← Home

Legal

Privacy Policy

This policy describes how Exord GmbH (“we”, “us”) processes personal data when you use COMAS’ (the “Service”) — our multi-agent SEO writing application. For company and contact details, see our Imprint.

1. Controller

Responsible under the GDPR is Exord GmbH, Maria-Goeppert-Str. 5, 23562 Lübeck, Germany. Email: hallo@exord.de

2. What data we process

Depending on how you use the Service, we process in particular:

  • Account and access: e.g. email address and authentication data when you register or sign in (processed via our authentication and database provider).
  • Organisation and project data: information you enter about organisations, projects, settings, internal links, and similar configuration.
  • Content you provide: prompts, keywords, tone-of-voice samples, pasted or uploaded articles, and generated outputs stored in your workspace.
  • Billing: if you subscribe, our payment provider processes payment-related data (e.g. customer and subscription identifiers; card data is handled by the payment provider, not stored by us as full card numbers).
  • Technical data: e.g. IP address, device and browser type, timestamps, and server logs when you use the website or API — for operation, security, and troubleshooting.

3. AI processing

To generate and refine content, parts of your input (such as prompts, project settings, and relevant text you supplied) are sent to AI model providers via our hosting and AI infrastructure. Those providers process the data as processors or independent controllers according to their terms. Do not submit special categories of personal data (e.g. health data) unless you have a lawful basis and it is necessary for your use case.

4. Purposes and legal bases

We process data for:

  • Providing the Service (Art. 6(1)(b) GDPR — contract, or steps prior to entering a contract).
  • Billing and accounting (Art. 6(1)(b) and (c) GDPR — contract and legal obligation).
  • Security, abuse prevention, and improvement (Art. 6(1)(f) GDPR — legitimate interests, balanced against your rights).
  • Where required, consent (Art. 6(1)(a) GDPR) — e.g. for optional communications or non-essential cookies, if we use them and ask for consent.

5. Recipients and subprocessors

We use vetted service providers to host and operate the Service, including for example hosting (e.g. Vercel), database and authentication (e.g. Supabase), payments (e.g. Stripe), and AI inference (via our AI gateway and underlying model providers). Providers may process data in the EU, the EEA, the United States, or other countries. Where data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Commission’s standard contractual clauses, where applicable.

6. Retention

We keep data as long as your account exists and as needed to provide the Service, comply with legal obligations (e.g. tax and commercial law), resolve disputes, and enforce our agreements. After deletion of your account, we may retain certain data only where required by law or for limited backup cycles.

7. Your rights

Under the GDPR, you have the right to:

  • access, rectification, erasure, restriction of processing, and data portability where applicable;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is consent-based;
  • lodge a complaint with a supervisory authority (e.g. in your EU member state).

To exercise your rights, contact us at hallo@exord.de.

8. Changes

We may update this policy when our Service or legal requirements change. The current version is always published on this page.

Last updated: April 2026