Datenschutzerklärung

Company

ZAPTOS LTD trading as AI Labs

Address

5th Floor, 167–169 Great Portland Street, London, W1W 5PF, United Kingdom

Companies House

12201879

Email

hello@ai-labs.at

We collect personal data only to the extent necessary for the operation of our website and services:

• —Server logs: Each request automatically logs your IP address, user agent, referrer, timestamp, and requested URL. Stored briefly for security and abuse prevention. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
• —Contact / application forms: When you submit the "Join our team" form or otherwise contact us, we process your name, email, LinkedIn URL, portfolio URL, and message. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(a) GDPR (consent).
• —Calendly bookings: When you book a discovery call via Calendly, your name, email, and meeting time are processed by Calendly Inc. (USA). See Calendly's privacy policy: calendly.com/privacy. Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR.
• —Authentication cookies (admin only): If you log in to our admin area, we set a session cookie. No tracking cookies are set on the public site.

The public website does notset any tracking, advertising, or analytics cookies. Only strictly necessary technical cookies are used (e.g. for the admin login session). Calendly may set its own cookies once you open the embedded scheduling iframe — these are governed by Calendly's privacy policy.

We use the following processors. All have signed Standard Contractual Clauses (SCCs) where required:

• —Vercel Inc. (USA) — website hosting and content delivery. Privacy policy.
• —Supabase Inc. (USA / EU regions) — database and file storage. Privacy policy.
• —Calendly LLC (USA) — meeting scheduling. Privacy policy.
• —GoDaddy Operating Company, LLC (USA) — domain registration & DNS.

Where data is transferred outside the EEA, we rely on EU Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

• —Server logs: up to 30 days, then deleted or anonymised.
• —Contact / application form data: up to 12 months after our last contact, then deleted unless a contract is concluded.
• —Calendly booking data: see Calendly's policy.
• —Statutory retention obligations (e.g. tax, accounting): up to 7 years where applicable.

You have the following rights regarding your personal data:

• —Right of access (Art. 15 GDPR) — you may request a copy of the data we hold about you.
• —Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate data.
• —Right to erasure (Art. 17 GDPR) — you may request deletion of your data.
• —Right to restriction of processing (Art. 18 GDPR).
• —Right to data portability (Art. 20 GDPR).
• —Right to object (Art. 21 GDPR).
• —Right to withdraw consent at any time without affecting prior lawful processing.

To exercise any of these rights, email hello@ai-labs.at. We will respond within one month.

If you believe we have processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority. The Austrian authority is the Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, Austria — dsb.gv.at. You may also complain to the supervisory authority of your habitual residence or place of work.

The website is served over HTTPS. Passwords (admin accounts) are stored as bcrypt hashes. We use access controls, role-based permissions, and standard security practices to protect your data — though no system can be guaranteed fully secure.

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page indicates the most recent version.