Privacy Policy — SerahrChat
Version 1.1 — effective from March 19, 2026
1. Data Controller
Thorsten Ahrens
Serahr — serahr.de
Email: contact@serahr.de
This policy covers serahrchat.serahr.de and the SerahrChat software product.
2. Overview: Where Is Data Stored?
SerahrChat is self-hosted. Most data remains on the customer's server.
| Data | Storage Location | Purpose |
|---|---|---|
| Uploaded documents | Customer server | Knowledge base for the chatbot |
| Vector index (embeddings) | Customer server (LanceDB) | Semantic search |
| Chat histories | Customer server (SQLite) | Analytics, auto-deleted after 90 days |
| Aggregated analytics | Customer server | Usage statistics, 90-day rotation |
| Audit logs | Customer server | Security log, IP-anonymized, 90-day rotation |
| Admin credentials | Customer server | Authentication (Argon2-hashed) |
| Chat queries (for answering) | Customer-chosen LLM provider (e.g. OpenRouter, OpenAI, Mistral, or local) | AI response generation — forwarded, not permanently stored |
| Document embeddings (on creation) | Customer-chosen embedding provider (e.g. OpenAI, OpenRouter, or local) | Document vectorization for semantic search — result stored locally on customer server |
| License key + Instance ID | License server (licence.serahr.de) | License validation |
| Payment data | Stripe | Payment processing (PCI-compliant) |
| Email address | License server + Resend | License communication, password reset, trial onboarding |
3. Data Processing in Detail
3.1 Website Visits
Server automatically collects: IP addresses (in server logs, automatic rotation), browser type, operating system, referrer URL, date and time of access.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest). No tracking cookies or third-party trackers used.
3.2 License Purchase and Payment
- Email address: For license delivery, invoices, and support communication. Stored on the license server (Supabase, EU region).
- Payment data: Processed exclusively through Stripe (PCI-DSS certified). We do not store credit card or bank account data.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
3.3 License Validation (Phone-Home)
- Transmitted data: Instance ID, license key
- Frequency: Maximum once per 7 days (local cache)
- If unreachable: Grace period — the chatbot continues to function
No usage data, document content, or chat histories are transmitted. Legal basis: Art. 6(1)(b) GDPR.
3.4 Update Checks
The installation automatically checks for new versions via update.serahr.de. Only the current version number is compared. No personal data is transmitted.
3.5 Chat Queries, Embedding, and LLM Providers
This is the most important point for data protection assessment:
a) Document Embedding (on upload):
When the customer uploads documents, they are converted into vectors (embedding) to enable semantic search. The embedding provider is chosen by the customer:
- External provider (e.g. OpenAI, OpenRouter): Document content is transmitted to the chosen provider to generate embedding vectors. The resulting vectors are stored locally on the customer's server (LanceDB).
- Local models: No external data transfers — fully local on the customer's server.
b) Chat queries (during use):
- The question is processed on the customer's server
- Relevant text passages from uploaded documents are identified via semantic search (local, LanceDB)
- Question + relevant text passages are sent to the configured LLM provider to generate an answer
- The answer is returned to the visitor
Both the LLM provider and the embedding provider are chosen and configured by the customer (own API key). Possible providers: OpenRouter (USA), OpenAI (USA), Mistral (France/EU), or local models (Ollama, LMStudio) with no external data transfers.
Note on GDPR compliance: Stored data (documents, chat histories, analytics, embedding vectors) remains entirely on the customer's server. When using external LLM or embedding providers, data is transmitted to third parties. For full GDPR compliance, we recommend local models or EU-based providers. The choice and responsibility lies with the customer.
3.6 Email Communication
Emails are sent exclusively for: license delivery, password reset codes, email verification codes, and onboarding emails during the free trial.
Sent via Resend. Onboarding emails are sent only during the 7-day trial. Legal basis: Art. 6(1)(b) GDPR.
4. Data Storage on Customer Server
- Documents: Encrypted storage (Fernet/AES)
- Vector database: Document embedding vectors (LanceDB)
- Chat histories: Anonymized, automatic deletion after 90 days
- Analytics: Aggregated daily statistics, 90-day rotation
- Audit log: Security events, IP-anonymized, 90-day rotation
- Admin database: Configuration, password hash (Argon2), recovery codes (HMAC-SHA256)
5. Retention Periods
| Data | Period |
|---|---|
| Chat histories | 90 days (automatic deletion) |
| Analytics | 90 days (automatic rotation) |
| Audit logs | 90 days (automatic rotation) |
| Documents | Until manual deletion by customer |
| Email address (license server) | Until contract termination + statutory retention |
| Payment data (Stripe) | Per Stripe privacy policy |
| Admin access after contract end | 30 days after expiry, then revoked |
6. Disclosure to Law Enforcement
We may be legally required to disclose stored data to law enforcement authorities on the basis of a European Production Order or European Preservation Order pursuant to Regulation (EU) 2023/1543. Such disclosure is made exclusively on the basis of a lawful order and to the extent required by law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).
7. Your Rights
Under GDPR: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), Objection (Art. 21).
Direct requests to contact@serahr.de. For data on your own server, you can export or delete data anytime via the admin panel.
8. Right to Complain
You have the right to lodge a complaint with a data protection supervisory authority.
9. Cookies and Tracking
This website uses no tracking cookies, no third-party trackers, and no analytics tools.
SerahrChat widget: No cookies. Session management uses a JWT token in localStorage. No consent required (§ 25(2)(2) TDDDG).
10. Processors and Sub-Processors
| Service Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA (EU SCCs) |
| Supabase, Inc. | License server backend | USA / EU region (Frankfurt) |
| Resend, Inc. | Transactional email | USA (EU SCCs) |
| Vercel, Inc. | License server hosting | USA (EU SCCs) |
| GitHub, Inc. | Update manifest hosting | USA (EU SCCs) |
| netcup GmbH | Web hosting | Germany |
Note on LLM and embedding providers: LLM and embedding providers (OpenRouter, OpenAI, Mistral, etc.) are not commissioned by us but chosen and configured by the customer (own API key). The customer is responsible for the data protection assessment of their chosen providers.
11. Changes
This privacy policy may be updated as needed. The current version is always available on this page.