Privacy Notice for "WriteUp"

Meta-Level Software AG — As of: July 2026

Meta-Level Software AG takes the protection of your personal data and compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) very seriously. This notice provides you with a detailed overview of how we ensure the confidentiality and integrity of your data in connection with the "WriteUp" service.

1. General Information and Data Controller

The controller responsible for data processing within the meaning of the GDPR is:

AttributeDetails
NameMeta-Level Software AG
AddressLyonerring 1, 66121 Saarbrücken, Germany
Emailinfo@meta-level.de
Websitehttps://meta-level.de

The data protection officer for the data controller is:

AttributeDetails
NameElmar Brachmann
AddressMeta-Level Software AG, Lyonerring 1, 66121 Saarbrücken, Germany
Emaildatenschutz@meta-level.de

For all data protection inquiries related to WriteUp, please use the contact information provided above.

2. General Principles and Applicable Law

The operation of the WriteUp website and the provision of related services are governed exclusively by German law and the provisions of the GDPR.

WriteUp's offerings are primarily geared toward the German and European markets.

3. Principle of Data Minimization: Collected Data

WriteUp is designed in accordance with the principle of data minimization (Art. 5(1)(c) GDPR). We process only the data that is strictly necessary for technical provision, security, and contract fulfillment:

Note on Account Security: The user is solely responsible for keeping their login credentials confidential. Sharing login credentials with third parties is prohibited.

4. AI-Powered Text Processing by IONOS

The core functionality of WriteUp is based on artificial intelligence for text optimization.

5. Payment Processing via the Reseller Digistore24

WriteUp uses a reseller model for the purchase of subscriptions.

6. Recipients of Personal Data

Recipients of personal data include, in particular, IONOS SE as the hosting and AI infrastructure service provider, and Digistore24 GmbH as the reseller and payment processor. Technical service providers involved in maintenance and support, as well as tax advisors, auditors, and government authorities, may also be recipients of personal data, provided this is required by law. In this regard, Meta-Level Software AG has entered into data processing agreements in accordance with Article 28 of the GDPR, to the extent necessary.

7. Access from Third Countries and International Data Transfers

The WriteUp service is primarily geared toward the German and European markets. The technical infrastructure is located in Germany.

As a general rule, personal data is not transferred to countries outside the EU or the EEA. Therefore, neither adequacy decisions nor other safeguards pursuant to Art. 44 et seq. of the GDPR are currently required.

If users access the service from locations outside the EU/EEA, they do so on their own initiative. In this case, the user is responsible for the associated transfer of device data to Germany.

8. Legal Basis for Processing

The processing of personal data is based on the following articles of the GDPR:

These legitimate interests include, in particular, ensuring the secure and stable operation of the platform, detecting and preventing attempts at misuse and fraud, IT security and system monitoring, error analysis and troubleshooting, as well as the enforcement and defense of legal claims.

9. Data Security (Technical and Organizational Measures)

Meta-Level Software AG implements state-of-the-art technical and organizational security measures to comply with data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.

To protect your data in the "WriteUp" product, we implement comprehensive measures in accordance with Appendix 3 of our technical documentation:

10. Data Subject Rights Under the GDPR

You have the following rights, which you can exercise without bureaucratic hurdles by contacting Meta-Level Software AG:

If processing is based on your consent, you may withdraw it at any time with future effect. The lawfulness of the processing carried out prior to withdrawal remains unaffected.

Right to File a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is the one in your usual place of residence, your place of work, or our company headquarters.

The competent supervisory authority in Saarland is: Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Str. 12
66111 Saarbrücken
Email: poststelle@datenschutz.saarland.de

11. Retention Period and Deletion

Data is deleted as soon as the purpose for which it was stored no longer applies (e.g., upon account deletion). If complete deletion is not possible due to legal retention requirements (e.g., accounting data for Digistore24 transactions), the data will be blocked for further processing or anonymized in accordance with the provisions of our data processing agreement.

Request Content: The text entered by the user into the input fields for AI-supported processing is not stored. These entries are also not logged. Furthermore, the entries are not used to train AI models.

12. Necessity of Providing Personal Data

The provision of data required for registration, authentication, and contract fulfillment is, in part, contractually required. Without this data, a user account cannot be created and the service cannot be provided. There is generally no legal obligation to provide such data, unless commercial or tax law requirements are involved.

13. Automated Decision-Making and Profiling

There is no exclusively automated decision-making, including profiling, within the meaning of Article 22 of the GDPR. The AI-generated text suggestions are intended solely to assist the user and have no legal effect.

14. Final Provisions and Amendments

This privacy policy will be updated in response to technical innovations or legal changes. German law applies exclusively. To the extent permitted by law, Saarbrücken is agreed upon as the exclusive place of jurisdiction for all disputes arising in connection with this policy.

Appendix

Data Protection Impact Assessment (DPIA) for the AI Solution "WriteUp"

1. Introduction

This Data Protection Impact Assessment (DPIA) is conducted in accordance with Article 35 of the GDPR for the "WriteUp" WordPress plugin for AI-powered text optimization and error correction developed by Meta-Level Software AG, hereinafter referred to as the "Provider." The objective is to systematically analyze the risks to data subjects and to define appropriate safeguards.

2. Description of the Processing

The user enters free-form text within a WordPress plugin. The plugin transmits this input for the automated generation of an AI prompt or for processing by a connected AI service. The generated result is then returned to the user's WordPress system, where it is processed exclusively by the user. The Provider cannot rule out the possibility that the user may include personal data in the free-form text.

The plugin provider does not permanently store the entered text or the generated results. There is no logging of the entries. Processing occurs only temporarily, to the extent technically necessary for transmission and generation.

The provider processes only the data necessary for user and license management, in particular the user's email address and the associated license information. This data is not combined with the text entries processed via the plugin.

3. Necessity and Proportionality

Processing is carried out to enable efficient text generation and to minimize the effort required for manual writing. Proportionality is ensured, as only data provided by the user is processed. It is the user's responsibility to ensure that they possess all rights to use and process the data they provide.

4. Assessment of Risks to the Rights and Freedoms of Data Subjects

Potential risks:

Risk Mitigation Measures:

5. Conclusion

An assessment concludes that the processing is GDPR-compliant and involves a reasonable risk to personal data, as the data transferred to the AI is neither used for its training nor are the prompts stored; therefore, no loss of control and no restriction of the rights of data subjects or their ability to exercise those rights is to be expected. Likewise, no profiling or bulk processing takes place.

The data protection impact assessment is regularly reviewed and updated.