AI BEAVERS

Privacy Policy

AI BEAVERS website, community, and public services

Last updated: June 27, 2026

Scope

This Privacy Policy explains how AI BEAVERS processes personal data when you use ai-beavers.com, join the invite-only member portal, subscribe to the newsletter, submit public projects, apply for community programs, interact with campaign or sponsor forms, check in at events, vote in hackathons, redeem perks, donate, order merch, or use other public AI BEAVERS community features.

This policy applies to the public and community services described here. If another service uses different terms, those terms will be presented with that service.

Controller

The data controller responsible for this policy is:

Alexander Zakharov
Turmweg 31
20148 Hamburg, Germany
Email: [email protected]

Processing by Purpose

1. Website Operation and Security

  • Data: IP address, device and browser data, pages requested, timestamps, HTTP status codes, error logs, rate limit signals, and security metadata.
  • Purpose: Deliver the website, detect errors, prevent abuse, secure the service, and keep public pages working.
  • Legal basis: Legitimate interests in operating and securing the service under Art. 6(1)(f) GDPR.
  • Required or optional: Technical data is required for the website to function.
  • Recipients/processors: Firebase App Hosting, Google Cloud, security and logging infrastructure.
  • Retention: Kept only as long as needed for operations, troubleshooting, security review, and legal claims.

2. Analytics, Cookies, and Web Vitals

  • Data: Cookie consent choices, page views, referrers, approximate location, device and browser data, interaction events, Core Web Vitals, and Google Analytics identifiers where analytics consent is granted.
  • Purpose: Understand traffic, improve page performance, measure campaigns, and learn which content is useful.
  • Legal basis: Consent under Art. 6(1)(a) GDPR for analytics cookies and analytics events; legitimate interests under Art. 6(1)(f) GDPR for consent records and basic service diagnostics.
  • Required or optional: Analytics is optional. Necessary consent storage is required to remember your preference.
  • Recipients/processors: Google Analytics 4, Google Tag infrastructure, Firebase/Google Cloud.
  • Retention: Google Analytics data is retained according to the configured analytics retention period. Consent cookies are kept for the period shown in the cookie table below.

3. Newsletter and Community Updates

  • Data: Email address, optional name, subscription source, verification tokens, timestamps, unsubscribe status, and delivery metadata.
  • Purpose: Send newsletter issues, community announcements, event updates, and subscription verification emails.
  • Legal basis: Consent under Art. 6(1)(a) GDPR for newsletters; legitimate interests under Art. 6(1)(f) GDPR for verification, suppression, and abuse prevention records.
  • Required or optional: Email is required to subscribe. Name and most preference fields are optional.
  • Recipients/processors: Firebase/ Google Cloud for subscription records and Resend for email delivery and audience synchronization.
  • Retention: Active subscriptions are kept until you unsubscribe or request deletion. Unsubscribe and suppression records may be retained to make sure we do not email you again.

4. Accounts, Invite Codes, and Member Profiles

  • Data: Account identifiers, email, display name, sign-in provider, invite code, acceptance timestamps and legal versions, profile fields, skills, interests, location, links, images, project records, matching preferences, moderation records, and login metadata.
  • Purpose: Create and manage invite-only accounts, show relevant member and project information, support discovery and matching, prevent abuse, and moderate the member portal.
  • Legal basis: Contract or pre-contract steps under Art. 6(1)(b) GDPR for account features; legitimate interests under Art. 6(1)(f) GDPR for community safety, moderation, and abuse prevention; consent under Art. 6(1)(a) GDPR where you opt in to optional public display or newsletters.
  • Required or optional: Account, authentication, invite, and legal acceptance data is required for portal access. Profile enrichment, social links, matching preferences, images, and newsletter opt-in fields are optional unless marked required in the form.
  • Recipients/processors: Firebase Authentication, Firestore, Firebase Storage, Google Cloud, Resend for account emails, and Telegram notifications for limited operational alerts where enabled.
  • Retention: Account data is kept while your account is active and then for a reasonable period needed for safety, audit, dispute resolution, legal claims, or deletion workflows.

5. Public Profiles, Projects, Media, Winners, and Recaps

  • Data: Approved names, team names, profile snippets, project names, descriptions, tags, links, logos, screenshots, pitch materials, rankings, winner status, event photos, video, quotes, and attribution details.
  • Purpose: Display approved public community content, showcase projects, publish hackathon winners, create recaps, credit contributors, and promote AI BEAVERS events and programs.
  • Legal basis: Consent under Art. 6(1)(a) GDPR where you approve optional public profile or media use; contract under Art. 6(1)(b) GDPR for submitted public project participation terms; legitimate interests under Art. 6(1)(f) GDPR in documenting events and community activity, balanced with opt-out and takedown requests.
  • Required or optional: Public display fields are optional unless a submission form clearly states that a field will be public if the submission is approved.
  • Recipients/processors: Website visitors, search engines for indexed pages, Firebase/Google Cloud, and external social or sponsor platforms when you choose to publish or share there.
  • Retention: Public archive content may remain online as part of the community record unless removed, anonymized, or limited after a valid request or moderation decision.

6. Events, Calendar Links, and Check-In

  • Data: Event registration data, Luma or Meetup attendee data where imported, first and last name, company, check-in time, event attendance status, venue or host requirements, and consent records.
  • Purpose: Run meetups and hackathons, verify attendance, manage venue capacity and security, distribute event information, support sponsor or perk eligibility, and keep operational attendance records.
  • Legal basis: Contract or pre-contract steps under Art. 6(1)(b) GDPR for event participation; legitimate interests under Art. 6(1)(f) GDPR for venue operations, safety, fraud prevention, and community administration; consent under Art. 6(1)(a) GDPR for optional media or newsletter choices.
  • Required or optional: Registration and check-in fields marked required are needed to attend or claim event-specific benefits. Newsletter, media, and extended profile fields are optional unless a form states otherwise.
  • Recipients/processors: Firebase/ Google Cloud, Luma, Meetup, venue or event partners where needed for access, Resend for event email, Telegram for operational notifications, and sponsors only when the related benefit or form makes that sharing clear.
  • Retention: Event and check-in data is kept while needed for event operations, perk eligibility, audit, fraud prevention, community history, legal claims, and required accounting records.

7. Forms, Campaigns, City Demand, Sponsor Inquiries, and Contact Requests

  • Data: Form responses, contact details, company or role, city interest, campaign source, sponsor or partnership details, free-text messages, timestamps, and technical metadata.
  • Purpose: Respond to requests, qualify demand for city communities, manage sponsor or partner conversations, route campaigns, and follow up on submitted forms.
  • Legal basis: Pre-contract steps under Art. 6(1)(b) GDPR where you ask for a service or partnership; legitimate interests under Art. 6(1)(f) GDPR for community operations, lead handling, and abuse prevention; consent under Art. 6(1)(a) GDPR for optional newsletter opt-in.
  • Required or optional: Required form fields are needed to submit the request. Optional fields improve routing and context.
  • Recipients/processors: Firebase/ Google Cloud, Resend for email follow-up, Telegram notifications where enabled, and external sponsor or form platforms if you submit directly through them.
  • Retention: Kept while the request, campaign, city demand review, or partner conversation remains active and then as needed for audit, suppression, dispute resolution, or legal claims.

8. Beavership and Dam Keeper (formerly “Ambassador”) Programs

  • Data: Application answers, identity and contact details, city or lodge interests, skills, links, experience, availability, onboarding progress, operational notes, shirt or merch size where relevant, and review records.
  • Purpose: Review applications, onboard community Dam Keepers, operate local lodges, coordinate event playbooks, provide access to program materials, and manage community responsibilities.
  • Legal basis: Pre-contract or contract steps under Art. 6(1)(b) GDPR for applications and onboarding; legitimate interests under Art. 6(1)(f) GDPR for community quality, safety, documentation, and fraud prevention.
  • Required or optional: Application fields marked required are needed for review. Additional background, links, and preferences are optional unless marked required.
  • Recipients/processors: Firebase/ Google Cloud, Resend for setup emails, Telegram for application notifications, and limited authorized reviewers or program collaborators.
  • Retention: Kept while the application, onboarding, or Dam Keeper relationship is active and then as needed for program continuity, audit, safety, and legal claims.

9. Payments, Merch Orders, Donations, and Subscriptions

  • Data: Stripe checkout identifiers, customer email, payment status, donation amount, subscription status, order details, selected merch, shipping or pickup details, billing data, receipts, invoices, refunds, and fraud prevention metadata. AI BEAVERS does not store full card numbers.
  • Purpose: Process payments, donations, subscriptions, merch orders, receipts, refunds, customer support, payment security, and accounting obligations.
  • Legal basis: Contract under Art. 6(1)(b) GDPR for purchases and donations; legal obligation under Art. 6(1)(c) GDPR for tax and accounting records; legitimate interests under Art. 6(1)(f) GDPR for fraud prevention, payment support, and dispute handling.
  • Required or optional: Payment and order fields are required to complete the transaction. Optional notes or preferences are voluntary.
  • Recipients/processors: Stripe, Firebase/Google Cloud, Telegram order or donation notifications where enabled, and shipping, pickup, or fulfillment partners where needed to deliver an order.
  • Retention: Transaction, tax, and accounting records are generally retained for statutory periods, including up to 10 years where required under German accounting and tax rules. Payment dispute and fraud records may be kept as needed to protect legal rights.

10. Hackathons, Submissions, Voting, Judging, Winners, and Perks

  • Data: Participant and team details, Luma registration email, checked-in attendee status, project submissions, pitch materials, judging notes or scores, social voting records, email verification tokens, aggregate leaderboard data, sponsor/API-key perk claims, winner pages, recap media, and fraud prevention metadata.
  • Purpose: Run hackathons, verify eligibility, accept team submissions, support judges, count public votes, publish results, distribute perks, prevent duplicate or fraudulent claims, and document event outcomes.
  • Legal basis: Contract under Art. 6(1)(b) GDPR for event participation and perks; legitimate interests under Art. 6(1)(f) GDPR for fair play, fraud prevention, judging integrity, public results, and event documentation; consent under Art. 6(1)(a) GDPR for optional newsletter and media choices.
  • Required or optional: Submission, verification, and perk fields marked required are needed to participate in that flow. Newsletter, extended profile, and optional media choices are voluntary.
  • Recipients/processors: Firebase/ Google Cloud, Resend, Luma, judges, sponsors providing perks, public website visitors for approved public content, and external platforms where you submit or redeem benefits directly.
  • Retention: Records are kept while needed for event operation, verification, public archives, perk support, dispute resolution, fraud prevention, and legal claims. Email verification tokens expire according to the flow that generated them, commonly within 24 hours for voting.

11. External Platforms, Sponsors, and Links

  • Data: Data you provide directly to external event, payment, sponsor, social, calendar, or form platforms.
  • Purpose: Let you register for events, redeem benefits, contact sponsors, view calendars, complete payments, or use external community channels.
  • Legal basis: The external platform controls its own processing under its own legal terms. AI BEAVERS processes related records under the purpose-specific bases above when data is sent back to us.
  • Required or optional: External fields are controlled by the external platform.
  • Recipients/processors: Examples include Luma, Meetup, Stripe, sponsor platforms, social networks, and embedded or linked forms.
  • Retention: External platforms apply their own retention rules. AI BEAVERS keeps imported or returned data only under the relevant purpose described in this policy.

Cookies and Local Storage

We use necessary storage for site functionality and optional analytics storage only after consent. You can change analytics preferences through the cookie banner or clear stored data in your browser.

StoragePurposeDuration
cc_cookieStores cookie consent preferences.182 days
_ga, _ga_*, _gid, _gatGoogle Analytics identifiers and request throttling, only after analytics consent.Typically from 1 minute to 2 years depending on the cookie.
ai-beavers-themeStores your light, dark, or system theme preference in local storage.Until you change or clear it.
Firebase Auth browser storageKeeps member sessions signed in and supports authentication flows.Until sign-out, account state change, token expiry, or browser clearing.
Temporary invite or verification storageStores invite code or one-time verification state during public flows.Until completion, expiry, replacement, or browser clearing.

Processors, Recipients, and International Transfers

We use service providers only where needed to operate the public community product, communicate with you, host data, process payments, secure the service, or provide event benefits. These providers may process data in the European Economic Area and other countries.

  • Firebase, Google Cloud, Firebase Auth, Firestore, and Firebase Storage: hosting, authentication, database, storage, logs, and security infrastructure.
  • Google Analytics and Google Tag: consent-gated analytics and Web Vitals measurement.
  • Resend: transactional email, newsletter verification, newsletter delivery, and audience synchronization.
  • Stripe: checkout, donations, subscriptions, customer portal, payment records, receipts, fraud prevention, and payment dispute handling.
  • Telegram: limited operational notifications for forms, applications, orders, donations, or operational alerts where configured.
  • Luma, Meetup, venues, sponsors, and external forms: event registration, calendar listings, attendee imports, check-in verification, perk delivery, and partner inquiries where relevant.

Where data is transferred outside the EEA, we rely on the relevant provider safeguards, such as adequacy decisions, the EU-US Data Privacy Framework where applicable, standard contractual clauses, or other legally recognized transfer mechanisms.

Retention Criteria

We keep personal data only as long as needed for the purposes described above, unless a longer period is required or allowed by law. Retention depends on the type of data, whether an account or transaction is active, the need to prevent fraud or abuse, statutory accounting requirements, legal claims, deletion requests, and the value of maintaining public community archives.

  • Cookie consent records are stored in your browser for 182 days.
  • Voting verification links are short-lived and commonly expire within 24 hours.
  • Unsubscribe and suppression records may be retained to honor your email choices.
  • Payment, tax, donation, order, and accounting records may be retained for statutory periods, including up to 10 years where German law requires it.
  • Approved public projects, winner pages, recaps, and event media may remain online as public community archive content unless removed, limited, or anonymized.

Your Rights

Subject to the conditions and limits in the GDPR, you may have the right to access, rectify, erase, restrict, or receive a copy of your personal data; object to processing based on legitimate interests; and withdraw consent at any time for future processing.

To exercise your rights, email [email protected]. We may need to verify your identity before acting on a request.

Security

We use technical and organizational measures designed to protect personal data, including HTTPS, managed cloud infrastructure, access controls, authentication, role-based permissions, rate limiting, and limited operational logging.

No internet service can be guaranteed to be completely secure. Please use strong account credentials and contact us if you believe your account or data may be at risk.

Children

The public AI BEAVERS services are not directed at children under 16. If an event allows minors, additional event-specific rules or guardian consent requirements may apply.

Complaints

You may lodge a complaint with a data protection supervisory authority. In Hamburg, you can contact:

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany
Website: https://datenschutz-hamburg.de

Changes

We may update this Privacy Policy when our services, processors, legal requirements, or community workflows change. The date at the top shows when this version was last updated.

Event-Specific Notices

This main policy covers public website and community use. Event-specific pages give additional context for hackathons and event programs:

← Back to LegalLast updated: June 27, 2026