Skip to content

Imprint and privacy.

Legal information for the awedit platform, operated under the sumthink brand by Die Quadratur UG (haftungsbeschränkt).

Last updated: 6 July 2026

This English translation is provided for convenience. In case of any discrepancy, the German version on this page prevails.

Imprint

Information pursuant to § 5 TMG (German Telemedia Act)

Die Quadratur UG (haftungsbeschränkt)

Sierichstraße 120

22299 Hamburg

Deutschland

Commercial register

Amtsgericht Hamburg, HRB 169218

Represented by

Managing Director: Christian Durlej

Responsible for content pursuant to § 18 (2) MStV

Christian Durlej, address as above

Online dispute resolution

The European Commission provides a platform for online dispute resolution (ODR). You can reach it at: https://ec.europa.eu/consumers/odr.

Consumer dispute resolution

We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Liability for content

The contents of these pages have been prepared with the greatest possible care. However, we assume no liability for the accuracy, completeness or timeliness of the content. As a service provider, we are responsible for our own content on these pages under § 7 (1) TMG in accordance with general laws. Under §§ 8 to 10 TMG, however, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances indicating unlawful activity. Content will be removed without delay as soon as we become aware of any legal violation.

Liability for links

Our offer contains links to external websites of third parties over whose content we have no influence. The respective provider or operator of the linked pages is always responsible for their content. Permanent monitoring of the content of linked pages is not reasonable without concrete evidence of a legal violation. Such links will be removed without delay if legal violations become known.

Copyright

The content and works on these pages created by the site operators are subject to German copyright law. Duplication, processing, distribution and any form of exploitation beyond the limits of copyright law require the written consent of the respective author or creator.

Privacy notice

Controller in the sense of the GDPR

Die Quadratur UG (haftungsbeschränkt), Sierichstraße 120, 22299 Hamburg, Deutschland. Represented by Christian Durlej. Email: info@die-quadratur.de.

Data protection contact

For data protection questions you can reach Christian Durlej at info@die-quadratur.de. There is currently no legal obligation to appoint a formal Data Protection Officer; as soon as such an obligation applies, we will appoint a qualified person and update this notice without delay.

Scope

This notice explains how, why and to what extent we process personal data on awedit.ai and the related application. External services we link to are governed by their own privacy notices.

Legal bases

We only process personal data on one of the following legal bases under the GDPR:

  • Art. 6 (1) (a) GDPR (consent), e.g. voluntary sign-up for the sample report.
  • Art. 6 (1) (b) GDPR (contract), e.g. use of the customer workspace and scanner after sign-up.
  • Art. 6 (1) (c) GDPR (legal obligation), e.g. retention duties under commercial and tax law.
  • Art. 6 (1) (f) GDPR (legitimate interest), e.g. secure operation, abuse prevention and provision of our content.

Processing activities in detail

We only use carefully selected processors. Data processing agreements under Art. 28 GDPR are in place with all of them. Processing takes place primarily within the European Union.

Hosting and delivery (Cloudflare Workers via Lovable)

The website is delivered through the edge infrastructure of Cloudflare, Inc. (provided via Lovable). Each request generates server logs containing your IP address, request time, requested URL, referer and user agent. Legal basis: Art. 6 (1) (f) GDPR (secure operation, abuse prevention). Logs are deleted or anonymised shortly after collection. A data processing agreement is in place; transfers to the United States are based on the EU-US Data Privacy Framework (adequacy decision of 10 July 2023) and on Standard Contractual Clauses issued by the European Commission.

Application backend and storage (Lovable Cloud / Supabase, EU)

For authentication, database, file storage and application logic we use Lovable Cloud, powered by Supabase, hosted in the European Union (Frankfurt). We process your account and profile data, uploaded artifacts, self-check answers and generated findings and reports. Legal basis: Art. 6 (1) (b) GDPR (performance of contract) or Art. 6 (1) (f) GDPR (provision of the application). A data processing agreement is in place.

Google Fonts

We load the „Alexandria“ and „JetBrains Mono“ web fonts from servers operated by Google Ireland Limited (fonts.googleapis.com, fonts.gstatic.com). This transmits your IP address to Google. Legal basis: Art. 6 (1) (f) GDPR (consistent and accessible presentation of our content). For transfers to the United States, Google relies on the EU-US Data Privacy Framework. See policies.google.com/privacy for details. We are actively evaluating self-hosting these fonts.

Usage analytics (Lovable Analytics, cookieless)

We use the privacy-friendly analytics feature of our hosting provider. No cookies are set, no IP addresses are stored, and no cross-device tracking takes place. Only aggregated metrics such as page views and referring domain are collected. Legal basis: Art. 6 (1) (f) GDPR (needs-based design of our content).

Contact by email

When you contact us by email at info@die-quadratur.de, your information is stored to handle the request and any follow-up questions. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (answering your enquiry).

Self-check and sample report sign-up

The free self-check only collects the answers you actively enter and, optionally, your email address if you want to receive the result or the sample report by email. Consent is given by actively submitting the form and can be revoked at any time with effect for the future. Legal basis: Art. 6 (1) (a) GDPR. Without an email address, your result never leaves your browser in a form that can be linked back to you.

Retention

We store personal data only as long as necessary for the stated purposes or as required by statutory retention obligations (in particular under the German Commercial Code and Fiscal Code). Account and project data is deleted no later than 90 days after termination of the contract, unless retention obligations require otherwise.

Transfers to third countries

Personal data is transferred to third countries outside the EU/EEA only where necessary to provide the service (in particular Cloudflare and Google Fonts). Such transfers are based on an adequacy decision (EU-US Data Privacy Framework) or on Standard Contractual Clauses under Art. 46 (2) (c) GDPR.

Your rights

As a data subject you have the following rights against the controller:

  • Access to the data we hold about you (Art. 15 GDPR).
  • Rectification of inaccurate data (Art. 16 GDPR).
  • Erasure of your data (Art. 17 GDPR).
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Objection to processing based on Art. 6 (1) (f) GDPR (Art. 21 GDPR).
  • Withdrawal of consent with effect for the future (Art. 7 (3) GDPR).

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany, mailbox@datenschutz.hamburg.de.

Technical and organisational measures

We implement technical and organisational measures under Art. 32 GDPR, in particular transport-layer encryption (TLS), encryption at rest at the backend provider, role-based access control (Row Level Security), two-factor options and regular review of access rights. These measures are continuously aligned with the state of the art.

No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place. Findings from the self-check and scanner are orientation values; final review and release is always done by qualified people.

Changes to this notice

We update this privacy notice when our processing activities or the legal framework change. The current version, together with its date, is always available on this page.