Privacy Policy

Last updated: February 2026 · Deutsch

1. Data Controller

Nextaim GmbH
Steinerstraße 15
81369 München, Germany
Email: hello@noirdoc.de

2. Overview

Noirdoc is a privacy-compliant pseudonymization proxy for AI integrations. The service detects personal and business-critical data in requests to AI models, replaces them with placeholders, and restores the original data in the response. Noirdoc is available as a Managed Service (hosted in Germany) or self-hosted on your own infrastructure.

3. Data Processing in the Service

3.1 Managed Service

When using the Managed Service, API requests are routed through our servers in Germany. The following data is processed:

  • Pseudonymization — Personal data (names, email addresses, phone numbers, IBANs) and business-critical data (company names, locations, tax IDs, URLs) are detected and replaced with placeholders before the request is forwarded to the AI provider.
  • Session mapping — The mapping table between placeholders and original data is held in memory for the duration of the session and deleted afterwards.
  • Audit log — Request metadata (timestamp, tenant ID, number of detected fields) is logged. The content of requests is not permanently stored.

3.2 Self-Hosted

In self-hosted installations, Noirdoc processes data exclusively on your own infrastructure. Nextaim GmbH has no access to your data.

4. Data Processing on the Website

Our website (noirdoc.de) uses Umami, a self-hosted analytics tool, to collect anonymized page view statistics. Umami:

  • Does not use cookies
  • Does not collect personal data
  • Anonymizes IP addresses
  • Only tracks page views and referrers
  • Is hosted on our own infrastructure (nxt-umami.up.railway.app)

The processing of personal data is based on:

  • Art. 6(1)(b) GDPR — Performance of a contract (provision of the Noirdoc service)
  • Art. 6(1)(f) GDPR — Legitimate interest (website analytics, IT security)

6. Data Processing Agreement

For the Managed Service, we enter into a Data Processing Agreement (DPA) with our customers in accordance with Art. 28 GDPR. For DPA inquiries, please contact hello@noirdoc.de.

7. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Access — You may request information about your personal data stored with us.
  • Rectification — You may request correction of inaccurate data.
  • Erasure — You may request deletion of your data.
  • Restriction — You may request restriction of processing.
  • Data portability — You may request your data in a portable format.
  • Objection — You may object to the processing of your data.

To exercise any of these rights, contact us at hello@noirdoc.de.

You also have the right to lodge a complaint with the competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
www.lda.bayern.de

8. Third-Party Services

  • Website hosting — Vercel Inc. (static hosting, no access to user content)
  • Analytics — Umami (self-hosted, see section 4)
  • AI providers — Requests are forwarded to the AI provider configured by the customer. Only pseudonymized data is transmitted.

9. Cookies

Our website does not use tracking cookies. Umami is a cookie-free analytics solution. No data is stored in your browser.

10. Contact

For questions about this Privacy Policy or your data, contact us at hello@noirdoc.de.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page.