Privacy Policy

1. Controller

The controller for the processing of personal data on this website is:

Konstantine Group UG (haftungsbeschränkt)
Roedernstr. 6B, 12623 Berlin, Germany
VAT ID: DE456635304
Commercial Register: HRB 273832
Managing Director: Fiona Klimin
Email: privacy@konsta.ai
Phone: +49 152 526 431 29

For our customers we act, in the context of providing our services (e.g. when processing lead data), as a processor within the meaning of Art. 28 GDPR. In this case the customer is the controller. The details are governed by our Data Processing Agreement (DPA).

2. Categories of personal data processed

We process the following categories of personal data:

• Contact data: name, email address, phone number, company name
• Business data: target-account information, lead data, campaign configurations
• Communication data: chat transcripts, email correspondence, support tickets
• Technical data: IP address, browser information, device data
• Usage data: pages visited, click behaviour, usage statistics
• Payment data: billing information (processed via Stripe)

3. Purposes of processing

We process your data for the following purposes:

• Providing and operating the Konsta outbound-sales platform
• Customer communication and support
• Contract performance and invoicing
• Improving our services and underlying technology
• Marketing and customer acquisition (with consent)
• Compliance with legal obligations
• Protection against abuse and fraud

4. Legal bases

Processing is based on the following legal grounds:

• Art. 6(1)(a) GDPR: consent for marketing and optional services
• Art. 6(1)(b) GDPR: performance of a contract and pre-contractual measures
• Art. 6(1)(c) GDPR: compliance with legal obligations
• Art. 6(1)(f) GDPR: legitimate interests (operation of the website, security)

5. Third-party data processors

Transparency on third parties:

To deliver our highly specialised services we rely on leading technology partners. Below we transparently list which data is transferred to which partner for which purpose.

5.1 Contact & email enrichment

• Apollo.io, Inc. (USA): B2B contact discovery and email enrichment. See Apollo privacy policy.
• FullEnrich (France): waterfall email enrichment across multiple data providers. See FullEnrich privacy policy.
• Instantly.ai (USA): outbound email sending platform used to deliver the campaigns Konsta builds for you. See Instantly privacy policy.

5.2 AI & LLM services

• Mastra (gateway-api.mastra.ai): the LLM gateway through which our requests to model providers are routed.
• OpenAI, LLC (USA): large-language-model provider used for reasoning and content generation. See OpenAI privacy policy.
• Anthropic, PBC (USA): large-language-model provider used for reasoning and content generation. See Anthropic privacy policy.
• Google Ireland Limited / Google LLC (Vertex AI): large-language-model and embedding provider. See Google privacy policy.

5.3 Research & web data

• BrightData Ltd. (Israel): job-posting scraper used to detect hiring signals. See BrightData privacy policy.
• Firecrawl (USA): web scraping used for enrichment research. See Firecrawl privacy policy.
• Perplexity AI, Inc. (USA): research API used to enrich account and contact context. See Perplexity privacy policy.

5.4 Infrastructure, payments, and observability

• Supabase (Supabase Inc., USA; hosted in EU — Frankfurt): authentication, database, and edge functions. See Supabase privacy policy.
• Vercel Inc. (USA): hosting of the marketing site and application frontend. See Vercel privacy policy.
• Fly.io (USA): hosting of our backend workers (konsti-workers). See Fly.io privacy policy.
• Stripe, Inc. (USA): secure payment processing. We do not store credit-card data. See Stripe privacy policy.
• Datadog, Inc. (EU region, Frankfurt): application logging and observability. See Datadog privacy policy.

For transfers of data to countries outside the EU (such as the United States), we rely on appropriate safeguards to ensure an adequate level of data protection. This is typically done by entering into Standard Contractual Clauses (SCCs) issued by the EU Commission with the relevant service providers.

6. Cookies and tracking technologies

Our website uses cookies and similar technologies for the following purposes:

• Necessary cookies: core functions of the website
• Functional cookies: improving the user experience
• Analytical cookies: website analysis and optimisation
• Marketing cookies: personalised advertising (with consent)

For non-essential cookies we obtain your explicit consent, which you can withdraw at any time.

7. Processing of customer-uploaded business data

Konsta processes data that you or your team upload or generate inside the platform — for example campaign configurations, target-account lists, and outbound copy. We handle this data with the following principles:

• Purpose limitation: data is processed only to operate the services you booked.
• Retention: business data remains available for the duration of the contract; logs of LLM calls are retained for up to 90 days.
• No training on your data: your business data is never used to train our or any third party's foundation models.
• Encryption: all data is transmitted and stored encrypted at rest and in transit.

8. Retention period

We store your data only for as long as necessary:

• Contract data: for the duration of the contractual relationship and in accordance with statutory retention periods
• LLM call logs: up to 90 days for debugging and cost reconciliation
• Marketing data: until consent is withdrawn
• Server logs: maximum 14 days for security reasons

9. Data security

We use technical and organisational measures to protect your data:

• SSL/TLS encryption for all data transfers
• Secure server infrastructure with regular updates
• Access control and permission management
• Regular security audits
• Backup systems and disaster recovery
• Minimisation of data storage following the "Privacy by Design" principle

10. Automated decision-making and minors

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects concerning you. Our AI analyses are intended to support human users; the final decision remains with the human operator.

Our services are not directed at persons under 18 years of age. We do not knowingly process data of minors without the consent of their guardians.

11. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

Competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de

12. Your rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): information about the data processed
• Right to rectification (Art. 16 GDPR): correction of inaccurate data
• Right to erasure (Art. 17 GDPR): deletion of your data
• Right to restriction (Art. 18 GDPR): restriction of processing
• Right to data portability (Art. 20 GDPR): transfer of your data
• Right to object (Art. 21 GDPR): objection to processing
• Withdrawal of consent: possible at any time for consent-based processing

We process all requests regarding your data protection rights promptly and in accordance with EU regulations. Simply contact us by email or phone.

13. Contact for data-protection enquiries

For questions about data protection or to exercise your rights, please contact:

Konstantine Group UG (haftungsbeschränkt)
Email: privacy@konsta.ai
Phone: +49 152 526 431 29

We process your request promptly and within 30 days at the latest.