Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller responsible for data processing on this website is:

Ruhrstadt Immobilien Service GmbH
Fahim Halamzie (Managing Director)
Kettwiger Str. 23
45127 Essen, Germany
Email: support@autoriax.com

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Art. 6(1)(a) GDPR — Consent: Where you have given explicit consent for specific processing purposes.
  • Art. 6(1)(b) GDPR — Contract performance: Where processing is necessary for the performance of a contract or pre-contractual measures.
  • Art. 6(1)(f) GDPR — Legitimate interest: Where processing is necessary for our legitimate interests, such as providing and improving the service, and ensuring IT security.

3. Data We Collect

We collect and process the following categories of personal data:

  • Account data: Email address, name, password (hashed)
  • Website data: URLs you provide for content research
  • Usage data: Pages visited, features used, generated content
  • Payment data: Processed by Paddle (Merchant of Record) — we do not store card numbers
  • Server log files: IP address (anonymized), browser type, operating system, referrer URL, access time

4. How We Use Your Data

We use your data to provide the Autoriax service, improve our product, ensure IT security, and communicate with you about your account. We do not sell your data or use your content to train AI models.

5. Consent Management and Tracking

This website uses a cookie consent banner based on Google Consent Mode v2 technology. Analytics and marketing services are only activated after your explicit consent. Without your consent, no tracking cookies are set and no personal data is transmitted to third-party providers. You can withdraw your consent at any time via the cookie banner.

You can reset your cookie settings at any time:

Legal basis: Art. 6(1)(a) GDPR (consent).

Google Tag Manager (GTM)

This website uses Google Tag Manager (Container ID: GTM-WWD7F9F3) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager itself does not store cookies and does not collect personal data. It serves as a management interface for triggering other tags, which may collect data. The services described below are loaded exclusively after your consent via the Tag Manager.

Google Analytics 4 (GA4)

This website uses Google Analytics 4, a web analytics service by Google Ireland Limited. Google Analytics uses cookies to analyze your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The service is loaded via Google Tag Manager and only activated after your consent.

We use IP anonymization so that your IP address is truncated by Google within the EU/EEA. Data transfer to the USA is based on the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent). More information: Google Privacy Policy.

Meta Pixel (Facebook)

This website uses Meta Pixel by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. Meta Pixel enables tracking user behavior after they clicked on a Facebook ad and were redirected to our website. The service is loaded via Google Tag Manager and only activated after your consent.

The collected data is anonymous to us. The data is stored and processed by Meta and may be linked to your Facebook profile. Data transfer to the USA is based on the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent). More information: Meta Privacy Policy.

Microsoft Clarity

This website uses Microsoft Clarity by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Clarity is a behavioral analytics tool that uses session recordings and heatmaps to help understand website usage. The service is loaded via Google Tag Manager and only activated after your consent.

Microsoft Clarity stores and processes this information. Data may be transferred to the USA.

Legal basis: Art. 6(1)(a) GDPR (consent). More information: Microsoft Privacy Statement.

6. Data Storage and Hosting

All data is stored on EU-based servers. Credentials are encrypted using industry-standard encryption. The website is hosted via Cloudflare, which may process technical data (IP address, browser information) during page requests. For details, see the Cloudflare Privacy Policy.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law. Account data is deleted within 30 days of account deletion, unless legal retention obligations apply.

8. Third-Party Services

We use the following third-party services for providing our platform:

  • Paddle: Payment processing as Merchant of Record (PCI-DSS certified). See Paddle Privacy Policy.
  • OpenRouter / AI providers: Content generation. No personal data is transmitted to AI providers — only the content you provide for processing.
  • Cloudflare: CDN and hosting infrastructure.
  • Google Search Console (optional): If you connect your Google account, see Section 9 below for the specific data accessed and how it is used.

9. Google Search Console Integration (optional)

Autoriax offers an optional integration with Google Search Console. The integration is off by default and only activates when you explicitly click "Connect Google Search Console" inside the application and grant access on Google's consent screen.

Scope requested: https://www.googleapis.com/auth/webmasters.readonly (read-only).

Data accessed from Google:

  • The list of Search Console properties (sites) you own or have access to, so you can pick which one Autoriax should track.
  • Aggregated search performance for that site over the last 28 days: clicks, impressions, click-through rate, average position, and the search queries your pages rank for.
  • Your Google account email address, used solely to display which account is connected.

What we store on our EU-based servers:

  • An encrypted Google OAuth refresh token (Fernet symmetric encryption, server-side key). This token allows Autoriax to refresh access without re-prompting you.
  • The connected Google account email and the selected Search Console site URL.
  • A 28-day rolling cache of the performance metrics listed above, deduplicated per page/query/day.

How we use this data: Solely to display search performance metrics inside your Autoriax dashboard, alongside the content you generate, so you can see how your published content ranks. We do not sell, share, or transfer this data to any third party. We do not use it to train AI models, build advertising profiles, or any purpose unrelated to the Autoriax dashboard feature you connected it for.

How to revoke access:

  • Click "Disconnect" in Settings → Results inside Autoriax. We immediately delete the encrypted refresh token and all cached performance data for your organization.
  • Or revoke at any time at myaccount.google.com/permissions.

Legal basis: Art. 6(1)(a) GDPR (your explicit consent given at the OAuth screen).

Autoriax's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request information about your stored personal data.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to legal retention requirements.
  • Right to restrict processing (Art. 18 GDPR): You may request that processing of your data be restricted.
  • Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to the processing of your data based on legitimate interest.
  • Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any given consent at any time with future effect.
  • Right to lodge a complaint (Art. 77 GDPR): You may file a complaint with a data protection supervisory authority.

11. SSL/TLS Encryption

This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content. You can recognize an encrypted connection by the "https://" prefix in the browser address bar and the lock icon.

12. Contact

For privacy-related inquiries or to exercise your rights, please contact us at:
Email: support@autoriax.com