TROODLE
TROODLE
Powered by zappmedia
  • 中文
  • Čeština
  • Deutsch
  • English
  • Español
  • Français
  • Italiano
  • 日本語
  • Magyar
  • Nederlands
  • Polski
  • Português
  • Svenska

Privacy Policy

Last updated: 2026-02-18

1. Controller

zappmedia GmbH

Hohe Ähren 8b, 14195 Berlin, Germany

Email: datenschutz@zappmedia.de

Web: canary.zappmedia.io

2. Purposes and legal bases

We process personal data only to the extent required to provide and optimize this website, respond to your requests, and provide the optional AI-assisted PDF↔XML comparison in Canary.

  • Art. 6(1)(b) GDPR (contract / pre-contractual steps) – e.g. when you contact us
  • Art. 6(1)(f) GDPR (legitimate interest) – e.g. technical operation/security

3. Server log files

When you access the website, our server automatically processes, among other things, IP address, date/time, requested URL, referrer, browser/OS. This data is used for technical security and error analysis and is deleted after a short period of time. It is not attributed to individual persons.

4. Cookies and local storage

We currently do not use a consent banner and do not set non-essential tracking or advertising cookies. We only use technically required cookies and browser-side storage mechanisms (e.g., local storage for language, theme, and check settings). Legal basis: Art. 6(1)(f) GDPR (technical operation and secure service delivery).

5. Use of artificial intelligence (Mistral AI) for PDF↔XML comparison

For optional AI-assisted checks of Factur-X/ZUGFeRD invoices, we transmit the visual PDF component to Mistral AI SAS, 15 rue des Halles, 75001 Paris, France. AI supports structured interpretation of PDF content so deviations from the embedded XML can be identified and displayed in the check result. The AI check can be disabled. No automated decision-making under Art. 22 GDPR takes place.

Depending on invoice content, processed data may include names, addresses, contact data, company names with personal reference, bank data, tax/VAT IDs, invoice/customer/order data, and free-text fields. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in detecting deviations and manipulation risks).

6. Data processing agreement, processing location, and retention (Mistral AI)

A data processing agreement under Art. 28 GDPR is in place with Mistral AI. Under commercial terms, Customer Content is not used for model training by default; exceptions may apply in cases such as active feedback, moderation/abuse handling, or a separate agreement. According to provider information, standard hosting is in the EU; depending on used features, temporary transfers to subprocessors outside the EU/EEA may occur (Art. 46 GDPR, e.g., SCCs). Retention periods follow the provider’s applicable policies.

7. Contact

If you contact us by email or form, we process the information exclusively to handle your request and delete it once the purpose no longer applies or statutory retention obligations end. Legal basis: Art. 6(1)(b) GDPR.

8. Storage duration

We store personal data only as long as necessary for the stated purposes or as required by law; afterwards it is deleted or anonymized.

9. Your rights

You have the right of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consents given. You also have the right to lodge a complaint with a data protection supervisory authority. Contact: datenschutz@zappmedia.de.

10. Changes

We adapt this privacy policy if this is legally or technically necessary. The version published here applies.