← Back

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller within the meaning of the GDPR is:

Jan Ole Schmidt
Kellersweg 7
35764 Sinn
Germany

E-Mail: hello@usepalim.com

2. What Data We Process

When using Palim, the following data is processed:

  • Account data: Email address and password (encrypted) for authentication.
  • Session content: The AI conversations, summaries, and notes you explicitly save with the Palim MCP server.
  • Metadata: Timestamps, tags, and other metadata you assign to your sessions.

Storing your choice (marketing site): We set a cookie `palim_cookie_consent` (one-year lifetime, path “/”, SameSite=Lax) to remember your decision on optional statistics — so we can honor a refusal persistently. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in transparent, compliant cookie handling).

Optional analytics (marketing site): If you consent, we load Vercel Web Analytics and Vercel Speed Insights (provider: Vercel Inc.). Aggregated usage data and Web Vitals (performance) are processed; Vercel may use first-party cookies or similar technologies for this. We do not run ad tracking. Legal basis when you consent: Art. 6(1)(a) GDPR. You may withdraw consent by deleting this cookie and visiting the site again.

3. Legal Basis

Your data is processed for the performance of the contract (Art. 6(1)(b) GDPR). Storage is at your explicit request — Palim only stores what you actively save with the MCP tools.

4. Data Storage & Processing

Your data is stored on servers operated by Supabase.

The infrastructure (API server) is provided via Render.com.

5. Encryption

All stored content is encrypted end-to-end with AES-256-GCM. The encryption key is user-specific and derived server-side from a master key. All transfers use HTTPS/TLS exclusively.

6. Retention

Your data is stored for as long as your account exists. You can delete individual sessions at any time or have your account fully removed. After account deletion, all personal data is deleted within 30 days.

7. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR): What data we hold about you.
  • Rectification (Art. 16 GDPR): Correction of inaccurate data.
  • Erasure (Art. 17 GDPR): Removal of your data ("right to be forgotten").
  • Restriction (Art. 18 GDPR): Restricted processing of your data.
  • Data portability (Art. 20 GDPR): Export of your data in a standard format.
  • Objection (Art. 21 GDPR): Object to processing.

To exercise these rights, contact: privacy@usepalim.com

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is the Hessian Commissioner for Data Protection and Freedom of Information (HBDI), P.O. Box 3163, 65021 Wiesbaden, Germany.

9. Beta Notice

Palim is currently in public beta. Although we take great care with the security of your data, we cannot guarantee full data availability during the beta phase. For critical data, we recommend additional backups via the export function.

© 2026 Palim — Imprint