stored in your Metabase instance, for the purpose of providing its service and products, and to Avanty making evaluations and recommendations on that basis.
You also consent to Jaschu Ventures UG (haftungsbeschränkt) processing your personal information for transfer to third parties and use with third-party services to be transferred to and stored in the United States.
By using the services of Avanty, you consent that they and their partners mentioned above may use personal data for the purpose of improving the content and usability of Avanty.
If you have given us consent to process your personal data, this is done voluntarily. The consent can be revoked by you at any time with effect for the future. To exercise your right of revocation, you must notify Jaschu Ventures UG (haftungsbeschränkt), e-mail: support@avanty.app of your decision to revoke your consent by means of a clear declaration (e.g. a letter or e-mail sent by post). If you make use of this option, a confirmation of receipt of such revocation will be sent to you immediately (e.g. by e-mail).
In the event of a revocation, the processing of your data that has taken place up to that point remains lawful. After the revocation, your personal data may be further processed, insofar as this is legally permissible, e.g. for invoices or within the framework of legal retention periods or in the event of legal disputes before courts or authorities.