Privacy Policy

Effective: May 8, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

JQuad OHG
Josephsplatz 8
90403 Nuremberg, Germany
Email: info@jquad.de
Phone: +49 176 24079008

2. Overview of Data Processing

We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly occurs only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal provisions.

3. JQuad AI Assistant (Outlook Add-in)

Our Outlook add-in "JQuad AI Assistant" processes the following personal data when a user uses the add-in:

a) Email Content for Processing

• Data processed: Subject, sender, recipient, body text, attachments and metadata of the currently selected email
• Purpose: Provision of AI-powered features (email classification, summarization, reply suggestions, task extraction)
• Legal basis: Contract performance (Art. 6 (1) lit. b GDPR) — data processing is necessary to provide the service requested by the user
• Storage duration: Email content is not stored permanently. Processing occurs in real-time and data is deleted immediately after the request is completed.

b) Authentication Data

• Data processed: Email address, name, user ID (via Microsoft Azure AD / Keycloak)
• Purpose: Authentication and authorization of users, session management
• Legal basis: Contract performance (Art. 6 (1) lit. b GDPR)
• Storage duration: Authentication data is stored in our identity provider (Keycloak) as long as the user has an active account. Session data (JWT tokens) have a limited validity period.

c) Microsoft Graph API

• Data processed: Calendar data, file access (OneDrive/SharePoint) — only when the user actively uses these features
• Purpose: Downloading and analyzing email attachments, creating calendar events
• Legal basis: Consent (Art. 6 (1) lit. a GDPR) — the user grants consent via the Microsoft OAuth dialog
• Storage duration: Graph access tokens are stored temporarily in the browser and automatically deleted upon expiration

4. Server Infrastructure

Our server infrastructure is located within the European Union (Germany). Data processing takes place on our own Kubernetes clusters in German data centers. No data is transferred to third countries.

5. Use of Cookies

Our website and Outlook add-in use the following types of cookies and local storage mechanisms:

• Authentication cookies/tokens: Storage of session data (JWT tokens) in the browser's localStorage to maintain the user session. This data is strictly necessary for the add-in to function.
• MSAL cookies: The Microsoft Authentication Library (MSAL) stores authentication data in localStorage to enable sign-in to Microsoft services.

These storage mechanisms are technically necessary and are not used for tracking or advertising purposes.

6. AI Processing (Large Language Models)

AI-powered processing of email content is performed using our own self-hosted AI models on our infrastructure in Germany. Email content is not transmitted to external AI services (such as OpenAI, Google, etc.). Processing takes place exclusively on our own servers.

7. Logging

Each time our website is accessed, the server automatically collects information and stores it in server log files:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of server request
• IP address (truncated)

This data is not merged with other data sources. The legal basis for data processing is Art. 6 (1) lit. f GDPR.

8. Your Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact: info@jquad.de

9. SSL Encryption

This site uses SSL encryption for security and to protect the transmission of confidential content. You can recognize an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the lock symbol in your browser bar.

10. Changes to the Privacy Policy

We reserve the right to adjust this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The new privacy policy will apply on your next visit.

11. Data Protection Officer

Questions for the data protection officer should be directed to:
info@jquad.de

← Back to homepage