Privacy policy

Last updated: 16 August 2025

Introduction

Welcome to Lin! This Privacy Policy explains how Beazy UG (haftungsbeschränkt) ("Beazy", "we", "us", or "our") collects, uses, and protects your personal data when you use our AI-powered web application for freelancers, getlin.ai ("Lin" or the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. As a company based in Germany, we adhere to the high standards of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Telemedia Data Protection Act (TTDSG).

Controller for Data Processing:
Beazy UG (haftungsbeschränkt)
c/o Factory Works GmbH
Rheinsberger Str. 76/77, 10115 Berlin, Germany
Contact Email: contact@beazy.co

Data Protection Officer (DPO):
You can contact our Data Protection Officer with any questions or concerns regarding your data:
Email: contact@beazy.co

Lead Supervisory Authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt‑Moabit 59–61, 10555 Berlin, Germany

1. The Data We Process and Why

1.1. Legal Bases for Processing

We only process your personal data when we have a valid legal reason to do so under Article 6 of the GDPR. Our legal bases include:

Performance of a Contract (Art. 6(1)(b) GDPR): Most of our processing is necessary to provide the Service to you. This includes creating your account, delivering Lin's core features (like AI-powered conversations and job recommendations), managing your subscription, and providing support.

Legitimate Interests (Art. 6(1)(f) GDPR): We process some data because it's in our legitimate interest to do so, provided these interests are not overridden by your rights. This includes:

  • Service Security & Integrity: Protecting the Service from fraud, abuse, and security threats.

  • Service Improvement & Development: Analyzing how you use the Service (through first-party analytics) to understand what's working, fix what isn't, and develop new features that freelancers will love.

  • Operational Analytics: Monitoring the health and performance of our systems to ensure reliability and stability.

Consent (Art. 6(1)(a) GDPR): For activities that are not essential to the core service, we will ask for your consent. This includes sending you marketing newsletters, using non-essential cookies, or enabling optional product features that involve additional data processing. You can withdraw your consent at any time.

Legal Obligation (Art. 6(1)(c) GDPR): We are required to process certain data to comply with German and EU law, such as retaining financial records for tax purposes.

1.2. Categories of Data We Process

We adhere to the principle of data minimisation. The data we process depends on how you use Lin:

  • Account Data: Your email address, a securely hashed password or third-party authentication token (e.g., Google/LinkedIn), and your unique user ID.

  • Profile & Professional Data: Information you choose to provide to enhance your job matches, such as your name, professional role, location, languages, skills, experience level, and job preferences.

  • Conversation & Usage Data: The prompts you send to Lin, the responses you receive, and your feedback. This data is essential for the Service to function and provide continuous, context-aware assistance.

  • Billing Data: If you subscribe to a paid plan, our payment processor (Stripe) will handle your payment details. We only receive non-sensitive information like a subscription ID, transaction metadata, and the last four digits of your card. We never store your full credit card number.

  • Technical & Telemetry Data: To ensure our Service is secure and reliable, we automatically collect technical data such as your IP address, browser type, and device information. We also collect minimal, first-party usage analytics (e.g., feature interaction events) to improve the core functionality of the Service.

1.3. Special Categories of Data

We do not intentionally collect or request "special categories" of personal data (as defined in Art. 9 GDPR), such as information about health, religion, or ethnic origin. If you voluntarily provide such information in a free-text field (like a chat prompt), it will be processed by our systems solely to provide the requested service functionality.

1.4. Data Sources

We collect data directly from you when you sign up and use Lin. We may also enrich job postings with publicly available information to improve the quality and relevance of your recommendations.

2. AI Processing, Profiling, and Your Control

Lin's core value comes from using advanced AI models and automation to find the best jobs for you. This requires specific data processing:

  • AI Model Interaction: To provide you with conversational assistance and job analysis, we send relevant data (such as your prompts, profile details, and job descriptions) to our AI service providers. We contractually require these providers, where the option exists, not to use your data to train their AI models.

  • Profiling for Recommendations: We analyze your profile, preferences, and conversations to create a professional profile of your skills and interests. This "profiling" (as defined in Art. 4(4) GDPR) is essential for us to rank and recommend the most relevant job opportunities for you.

  • No Solely Automated Decisions with Legal Effect: The AI-driven recommendations are suggestions to assist you. We do not make any solely automated decisions that would have a legal or similarly significant effect on you (as defined in Art. 22 GDPR). You always have the final say.

Under Article 22 of the GDPR, you have the right to obtain human intervention, to express your point of view, and to contest a decision based on automated processing. You can exercise these rights at any time by contacting us.

3. Data Sharing and International Transfers

We do not sell your personal data. We only share it with trusted third-party service providers ("processors") who help us operate and improve Lin, always under a strict Data Processing Agreement (DPA).

3.1. Our Processors

We use processors for various functions, including hosting, payment processing, and providing our core AI features. Our key processors include:

  • Cloud Infrastructure & Database: We use providers like Supabase to host our application and your data, with processing configured to take place in Germany.

  • AI & Machine Learning Providers: To power Lin's core intelligence, we use services like Google's Gemini API (configured for EU data residency) and OpenAI. For context and conversation memory, we use providers like Zep.

  • Payment Processing: To securely handle subscriptions, we use Stripe.

  • Transactional Communications: To send essential service emails, we use providers like Resend.

  • Workflow Automation: For internal tools to process job data, we use services like n8n GmbH.

  • Security & Content Delivery: To protect our service, we use providers like Cloudflare.

3.2. International Data Transfer Mechanisms

Some of our processors are located outside the European Union (EU). When we transfer your data to these countries, we ensure it is protected to the same high standard as it is in the EU. We do this by relying on:

  • Adequacy Decisions: A formal decision by the European Commission that a country provides an adequate level of data protection.

  • Standard Contractual Clauses (SCCs): Legal contracts approved by the European Commission that impose EU-level data protection obligations on the data recipient. We conduct a Transfer Impact Assessment (TIA) for these transfers.

  • The EU-U.S. Data Privacy Framework (DPF): For transfers to certified U.S. companies.

4. Your Data Protection Rights

As a user, you have comprehensive rights under the GDPR.

  • Right to Access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.

  • Right to Rectification (Art. 16 GDPR): You can ask us to correct any inaccurate data or complete any incomplete data.

  • Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You can request that we delete your personal data, subject to certain exceptions (e.g., if we are required by law to retain it).

  • Right to Restriction of Processing (Art. 18 GDPR): You can ask us to temporarily stop processing your data in certain circumstances.

  • Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format to transfer it to another service.

  • Right to Withdraw Consent (Art. 7(3) GDPR): Where we process data based on your consent, you can withdraw it at any time.

  • Right to Object (Art. 21 GDPR): You have the right to object to our processing of your data based on legitimate interests. You have an absolute right to object to processing for direct marketing.

How to Exercise Your Rights: You can exercise these rights at any time by contacting us at contact@beazy.co. You can also delete your account directly from the application settings (if available).

Right to Lodge a Complaint (Art. 77 GDPR): If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority or our lead authority in Berlin.

5. Data Security and Retention

5.1. Security Measures

We take the security of your data very seriously. We implement appropriate technical and organisational measures, such as encryption of data at rest and in transit, strict access controls, and regular security reviews, to protect your data from unauthorised access, loss, or destruction.

5.2. Data Retention

We store your personal data only for as long as it is necessary for the purpose for which it was collected.

  • Account & Profile Data: Retained for as long as your account is active. Upon account deletion, this data is permanently deleted from our active systems.

  • Financial Records: Invoices and payment data are retained for 10 years after the end of the calendar year of the transaction, as required by German tax law (§ 147 AO, § 257 HGB).

  • Anonymised Data: We may retain and use anonymised or aggregated data indefinitely for research and service improvement, as this data no longer identifies you.

6. Cookies and Communications

6.1. Cookies

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst's server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent

  • Your anonymised IP address

  • Information about your Browser

  • Information about your Device

  • The date and time you have visited our website

  • The webpage url where you saved or updated your consent preferences

  • The approximate location of the user that saved their consent preference

  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

6.2. Communications

  • Service Emails: We will send you essential transactional emails related to your account, billing, and security.

  • Newsletter: We will only send you marketing newsletters if you have explicitly opted in (consented). You can unsubscribe at any time using the link in every email.

7. Other Important Information

7.1. Minors

Our Service is intended for freelance professionals and is not directed at individuals under the age of 16. We do not knowingly collect data from children.

7.2. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Service or legal requirements. We will notify you of any material changes and indicate the date of the last update at the top of this page.

7.3. Contact Us

If you have any questions about this Privacy Policy or our data practices, please do not hesitate to contact us at contact@beazy.co.