Privacy Policy

Last updated: 01.04.2026

1. Who we are

This website and the OrgMate service are operated by:

Benjamin Schlund
c/o IP-Management #9620
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
contact@orgmate.io

For any privacy-related questions, you can contact us at:

privacy@orgmate.io

2. Scope of this Privacy Policy

This Privacy Policy explains how we process personal data when you visit our website, use OrgMate, authenticate with Salesforce, request access, purchase a subscription, or otherwise interact with us.

3. The data we process

Depending on how you use OrgMate, we may process the following categories of data:

a) Website and technical data

When you visit our website, we may process technical data such as:

  • IP address
  • browser and device information
  • date and time of access
  • requested pages and technical logs
  • security-related log data

b) Salesforce authentication data

When you authenticate OrgMate via Salesforce, we may receive:

  • your Salesforce username
  • your name as provided in Salesforce
  • your email address as provided in Salesforce
  • technical authentication/session information

c) Salesforce org metadata

To provide the OrgMate service, we process metadata from the connected Salesforce org, for example configuration and structural metadata needed to analyze the org and generate responses.

OrgMate is designed to operate on metadata and not on customer record data.

d) Billing and payment data

If you purchase OrgMate, billing and payment-related data may be processed, such as:

  • billing name
  • company name
  • billing address
  • email address
  • VAT/tax ID, where applicable
  • subscription and transaction details

Payment card data is processed by our payment provider and is not stored by us unless explicitly stated otherwise.

e) Communication data

If you contact us, we process the information you provide, such as your name, email address, and message content.

4. Why we process your data

We process personal data for the following purposes:

  • to provide and operate OrgMate
  • to authenticate users via Salesforce
  • to analyze connected Salesforce org metadata and generate service outputs
  • to maintain security, prevent abuse, and troubleshoot technical issues
  • to manage subscriptions, payments, invoices, and accounting
  • to respond to inquiries and support requests
  • to comply with legal obligations
  • to improve and maintain the reliability of the service

5. Legal bases

Where the GDPR applies, we process personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR), where processing is necessary to provide OrgMate or respond to a request related to the service.
  • Legal obligation (Art. 6(1)(c) GDPR), where processing is required for invoicing, tax, accounting, or other legal compliance.
  • Legitimate interests (Art. 6(1)(f) GDPR), where processing is necessary for service security, fraud prevention, technical stability, logging, internal administration, and limited service improvement.

If we rely on consent for specific processing activities, we will ask for it separately.

6. Recipients and service providers

We may share personal data with service providers who help us operate OrgMate, for example in the following areas:

  • hosting and infrastructure
  • authentication and session handling
  • payment processing
  • email delivery and communication
  • AI/LLM processing needed to provide the service

Based on our current setup, this may include in particular:

  • Hetzner for hosting in Germany
  • Stripe for billing and payment processing
  • OpenAI / Anthropic for generating service outputs based on selected, processed service context

We do not sell personal data.

7. AI / LLM processing

To provide OrgMate, selected service context may be processed through an AI/LLM gateway or provider after internal preparation and enrichment within OrgMate.

OrgMate is designed to minimize the data sent to such providers and to avoid sending customer record data as part of the normal service flow.

8. International data transfers

Our core hosting is located in Germany.

If we transfer personal data to recipients outside the European Economic Area, we do so only where an appropriate legal transfer mechanism is in place, for example:

  • an adequacy decision, where available, or
  • the European Commission’s Standard Contractual Clauses, where required.

Some of our providers may process data in countries outside the EEA, including the United States.

9. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In particular:

  • account and service-related data is retained for as long as needed to provide the service and handle related obligations
  • billing and invoice data is retained for as long as required by applicable tax and accounting laws
  • technical logs are retained for a limited period as necessary for security and operations
  • support communications may be retained as long as necessary to handle the request and any follow-up

10. Your rights

Where the GDPR applies, you may have the right to:

  • request access to your personal data
  • request rectification of inaccurate data
  • request erasure of your data
  • request restriction of processing
  • object to processing based on legitimate interests
  • receive your data in a portable format, where applicable
  • lodge a complaint with a competent supervisory authority

If you want to exercise any of these rights, contact us at:

privacy@orgmate.io

11. Security

We use appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will always be available on this page, together with its effective date.

13. Contact

Benjamin Schlund
c/o IP-Management #9620
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
contact@orgmate.io
Back to landing