Academic Project Notice

This website is a fictional prototype created as part of the course Innovation Management at Hochschule Rhein-Waal. HoldLess is not a real company, and no actual services are offered. All content is for demonstration and educational purposes only.

Last updated: January 2026

Privacy Policy

At HoldLess, we take your privacy seriously. This policy explains how we collect, use, and protect your personal data.

1. Data Controller

HoldLess GmbH (in formation)
Berlin, Germany
Email: privacy@holdless.io

2. Data We Collect

We collect the following types of data:

  • Account Information: Name, email address, and authentication credentials when you create an account.
  • Task Data: Information you provide when delegating tasks, including task descriptions, preferences, and related documents.
  • Credential Vaults: Encrypted login credentials for third-party services you authorize us to access on your behalf.
  • Usage Data: How you interact with our service, including logs and analytics.
  • Communication Data: Messages you send through our contact forms or support channels.

3. How We Use Your Data

We use your data to:

  • Execute tasks on your behalf
  • Provide verification and audit trails (Proof Packs)
  • Improve our AI models and service quality
  • Communicate with you about your account and tasks
  • Comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for sensitive data
  • Zero-knowledge credential storage
  • EU-based infrastructure (AWS Frankfurt)
  • Regular security audits
  • Strict access controls and audit logging

5. Data Retention

We retain your data only as long as necessary to provide our services or comply with legal requirements:

  • Task data: 90 days after completion (configurable)
  • Proof Packs: 1 year (or as required by law)
  • Account data: Until you delete your account
  • Credentials: Deleted immediately upon task completion

6. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data (portability)
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@holdless.io.

7. Third-Party Services

We may share data with third-party service providers who help us operate our service:

  • Cloud infrastructure providers (AWS, within EU)
  • Analytics services (anonymized data only)
  • Payment processors (for billing)

We never sell your personal data to third parties.

8. Cookies

We use essential cookies for authentication and service functionality. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through our service.

10. Contact

For questions about this privacy policy or our data practices, contact us at:

Email: privacy@holdless.io
Address: HoldLess GmbH, Berlin, Germany