Privacy
policy.

The data controller within the meaning of the GDPR (Regulation (EU) 2016/679) is:

Georgiy Seibel e.U.
Nordportalstraße 2, 1020 Vienna, Austria
Phone: +43 664 1583185
E-mail: hello@propagandas.at

This policy describes how we collect, use and store personal data when you visit propagandas.studio, contact us via the website, or purchase one of our productised automations. It does not cover data we may process under a signed services agreement — those terms live in the DPA we sign per engagement.

We process the following categories of personal data on the following legal bases:

• Contact-form data — name, e-mail, message content. Legal basis: pre-contractual measures at your request (Art. 6(1)(b) GDPR). Retention: 24 months unless an engagement starts, in which case data moves into the contract record.
• Server logs — IP address, user-agent, referrer, timestamp. Legal basis: legitimate interest in operating and securing the site (Art. 6(1)(f) GDPR). Retention: 30 days, then purged.
• Invoice data — billing name, company, address and VAT ID collected only when an engagement starts. Stored in our accounting system for the period required by Austrian tax law (currently seven years). Legal basis: contract performance and legal obligation (Art. 6(1)(b) and (c) GDPR).
• AI demo interactions — when you use the AI intake or AI Caller demo, your text or phone number is sent to our model providers for processing. See Section 5 for the processors involved. Legal basis: consent (Art. 6(1)(a) GDPR) and pre-contractual measures (Art. 6(1)(b) GDPR).

We use only technically necessary cookies (session cookies for the checkout flow). We do not run advertising trackers. Should we add analytics in the future, you will be asked for explicit consent via a cookie banner before any non-essential cookie is set.

We rely on the following processors. Each is bound by a data-processing agreement (DPA) and operates GDPR-compliant infrastructure with EU or adequate-third-country safeguards in place:

• Vercel Inc. — hosting and serverless execution (EU regions; SCCs in place for any US fallback).
• Anthropic PBC — large language model inference for AI demos and onsite assistants. Anthropic does not train on our API traffic.
• Vapi Labs Inc. — voice-agent telephony for the AI Caller demo.
• Resend Inc. — transactional e-mail delivery (e.g. proposal confirmations).

Where a processor stores or processes data outside the EU/EEA, the transfer is covered by Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical measures (encryption at rest and in transit). We do not sell or rent data to any third party.

Under the GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Have inaccurate data corrected (Art. 16).
• Have data deleted where retention is no longer necessary (Art. 17).
• Restrict processing in specific cases (Art. 18).
• Receive your data in a portable format (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time, without affecting prior lawful processing.

To exercise any of the above, write to hello@propagandas.at. We respond within 30 days.

You have the right to lodge a complaint with a supervisory authority. The competent authority for Austria is the Österreichische Datenschutzbehörde (DSB), Barichgasse 40-42, 1030 Vienna.

All traffic to and from this site runs over HTTPS. Data at rest is encrypted by the underlying provider (Vercel / Postgres). Access to production systems is restricted to the studio principals and protected by MFA.

We update this policy whenever processors, retention rules or legal bases change. The latest version is always at this URL. Material changes are flagged in our next outbound communication where there is an active engagement.