AntragPlus

This is an English courtesy translation. Only the German version is legally binding.

Privacy Policy

Transparent and GDPR-compliant data processing at AntragPlus

Our security standards

GDPR-compliant

Full compliance with the European General Data Protection Regulation for all of your data – including data erasure, the right of access, and purpose limitation.

Servers in Germany

All personal data is stored and processed exclusively on servers in Germany – certified and securely hosted.

Encrypted

End-to-end encryption for sensitive data – both in transit and at rest.

Privacy Policy (GDPR)

Controller responsible for data processing:

AntragPlus GmbH

Sachsendamm 67, 10829 Berlin

Phone: +49 176 435 42 112

Email: [email protected]

Data protection officer:

AntragPlus GmbH

Sachsendamm 67, 10829 Berlin

Email: [email protected]

Purposes of processing

  • Operation and provision of the “AntragPlus” SaaS platform
  • Creation, management, and export of grant applications
  • User management, billing, and support
  • Communication with customers (e.g. email, notifications)
  • Fulfilment of statutory retention and record-keeping obligations

Legal bases

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(c) GDPR (legal obligation)
  • Art. 6(1)(f) GDPR (legitimate interest, e.g. IT security)
  • Art. 6(1)(a) GDPR (consent, e.g. cookies, newsletter)

Data collected

  • Registration and contact data (name, organisation, email, payment information)
  • Project data (uploaded documents, created applications, financial reports)
  • System and usage data (IP address, browser, log files)

Disclosure to third parties and processors

Hosting and infrastructure:

  • Netlify (servers in the EU) - website hosting
  • Neon (servers in the EU) - database and backend
  • AWS (servers in Frankfurt) - cloud infrastructure

Payment processing:

  • PayPal (PayPal Europe S.à r.l. et Cie, S.C.A., Luxembourg)
  • Stripe (Stripe Payments Europe Ltd., Ireland)

Email delivery:

  • Resend (for transactional emails)
  • Mailchimp (for newsletters, only with consent)

Analytics services (only with consent):

  • Google Analytics 4 (anonymised IP addresses)
  • Hotjar (user behaviour, anonymised)

International data transfers

EU/EEA processing: Your data is processed primarily within the EU/EEA (Germany, Ireland, Luxembourg).

Third countries: In individual cases, data processing takes place in third countries (USA) with the following services:

  • Google Analytics (USA) - only with consent
  • Hotjar (Malta/USA) - only with consent

Safeguards: Standard contractual clauses of the EU Commission, adequacy decisions, or comparable guarantees pursuant to Art. 44-49 GDPR.

Retention period

  • Contract data: during the term of the contract + statutory retention period (6–10 years)
  • Project data: until deleted by users or until the contract ends
  • Log files: max. 14 days

Your rights as a data subject

Right of access (Art. 15 GDPR)

Right to obtain information about the personal data processed

Right to rectification (Art. 16 GDPR)

Right to have inaccurate data corrected

Right to erasure (Art. 17 GDPR)

Right to have personal data erased

Right to restriction (Art. 18 GDPR)

Right to restriction of processing

Data portability (Art. 20 GDPR)

Right to have your data transferred

Right to object (Art. 21 GDPR)

Right to object to the processing

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information)
Friedrichstr. 219, 10969 Berlin
Phone: +49 30 13889-0
Email: [email protected]

Exercising your rights

To exercise your rights, please contact: [email protected]

Automated decision-making and AI processing

AI-assisted grant analysis: Our platform uses artificial intelligence to automatically analyse and suggest funding programmes.

Processing logic: Algorithms analyse your project data and match it against available funding programmes.

Significance: Automated suggestions for suitable grants based on the information you provide.

Your rights: You have the right to human review, to express your point of view, and to contest the decision pursuant to Art. 22 GDPR.

Website features and data processing

Contact form

Data processed: Name, email address, organisation, message content

Purpose: Handling your enquiry and communication

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Retention period: 3 years after the communication has concluded

Job applications (careers page)

Data processed: Name, email address, phone number (optional), LinkedIn/portfolio link (optional), message/motivation, and the position you are applying for

Purpose: Conducting the application procedure and communicating with you

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) in conjunction with Section 26(1) BDSG (initiation of an employment relationship)

Retention period: Erasure no later than 6 months after the application procedure has concluded, unless you have consented to longer storage (e.g. talent pool)

Newsletter sign-up

Data processed: Email address, name (optional)

Purpose: Sending information about grants and product updates

Legal basis: Art. 6(1)(a) GDPR (consent)

Double opt-in: Confirmation via a separate link required

Unsubscribing: At any time via the link in every email or by emailing us

User accounts and platform use

Data processed: Registration data, project information, usage behaviour

Purpose: Provision of the SaaS features, project management, support

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

Retention period: During the term of the contract + statutory retention periods

Cookies & tracking technologies

Essential cookies (no consent required)

  • Session cookies for login and user navigation
  • Security cookies for CSRF protection
  • Functional cookies for language settings

Analytics cookies (only with consent)

  • Google Analytics 4: Website analytics, anonymised IP addresses
  • Hotjar: User behaviour and heatmaps, anonymised
  • Retention period: 14 months (Google Analytics), 12 months (Hotjar)

Marketing cookies (only with consent)

  • Retargeting pixels for targeted advertising
  • Social media plugins (LinkedIn, Twitter)
  • Conversion tracking for advertising campaigns

Managing cookie settings

You can adjust your cookie settings at any time via our cookie banner or in your browser settings.

Note: Disabling certain cookies may limit the functionality of the website.

Data security and technical measures

Encryption: All data transmissions take place via SSL/TLS encryption (HTTPS).

Access control: Strict authentication and authorisation for all system access.

Data protection by design: Minimising data collection to what is necessary.

Regular updates: Continuous security updates and penetration tests.

Data protection impact assessment: Regular assessment of data protection risks.

As of: December 2025