Privacy Notice

Last updated: June 2026 · Covers the marketing site business-gym.ai and the app at app.business-gym.ai.

Draft notice: Template draft. Please have your counsel review before going live. Processing in the app is additionally covered by a separate Data Processing Agreement (DPA).

1. Controller

Archibo GmbH · Langen · represented by Managing Director Ziad Iqbal.
Email: privacy@business-gym.ai
Full contact: see Imprint.

2. Data Protection Officer

[External DPO — name, address, email] — to be appointed before launch.

3. General principles

We process personal data of our users only insofar as it is necessary to provide a functional website, our content and our services. Processing is based on consent (Art. 6 (1)(a) GDPR), contract performance (Art. 6 (1)(b)), or legitimate interest (Art. 6 (1)(f)).

4. Hosting & data location

The marketing site is delivered via Azure Front Door / Azure Static Web Apps (Microsoft Ireland Operations Limited). App backend processing happens in the Germany West Central (Frankfurt) Azure region. Data does not leave the EEA.

5. Server logs

When the site is accessed, technically necessary data (e.g. anonymized IP, browser type, date and time, page requested) is logged for a maximum of 14 days (Art. 6 (1)(f) GDPR).

6. Cookies & tracking

We use only technically necessary cookies (storing the language preference). No third-party tracking (e.g. Google Analytics) is used on the marketing site.

7. Contact

If you contact us by email (e.g. hello@business-gym.ai), we process your details to handle the inquiry and any follow-up questions (Art. 6 (1)(b)/(f)). Retention: up to 6 months after closure, unless statutory retention applies.

8. App use (app.business-gym.ai)

When you use the app, you, as the tenant, are the controller per GDPR. We act as processor per Art. 28 GDPR. The DPA is part of the Terms and is presented for acceptance at first login. We do not process your data to train any AI model.

9. Categories of personal data (app)

Account & tenant data (email, name, company info)
Content from connected sources (email, calendar, SharePoint, DATEV — depending on chosen integrations)
Usage and telemetry data (workflows, audit log, cost ledger)
Payment data (processed by Stripe Payments Europe Limited)

10. Sub-processors

Provider	Purpose	Location
Microsoft Ireland Operations Ltd. (Azure)	Hosting, AI models (Azure AI Foundry)	IE / DE
Anthropic, PBC	LLM inference (via Azure Foundry / EU endpoints)	EU/US (DPA)
OpenAI Ireland Ltd.	LLM inference (via Azure Foundry)	IE
Stripe Payments Europe Ltd.	Payment processing	IE
Clerk Inc.	Authentication	US (SCC)
Postmark (ActiveCampaign LLC)	Transactional email	US (SCC)

Current list available on request; updates are announced 30 days in advance in the app.

11. Your rights (Art. 12–23 GDPR)

Access (Art. 15)
Rectification (Art. 16)
Erasure ("right to be forgotten", Art. 17)
Restriction of processing (Art. 18)
Data portability (Art. 20)
Objection (Art. 21)
Withdraw consent at any time (Art. 7 (3))

Requests to privacy@business-gym.ai. We respond within 30 days.

12. Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority — e.g. the Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

13. Changes to this notice

We update this notice when legal or technical changes require. See date above.