Privacy Policy

Last updated: June 2026

This English version is provided for convenience. The German version is authoritative for legal purposes.

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

No data protection officer has been appointed.

2. Your rights as a data subject

You have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and the right to object (Art. 21). Where processing is based on consent, you may withdraw that consent at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), for example with the authority responsible for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

3. Hosting and server log files

When this website is accessed, technically necessary data is processed in server log files: IP address, date and time of access, requested page/file, transferred data volume, browser type and operating system, and the previously visited page (referrer), if transmitted.

The website is delivered through Cloudflare Pages. We use Cloudflare Pages Functions for the request form. Cloudflare may process the data listed above as a processor.

The legal basis is our legitimate interest in secure and stable operation (Art. 6 para. 1 lit. f GDPR). Log files are stored only as long as required for operation, security, and investigation of security incidents.

4. Fonts

We host the fonts used on this website locally on our own server. There is no connection to third-party servers such as Google Fonts and therefore no transfer of your IP address to third parties for font rendering.

5. Cookies and analytics

This website uses no cookies, no tracking, and no analytics or marketing services. A cookie banner is therefore not required.

If you manually switch the language, that choice is stored in your browser's local storage. This information is not used for analytics or marketing and is not transmitted to us.

6. Contact and request form

If you contact us via the form or by email, for example for a demo request or early access, we process the email address you provide solely to handle your request. When the form is submitted, we also process the selected language, the page from which the request was sent, and the time of the request so that we can assign and respond to it.

The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or our legitimate interest in responding to inquiries (Art. 6 para. 1 lit. f GDPR). The request form sends your information server-side to info@noument.com. We use Resend as an email delivery provider for the notification email. Your data is deleted once the request has been fully processed and no statutory retention obligations apply.

7. The Noument service (pilot operation)

If you or your company use Noument as part of a pilot or test operation, Noument processes meeting content, for example audio, transcripts, derived insights, and minutes. This processing is carried out on behalf of and according to the instructions of the respective customer company as a processor within the meaning of Art. 28 GDPR. The basis is a separate data processing agreement (DPA) between Noument and the customer company.

To provide the service, we use carefully selected sub-processors. In pilot operation, these include in particular:

• Microsoft Teams (Microsoft): integration and audio or meeting access.
• Deepgram: speech-to-text transcription (STT).
• OpenAI: language model processing to generate insights, summaries, and minutes.

These sub-processors are used on the basis of their respective data processing agreements and, where required, standard contractual clauses. We process data through GDPR-compliant channels and use EU data residency where available, meaning processing and storage in the European Union. For unavoidable transfers to third countries such as the United States, appropriate safeguards pursuant to Art. 44 et seq. GDPR are used, in particular standard contractual clauses and supplementary technical and organizational measures. Content is encrypted in transit and at rest. Your content is not used to train third-party models.

Details on processing purposes, categories, deletion periods, and sub-processors are governed by the respective DPA. The customer company is the controller for such processing under the GDPR; data subjects should primarily address their rights to that company.

8. Data security

This website is delivered over an encrypted TLS connection (HTTPS). We take appropriate technical and organizational measures to protect your data against loss, manipulation, and unauthorized access.

9. Changes to this Privacy Policy

We update this Privacy Policy whenever changes to the data processing we perform make this necessary. The current version published here applies.