heydexter.io
Privacy

Privacy policy

How we process personal data when you use heydexter.io (a product of Strukturwerk GbR).

1. Introduction

We take the protection of your personal data seriously. This privacy policy explains the nature, scope and purpose of processing when you use our online service heydexter.io and related features (e.g. account, AI assistants, messenger integration).

Personal data means any information relating to an identified or identifiable natural person.

2. Controller

Controller within the meaning of the GDPR is Strukturwerk GbR, [insert address], Germany. Email: kontakt@strukturwerk.de Phone: +49 (0) 211 31020944

If you use a customer account, you may also contact us via the email address stored in your account to exercise your rights.

3. Hosting and infrastructure

The website and application are operated on servers within the European Union. Personal data is processed and stored in databases (PostgreSQL) and caches (Redis) as required to provide the service.

Where hosting and infrastructure providers process data on our behalf, we use data processing agreements pursuant to Art. 28 GDPR.

4. Data we process

Registration and account: e.g. name, email address, password (hashed), optional company details, registration timestamp. Platform use: e.g. assistant configuration, API key metadata, token/usage statistics, technical logs, timestamps.

Messengers and WhatsApp Business: message content (text, media), phone numbers / messenger IDs, routing data needed to deliver and operate assistants.

Payments: payment and billing data are processed via our payment provider; we typically store transaction references and invoice data.

Email: transactional emails (e.g. registration, security notices) may be sent via an email service provider.

5. Purposes and legal bases

Contract performance and pre-contractual steps (Art. 6 (1)(b) GDPR): providing heydexter.io, user account, billing, technical support.

Consent (Art. 6 (1)(a) GDPR): where we offer features that require consent (e.g. certain AI processing or marketing — if and when offered). You may withdraw consent with future effect.

Legitimate interests (Art. 6 (1)(f) GDPR): operation, IT security, abuse and error analysis (e.g. via an error tracking tool), improving stability and quality; our interest is secure and reliable operation.

Legal obligations (Art. 6 (1)(c) GDPR): e.g. retention of accounting records under commercial and tax law.

6. Recipients and transfers to third countries

We use selected processors to deliver our service. If data is transferred outside the EU/EEA, we rely — where required — on appropriate safeguards (in particular EU Standard Contractual Clauses) and any supplementary measures.

6.1 Payments (Stripe)

We use Stripe for payments and subscription operations. The operator is Stripe Payments Europe, Ltd. (Ireland) and, where applicable, Stripe, Inc. (USA) as a technical recipient. See Stripe’s privacy information: https://stripe.com/privacy

6.2 AI processing (Anthropic)

To process conversations and requests, content may be transmitted to Anthropic PBC (USA). This may involve a third-country transfer; we rely on appropriate safeguards (e.g. Standard Contractual Clauses). More information: https://www.anthropic.com/privacy

6.3 Meta / WhatsApp Business Platform

If you use WhatsApp as a channel, Meta Platforms Technologies Limited (and related Meta companies) provide the WhatsApp Business Platform. Meta processes data under its own terms and policies. See https://www.whatsapp.com/legal/business-policy and https://www.facebook.com/privacy/policy/

6.4 Email delivery (Resend)

Transactional emails may be sent via Resend, Inc. (USA). A third-country transfer may occur; appropriate safeguards are used. See https://resend.com/legal/privacy-policy

6.5 Error monitoring (Sentry)

We may use Sentry (Functional Software, Inc., USA) to detect and fix technical errors. Limited technical data and error context may be transferred. A third-country transfer may occur; appropriate safeguards are used. See https://sentry.io/privacy/

6.6 Google Places / Maps Platform

For search, place and map features, data may be sent to Google (Google Ireland Limited, Ireland) when you use those features. See https://policies.google.com/privacy

6.7 Remote browser (Steel Browser)

Where features use an external browser service (“Steel Browser”), URLs and technical metadata may be transmitted to that provider as necessary to provide the feature.

7. Cookies and similar technologies

We use cookies and local storage where technically necessary (e.g. login/locale). We do not use cookies for advertising profiling.

8. Storage duration

We store personal data only as long as necessary for the respective purposes or where legal retention obligations apply.

After contract termination or account deletion we typically delete or anonymise data within 30 days unless longer retention is required. Accounting and tax records may be stored for up to 10 years (German law: §§ 147 AO, 257 HGB).

9. Your rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and to object to certain processing (Art. 21 GDPR). Where processing is based on consent, you may withdraw consent with future effect.

To exercise your rights, contact kontakt@strukturwerk.de. You also have the right to lodge a complaint with a supervisory authority. The competent authority depends on your residence or the controller’s seat.

10. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).

11. Data deletion and account deletion (instructions)

You may request deletion of your personal data where no statutory retention obligations prevent this. Below we explain how to delete an account and related data on heydexter.io — including in connection with messenger/Meta services.

Option A: Via your user account

Sign in at https://heydexter.io/auth/login, open “Dashboard” → “Settings” (https://heydexter.io/dashboard/einstellungen) and use the account deletion function or follow the on-screen steps for data deletion.

Option B: By email

Email kontakt@strukturwerk.de with subject “Datenlöschung heydexter.io”. Please include the email address used for registration and — if applicable — the WhatsApp number linked to your assistant including country code, or other clear context so we can identify your account.

We typically acknowledge receipt within a few business days and complete deletion or anonymisation within 30 days. Backups may retain residual information for up to 90 days for technical reasons before being overwritten.

Deleted data typically includes your account, profile and configuration data, assistant configurations, and related messenger/chat data in our systems, where legally permissible.

Excluded from deletion may be invoice and accounting records that must be retained (typically up to 10 years). Deletion on Meta/WhatsApp itself is governed solely by Meta’s tools and policies; we delete connection data stored with us as described in this section.

For Meta Business “Data Deletion Instructions URL”, use https://heydexter.io/datenschutz#datenloeschung (as of May 2026).

12. Changes to this privacy policy

We may update this privacy policy if legal requirements or our service change. The current version is always available on this page.

Note: This statement does not replace individual legal advice. The controller’s mandatory details (full address) must be completed once the final address of Strukturwerk GbR is available.

Terms