Terms & Legal Notices

Privacy Policy

At Langdock, the protection of the confidentiality, integrity, and availability of your data is our highest priority. With this Privacy Notice, we inform you about the nature, scope, and purposes of the processing of personal data in connection with the use of our website at langdock.com, the Langdock platform at app.langdock.com, the mobile Langdock app, and our social media presence, to the extent that we are the controller for such data processing.

If you have any questions about data protection or our data processing practices, please feel free to contact us at any time at support@langdock.com.

1. Controller, Contact Information, and Data Protection Officer

The controller within the meaning of the GDPR for the data processing described in this Privacy Notice is:

Langdock GmbH (“Langdock” or “We”)
Greifswalder Str. 212
10405 Berlin
Email: support@langdock.com

We have appointed an external data protection officer. Our data protection officer is:

heyData GmbH
Schützenstraße 5
10117 Berlin
Email: datenschutz@heydata.eu

2. What Data We Collect and Why

a. Visiting Our Website (langdock.com)

When you visit our website, our servers automatically process certain technical data (server log files) in order to establish a seamless connection and ensure convenient use of our website:

IP address of the device from which our website is accessed
Date and time of access
URL accessed and, where applicable, the URL from which our website was accessed (referrer)
Device type, browser type, browser version, and operating system
Amount of data transferred and HTTP status code
Error messages or session-specific information, where applicable, particularly when errors occur

The purpose of this processing is to operate, secure, stabilize, and further develop our website, as well as to detect and prevent attacks. The data is used in particular to display website content in the correct language and to ensure proper rendering on your device. The legal basis for this processing is our legitimate interest in the uninterrupted provision of the website (Art. 6 (1) (f) GDPR). Server log files are deleted at regular intervals.

b. Registration for the Langdock Platform (app.langdock.com)

To use the Langdock platform (including during the free trial period), creating a user account is required. In this context, we process:

First and last name
Email address
Mobile phone number
Company name and job title, where applicable
Profile picture, where applicable (voluntary)
Date and time of registration
IP address at the time of registration
Authentication data when using single sign-on, where applicable (e.g., Microsoft Entra ID, Google Workspace)
For paid subscriptions: address data, payment data, and additional data that you provide during the registration process (e.g., a promo code)

The purpose of this processing is to provide and manage your user account on the Langdock platform and to authenticate users. In addition, we may use this data to detect and prevent misuse of our services and fraud, in particular to prevent multiple registrations or spam. The legal basis for this processing is the performance of a contract (Art. 6 (1) (b) GDPR) and our legitimate interest in preventing misuse of our services (Art. 6 (1) (f) GDPR). We delete your user account and associated data upon request or no later than within 30 days after termination of the contractual relationship, unless statutory retention obligations apply.

c. Contact Inquiries and Support

When you contact us through one of our communication or support channels (e.g., by email, contact form, chat, or, where applicable, enterprise messaging services such as Slack or Microsoft Teams), we use the personal data you provide (in particular contact and communication data) to respond to your inquiry. Such data may include:

First and last name
Contact details (e.g., email address, mobile phone number)
Company name and job title, where applicable
Content of your message and any attachments, where applicable

The purpose of this processing is to handle your inquiry and communicate with you. The legal basis for this processing is the performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR) and our legitimate interest in responding to inquiries (Art. 6 (1) (f) GDPR). We delete this data after the expiration of the statutory retention periods for business communications.

Following the completion of contact and support inquiries, we send automated short satisfaction surveys by email in order to measure and continuously improve the quality of our customer service. Participation in these surveys is voluntary. You may object to receiving such surveys at any time by sending an email to support@langdock.com. The legal basis for this processing is our legitimate interest in quality assurance and improvement of our support (Art. 6 (1) (f) GDPR).

d. Billing and Payment

Payment processing is handled by the payment service provider Stripe (https://stripe.com/privacy). We therefore do not store any payment data such as credit card or account numbers ourselves. For billing purposes, we store:

Company name and address data
First and last name of the contact person
Contact details for invoice delivery (e.g., email address)
Subscription ID assigned by Stripe
Information on booking history and invoices
Information on payment status

The purpose of this processing is billing and payment processing. The legal basis for this processing is the performance of a contract (Art. 6 (1) (b) GDPR). We delete this data after the expiration of the statutory commercial and tax law retention periods, typically after 10 years.

e. Email Communications and Newsletter

We occasionally send information about new features, tips and tricks for using the Langdock platform, and other company news to users, administrators, and interested parties. We distinguish between three types of communication that serve different purposes and are based on different legal bases.

When you actively subscribe to our newsletter, we process:

First and last name
Email address
Date and time of subscription
IP address of the device from which the subscription was made

The purpose of this processing is to send our newsletter. The legal basis for this processing is your consent (Art. 6 (1) (a) GDPR). You may object to receiving further newsletters at any time by sending an email to support@langdock.com or by clicking the opt-out link in the email; this does not affect the lawfulness of processing carried out prior to the withdrawal. We store this data for as long as you are subscribed to our newsletter. We retain the documentation of your consent for evidentiary purposes for up to two years after you unsubscribe.

When you register as a user on the Langdock platform, we may use your email address to send you messages about new products, features, or functionalities of Langdock, provided you have not objected. The purpose of this processing is to send you relevant product updates. The legal basis for this processing is our legitimate interest in communicating with existing customers (Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) of the German Unfair Competition Act (UWG)). You may object to this use at any time by sending an email to support@langdock.com or by clicking the opt-out link in the email, without incurring any costs other than transmission costs at basic rates.

We inform administrators of Langdock workspaces about technical changes to the platform that are relevant to the operation of their workspace (e.g., changes to interfaces, security updates, or data protection-related settings). The legal basis for this processing is our legitimate interest in properly informing those technically responsible about relevant settings, as well as in the security of the workspace users (Art. 6 (1) (f) GDPR). You may object to receiving further newsletters at any time by sending an email to support@langdock.com or by clicking the opt-out link in the email; this does not affect the lawfulness of processing carried out prior to the withdrawal. We delete this data as soon as the underlying workspace is deleted.

f. Participation in Phone Calls, Video Calls, or Webinars

When you speak with us by phone or participate in a digital meeting with us (e.g., video call, webinar), we use your personal data (in particular contact and communication data) to communicate with you. To the extent you have consented, we may in some cases also record the content of the communication (e.g., to share the recording of a webinar with you afterward) or have the communication automatically analyzed by transcription tools to document outcomes and to ensure the quality and continuity of our customer support. You may request that we stop or delete a recording at any time.

The purpose of this processing is to conduct conversations or meetings within the scope of our business relationship. The legal basis for this processing is the performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR) and our legitimate interest in business communications (Art. 6 (1) (f) GDPR). With respect to recordings, the legal basis is your consent (Art. 6 (1) (a) GDPR). We delete any recordings once their purpose has been fulfilled.

g. Use of the Langdock Platform (app.langdock.com)

When you use the Langdock platform as a user within a workspace (e.g., for chats or workflows), Langdock processes your data solely as a processor. This means that the respective company providing you with the workspace (typically your employer, not Langdock) is the controller responsible for your data under data protection law. The basis for this is the data processing agreement entered into between Langdock and the company.

Your content (e.g., chats and projects) is processed by us exclusively for the purpose of providing the contracted services. We are obligated under the data processing agreement not to use the content for any other purpose. Your data is not used for training AI models.

Independently of the content data, Langdock collects anonymized telemetry data and aggregated usage statistics as a controller in order to detect errors early, ensure the operation of the platform, and further develop it. This includes:

Access and load times of individual features
Error messages and technical events
Aggregated usage frequencies (e.g., how often certain features are used)

This data does not allow any conclusions to be drawn about individual persons. The purpose of this processing is to ensure stable operations and the continued development of the platform. Telemetry data helps us detect and resolve errors or disruptions on the platform in a timely manner. Usage statistics provide us with the basis for targeted further development of the platform and improvement of the user experience. This data never contains personal data.

h. Use of the Mobile Langdock App

When you use our mobile app on your phone, additional data (e.g., during download) may be transmitted to the operator of the app store from which you download our app (e.g., Apple, Google). Please review their privacy notices for more details. In all other respects, our privacy notice for the Langdock platform also applies to the use of our mobile app.

i. Participation in the Partner Program

If you participate in our partner or affiliate program, we process certain personal data for the administration and management of the partnership. The data processed includes in particular:

First and last name of the contact person
Contact details (e.g., email address, mobile phone number)
Address data
Bank details or other payment data for the settlement of commissions
Additional data that you provide during the registration process, where applicable (e.g., a promo code)

The purpose of this processing is to operate our partner program and settle commissions. The legal basis for this processing is the performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR) and our legitimate interest in the efficient administration of our partner program (Art. 6 (1) (f) GDPR). We delete this data after the end of the partnership, once the statutory commercial and tax law retention periods have expired, typically after 10 years.

j. Social Media Presence

We maintain a presence on various social media platforms (YouTube, LinkedIn, and X). When you contact us through these social media channels (e.g., via direct message), we use your personal data (in particular contact and communication data) to communicate with you. In this context, we process the following data:

First and last name or username
Contact details (e.g., email address, mobile phone number)
Company name and job title, where applicable
Content of the message

The purpose of this processing is to communicate with you. The legal basis for this processing is the performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR) and our legitimate interest in public corporate communications (Art. 6 (1) (f) GDPR). We delete this data after the expiration of the statutory retention periods for business communications.

For our social media channels, the platform operators provide us with aggregated statistical data on the use of our channels (so-called insights). According to the case law of the Court of Justice of the European Union, we are jointly responsible with the respective platform operator for this processing. We use insights exclusively in aggregated, non-personal form to further develop our communications.

For all further data processing by social media platforms, in particular the processing of your profile and usage data, the respective operators are solely responsible. You can find their privacy policies here:

LinkedIn: www.linkedin.com/legal/privacy-policy
YouTube (Google): policies.google.com/privacy
X: www.x.com/privacy

k. Job Applications at Langdock

When you apply for a position with us, we process the personal data that you provide to us as part of your application. This includes in particular:

First and last name
Contact details (e.g., email address, phone number, postal address)
Application documents (e.g., cover letter, resume, references, certificates)
Information about your professional background, qualifications, and skills
Salary expectations, availability, and desired start date
Notes from interviews and information that you share with us during the application process

The purpose of this processing is to conduct the application process, in particular to assess your suitability for the advertised position, to communicate with you, and to decide on establishing an employment relationship. The legal basis for this processing is pre-contractual measures (Art. 6 (1) (b) GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (BDSG)). If no employment relationship is established, we delete your application documents six months after the end of the application process. The legal basis for this retention is our legitimate interest in maintaining records of the proper conduct of the application process to defend our rights (Art. 6 (1) (f) GDPR).

3. How We Process Data

a. Security

We employ comprehensive technical and organizational security measures to protect your data. Our security measures include encryption of data at rest and in transit, regular security audits, and strict access controls to ensure that only authorized personnel can access personal data. A detailed description of our security architecture can be found on our security page and in our Trust Center.

b. Processors and Third Parties

We engage carefully selected third-party providers who process personal data on our behalf. These third-party providers operate on the basis of a data processing agreement with us, which prohibits them from using the data for their own purposes and obligates them to comply with the high European data protection standards.

The processors used in the Langdock platform can be found in our list of sub-processors in our Trust Center.

For our own processing, we use third-party providers in the following areas in particular:

Cloud and infrastructure providers (e.g., Microsoft)
Email and communication services (e.g., Google) as well as video and webinar platforms
Payment providers (e.g., Stripe) and accounting/tax tools
Error tracking, ticketing, and support systems
Product and usage analytics systems
Security and compliance auditing services as well as fraud detection
Sales systems and customer relationship management
Service providers for newsletter delivery and email verification
Applicant tracking software

To protect our legal and economic interests, we work with external advisors (e.g., lawyers, tax advisors). These advisors are subject to statutory or contractual confidentiality obligations and may use transmitted data exclusively for the respective engagement. In the context of a merger, acquisition, or sale, data may also be shared with the prospective or actual acquirer and their advisors. Such disclosure occurs only to the extent necessary and subject to confidentiality obligations. In any case, we ensure that your data remains protected and that your rights under the GDPR continue to apply.

In all other cases, we only disclose data to third parties if we are required to do so by law, court order, or governmental decision and have no legal means to prevent the disclosure. To the extent legally permissible, we inform the data subjects in advance of any such request.

c. International Data Transfers

As a general rule, we process personal data on servers within the European Union. In rare cases, particularly when services are not available in the EU or when you are located outside the EU and contact us, data may be transferred to “third countries” outside the EU or the European Economic Area. Such data transfers only take place if appropriate safeguards for the data transfer under the GDPR have been implemented, meaning that at least one of the following conditions is met:

The European Commission has determined that the respective third country ensures an adequate level of data protection comparable to that of the EU (adequacy decision).
The provider has joined a legal framework that the European Commission has determined provides an adequate level of data protection comparable to that of the EU (e.g., EU-U.S. Data Privacy Framework).
The application of standard contractual clauses provided by the European Commission for the protection of personal data has been agreed upon between the provider and us.

If you have questions about a specific international transfer or would like to receive a copy of the safeguards used (e.g., standard contractual clauses), please feel free to contact us at any time at support@langdock.com.

4. Cookies and Similar Technologies

We use cookies and comparable technologies (e.g., pixels) on our website. Cookies are text files that your browser automatically creates and stores on your device. Some cookies are automatically deleted when you end your browser session. Some cookies remain stored on your device in order to recognize you on your next visit to our website.

On our website, we use technically necessary cookies. These cookies are required for the operation of the website and cannot be disabled. They enable basic functions such as session management, authentication, and security measures. The legal basis is our legitimate interest in the uninterrupted operation of the website (Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) No. 2 of the German Telecommunications-Telemedia Data Protection Act (TDDDG)).

In addition, with your consent, we may use additional cookies, for example to analyze user behavior or for marketing purposes. Whether and which optional cookies we currently use can be seen in our cookie settings, which you can access and adjust at any time via the “Cookies” link in the footer. The legal basis for optional cookies is your consent (Art. 6 (1) (a) GDPR), which you may withdraw at any time with effect for the future.

Regardless of our cookie settings, you can also manage or delete cookies at any time directly through your browser or prevent the storage of cookies altogether. Please note that disabling technically necessary cookies may impair the functionality of the website.

5. Automated Decision-Making and Profiling

To protect against bots, spam, and malicious registrations, we automatically review incoming registrations based on technical signals (e.g., registration patterns, IP reputation data, and behavioral indicators). Registrations that are classified as malicious are automatically blocked or restricted. In individual cases, this processing may constitute a decision with significant effect (Art. 22 GDPR). It is necessary to limit the use of our platform to legitimate users and is carried out on the basis of Art. 22 (2) (a) GDPR as a measure necessary for entering into a contract. If you believe that your registration was blocked in error, you may contact us at support@langdock.com. We will ensure that your concern is reviewed by a human being and will inform you of the outcome.

We do not create personality profiles and do not make any further automated decisions that have legal or similarly significant effects on individuals.

6. Your Rights as a Data Subject

When we process your personal data, you have the following rights under the GDPR, which you may exercise at any time:

Right of access to whether and which personal data we process about you, for what purpose, for how long, and to whom we may disclose it.
Right to rectification of inaccurate or incomplete personal data.
Right to erasure of personal data if the data is no longer needed, you withdraw your consent, or you effectively object to the processing – provided no statutory retention obligations apply.
Right to restriction of processing, e.g., if the processing is unlawful.
Right to data portability in the form of receiving the data you have provided in a structured, machine-readable format, or having it transferred to another controller.
Right to object to processing where the processing is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. This applies, for example, to the use of existing customers’ email addresses for information about new product features.
Right to withdraw consent where the processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Right to human review where we make an automated decision in an individual case.
Right to lodge a complaint with the supervisory authority. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragter für Datenschutz und Informationsfreiheit) (email: mailbox@datenschutz-berlin.de).

7. Changes to This Privacy Policy

We update this Privacy Policy when our services, the legal requirements, or our processing practices change.