Privacy Policy
Datenschutzerklärung — last updated: July 2026
We are very pleased about your interest in our service. Data protection is of a particularly high priority for the management of NivoTools, the operator of NodeMap AI. Use of this website is generally possible without providing any personal data. However, if a data subject wishes to use special services via our website — such as receiving a generated business blueprint by email or sending us feedback — the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the e-mail address of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to NivoTools. By means of this privacy policy, we wish to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller, NivoTools has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions can fundamentally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.
Definitions
The privacy policy of NivoTools is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy, we use, among others, the following terms:
- a) Personal data: Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- b) Data subject: A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
- c) Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- f) Pseudonymization: Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- g) Controller or person responsible for processing: Controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- h) Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- i) Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- j) Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- k) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and Address of the Controller
The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:
[MY_NAME]
c/o Block Services
[MY_STREET]
[MY_ZIP_CITY]
Germany
Tel.: [MY_PHONE]
Email: [MY_EMAIL]
No User Accounts or Registration
This website does not offer user accounts and does not require any registration. All core functions can be used without creating an account. The only personal data you can actively provide are your e-mail address (voluntarily, for receiving your generated business blueprint or for sending us feedback) and the free-text answers you choose to enter into the questionnaire.
Cookies and Local Storage
This website does not set its own tracking cookies and does not use advertising cookies. Instead of cookies, the website uses the browser's "Local Storage" to store functional data exclusively on your own end device. This information remains on your device and is not transmitted to our servers by the storage mechanism itself. Stored items include:
- Your e-mail address, if you have entered it, so that forms can be pre-filled for you
- Your most recently generated business blueprint, so you can reopen it without regenerating it
You can delete this data at any time by clearing your browser's site data for this website. If you deactivate Local Storage in your browser, not all functions of this website may be fully usable.
Collection of General Data and Information
This website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files of our hosting provider. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, NivoTools does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. In addition, the IP address is processed in a short-lived, technical manner to enforce rate limits that protect our services against automated abuse (legal basis: Art. 6 (1) lit. f GDPR — protection against misuse).
E-Mail Collection: Blueprint Delivery and Feedback
If you voluntarily enter your e-mail address to receive your generated business blueprint, we use this address exclusively to send you the requested blueprint (including the report as a PDF attachment). If you use the feedback form, we use the e-mail address you provide exclusively to receive and, where appropriate, respond to your feedback. The legal basis for this processing is Art. 6 (1) lit. a GDPR (consent) and, with regard to delivering a service you explicitly requested, Art. 6 (1) lit. b GDPR. Your e-mail address is not used for advertising, not added to a newsletter, and not shared with third parties for their own purposes.
For the technical dispatch of e-mails we use the service provider Resend (Resend, Inc., USA) as a processor. Your e-mail address and the content of the message are transmitted to Resend for the sole purpose of delivering the e-mail. For the transfer of data to the USA, the provider relies on the EU Commission's Standard Contractual Clauses (SCCs) as an appropriate safeguard.
AI Processing of Questionnaire Answers (Google Gemini)
The core function of this website — generating a personalized business analysis — is performed with the help of the Google Gemini API, an artificial-intelligence service of Google. The free-text answers you enter into the questionnaire are transmitted to Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland) for the sole purpose of generating your personalized results, including tailored follow-up questions, short summary tags and the final business blueprint. Your e-mail address is not transmitted to Google.
We advise you not to include personal data — in particular names or contact details of yourself or third parties — in your free-text answers, as the answers are processed by the AI service as entered. The legal basis for this processing is Art. 6 (1) lit. b GDPR (performance of the service you requested). A transfer of data to the USA by Google cannot be excluded; Google relies on the EU Commission's Standard Contractual Clauses and the EU-U.S. Data Privacy Framework as safeguards.
Market Demand Data (Google Trends)
To validate the generated ideas, our server retrieves aggregated, anonymous search-interest data from Google Trends. This request is made by our server for generic search keywords only; no personal data of the data subject is transmitted to Google Trends in this process.
External Content (Fonts, Stylesheets, Video)
This website loads technical resources from external providers to display correctly: the "Inter" font from Google Fonts (Google Ireland Limited), the Tailwind CSS framework from its official CDN, and a background video delivered via the content delivery network Amazon CloudFront (Amazon Web Services EMEA SARL). When these resources are loaded, the respective provider necessarily receives your IP address, as without the IP address the content could not be delivered to your browser. The legal basis is Art. 6 (1) lit. f GDPR — our legitimate interest in a uniform, secure and performant presentation of the website. The providers rely on the EU Commission's Standard Contractual Clauses for any third-country transfers.
Routine Erasure and Blocking of Personal Data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Rights of the Data Subject
- a) Right of confirmation: Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
- b) Right of access: Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to information about the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients.
- c) Right to rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- d) Right to erasure (Right to be forgotten): Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected; the data subject withdraws consent; the data subject objects to the processing; the personal data have been unlawfully processed; or the personal data must be erased for compliance with a legal obligation.
- e) Right to restriction of processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where the accuracy of the personal data is contested, the processing is unlawful, or the controller no longer needs the personal data for the purposes of the processing.
- f) Right to data portability: Each data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format.
- g) Right to object: Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her.
- h) Automated individual decision-making, including profiling: Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her.
- i) Right to withdraw data protection consent: Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
To exercise any of these rights, you may contact us at any time using the contact details stated above. You also have the right to lodge a complaint with a data protection supervisory authority.
Legal Basis for Processing
Art. 6 (1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party — which includes providing a service the data subject has explicitly requested, such as generating and delivering a business blueprint — the processing is based on Art. 6 (1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person (Art. 6 (1) lit. d GDPR). Finally, processing operations could be based on Art. 6 (1) lit. f GDPR.
Legitimate Interests Pursued by the Controller or by a Third Party
Where the processing of personal data is based on Art. 6 (1) lit. f GDPR, our legitimate interest is the proper, secure and abuse-free operation of our website and the carrying out of our business.
Period for Which the Personal Data Will Be Stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the purpose for which it was collected.
Provision of Personal Data as Statutory or Contractual Requirement
The provision of personal data on this website is neither required by law nor by contract. You can use the website without providing any personal data. Only if you wish to receive your generated blueprint by e-mail or to send us feedback is the provision of an e-mail address necessary, since without it the requested service cannot be delivered.
Existence of Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling within the meaning of Art. 22 GDPR. The AI-generated business analysis is an informational content service produced at your request; it does not produce legal effects concerning you and does not similarly significantly affect you.
Hosting by IONOS
We host our website with the following provider:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany
Nature and Purpose of Processing: The hoster processes personal data (e.g., IP addresses, technical usage data) to provide us with infrastructure and platform services, computing capacity, storage space, database services, security services, and technical maintenance services used for the purpose of operating this online offering.
Legal Basis: The use of the hoster is for the purpose of contract fulfillment towards our potential and existing users (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR).
Conclusion of a Data Processing Agreement (DPA): In order to ensure processing in compliance with data protection regulations, we have concluded a Data Processing Agreement with the provider mentioned above.
Data Security (Encryption)
To secure the transmitted information, this website uses SSL or TLS encryption (HTTPS). This encryption protects the data transmission between your browser and our servers from unauthorized access by third parties.
This privacy policy was created by the Privacy Policy Generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as External Data Protection Officer Munich, in cooperation with the Cologne IT and data protection lawyer Christian Solmecke.