Skip to main content
Nukipa

Privacy Policy

Last updated: 13 May 2026

1. Overview

Nukipa Labs GmbH ("Nukipa", "we", "us") takes the protection of your personal data seriously. This Privacy Policy explains what data we collect when you visit this website, on what legal basis we process it, who receives it, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR / DSGVO).

This policy applies only to this marketing website. If you sign up for the Nukipa product at app.nukipa.com, a separate privacy notice applies there.

2. Controller

The controller for the processing of personal data on this website within the meaning of Art. 4(7) GDPR is:

Nukipa Labs GmbH
Gunta-Stölzl-Strasse 7
80807 München
Germany

Email: [FILL IN: published legal contact email — likely hello@nukipa.com]
Managing Directors: Fabien Nestmann, Steffen Iwan

Data Protection Officer

Nukipa Labs GmbH has not appointed a Data Protection Officer because the statutory thresholds under § 38 BDSG are not met. For any privacy-related question or request you can reach us at the address above.

3. What we collect and why

3.1 Server log data

When you load any page, our hosting infrastructure automatically processes:

  • Your IP address (truncated and used only to derive an approximate country)
  • Date and time of the request
  • The requested URL and referrer
  • HTTP status code and bytes transferred
  • Your browser type, version and operating system

Purpose: delivering the site, ensuring stability and security, and detecting abuse. Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in operating a secure website. Retention: raw access logs are kept for up to 30 days, then deleted or aggregated.

3.2 Page-view analytics (Nukipa signals)

On every page load, our server-side proxy sends a small, anonymous event to the Nukipa analytics gateway. The event contains:

  • The path you visited (e.g. /pricing)
  • A session identifier (see cookies, below)
  • The country derived from your IP (no full IP is stored on this signal)
  • UTM parameters from the URL, if present

Purpose: understanding which pages are visited and which campaigns drive traffic, so we can improve the site. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in measuring the reach of our own content. Retention: aggregated indefinitely; raw events are deleted after 14 months.

3.3 CTA-click tracking

When you click certain primary calls to action (for example "Start Free" or "Talk to us"), we send an event to the Nukipa gateway containing the CTA label, the destination URL, the page you clicked from, and your session identifier.

Purpose: attributing conversions to pages and campaigns. Legal basis: Art. 6(1)(f) GDPR. Retention: as for page-view events.

3.4 Contact and lead forms inside blog posts

Some blog articles contain embedded forms (contact forms, lead-magnet downloads). If you submit such a form, we process the fields you provide — typically your name, email address and message — plus the form slug and the timestamp.

Purpose: responding to your enquiry or sending the requested resource. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) for sales enquiries, Art. 6(1)(a) GDPR (consent) for marketing opt-ins, Art. 6(1)(f) GDPR (legitimate interest) for technical processing. Retention: form submissions are stored for [FILL IN: form-submission retention period — recommend 24 months for sales follow-up] and then deleted, unless a contractual or legal obligation requires longer retention.

4. Cookies and local storage

This site sets only the cookies strictly required to operate. We do not use Google Analytics, Facebook Pixel, Hotjar, or any other third-party analytics or advertising trackers on this marketing site.

CookieSet byPurposeDuration
nk_sidNukipa analytics gateway (first-party, set via Set-Cookie)Stitches together page views in a single visit so we can count sessions correctly. No marketing or cross-site profile is built from this ID.Up to 30 days

Legal basis: Art. 6(1)(f) GDPR + § 25(2) No. 2 TTDSG — the session cookie is strictly necessary for the analytics service the user implicitly expects when using the site. We do not require consent for it. No optional cookies are set.

5. Recipients of your data

Personal data is shared only with the following categories of recipients, each of whom acts as a processor under Art. 28 GDPR:

  • Nukipa Labs GmbH (gateway and analytics infrastructure) — internal processor that operates the signals and form-submission endpoints behind the scenes. Same controller, separate infrastructure.
  • Hosting provider: [FILL IN: hosting provider name, legal entity and address — e.g. Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA]. Operates the servers that deliver this website and process server logs.
  • Email delivery provider (if and when you contact us by email): [FILL IN: e.g. Google Workspace / Microsoft 365] — processes the email message to deliver it to our inbox.

We have signed the required data processing agreements with each processor.

6. Transfers to third countries

Some of the processors listed above may be located outside the European Economic Area, in particular in the United States. Where a transfer takes place, we rely on the Standard Contractual Clauses adopted by the European Commission (Decision (EU) 2021/914) as an appropriate safeguard within the meaning of Art. 46 GDPR. Where the recipient is certified under the EU-U.S. Data Privacy Framework, we additionally rely on the European Commission's adequacy decision of 10 July 2023.

[FILL IN: confirm hosting provider's location and adequacy / DPF certification before publish.]

7. Your rights

You have the following rights with regard to your personal data:

  • Access (Art. 15 GDPR) — confirmation of whether we process your data and, if so, a copy of it.
  • Rectification (Art. 16 GDPR) — correction of inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR) — "right to be forgotten" where the legal grounds are met.
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR) — receive your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21 GDPR) — in particular against processing based on legitimate interest, including the page-view analytics described above.
  • Withdraw consent at any time, with effect for the future, where processing is based on consent (Art. 7(3) GDPR).

To exercise any of these rights, contact us at [FILL IN: hello@nukipa.com or legal@nukipa.com]. We will respond within one month.

8. Right to lodge a complaint

You have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. The authority responsible for Nukipa Labs GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

9. No automated decision-making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR on this website.

10. Security

We use TLS 1.2+ for all traffic to this site and apply appropriate technical and organisational measures under Art. 32 GDPR to protect personal data against loss, misuse and unauthorised access.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes to the site, to our processing, or to the law. The date at the top of this page shows when the policy was last revised.