Privacy policy

The controller under the GDPR is AcousticIndex GbR, Strelitzer Straße 19, 10115 Berlin, Germany. Contact: leo@acousticindex.com.

This privacy policy explains how personal data is processed on the Acoustic Index platform. The platform provides a database for acoustic materials and products.

We process personal data on the following GDPR bases:

• Art. 6(1)(a) — consent, for example when using Google OAuth.
• Art. 6(1)(b) — contract performance for platform and account features.
• Art. 6(1)(f) — legitimate interests such as security and error analysis.

The platform is hosted by Vercel Inc. Database and authentication services are provided by Supabase Inc. Transfers to the United States are protected through EU Standard Contractual Clauses where required.

When you visit the site, server logs may include IP address, timestamp, URL, browser and operating-system information and referrer URL. These logs are required to provide the website and are deleted after no more than 30 days.

When you create an account, we store your email address, authentication data and registration timestamp. Manufacturer accounts may also store company, product and measurement data, which can be publicly displayed where this matches the purpose of the platform.

If you contact us, we store the information you submit so we can process and respond to the request.

The platform uses technically necessary cookies for authentication and session management. Optional analytics cookies are only used after consent.

If you sign in with Google, Google may provide your name, email address and profile image URL after your approval. Data may be processed by Vercel, Supabase and Google where those services are used.

Personal data is deleted when it is no longer required for the processing purpose. Account data is removed when the account is deleted, unless legal retention duties apply.

You have GDPR rights to access, rectification, erasure, restriction, portability, objection and withdrawal of consent. To exercise these rights, contact leo@acousticindex.com. You may also lodge a complaint with a data protection authority.

Acoustic Index operates an MCP server at https://acousticindex.com/api/mcp/v1 that can be connected to Anthropic’s Claude assistant after OAuth 2.1 sign-in. The authorization server is our Supabase project; requested scopes are email and profile. Legal basis: contract performance and your consent on the dedicated consent page (Art. 6(1)(a) and 6(1)(b) GDPR).

For each MCP request we log: timestamp, hashed IP address, the tool name invoked, the internal user id and an opaque request id. Retention of these request logs: 30 days.

When you use the planning tools (for example start_project, calculate_room_acoustics_target, recommend_products_for_project) we store the room brief and design constraints under your account. These projects are private to you (enforced via row-level security) and auto-archive after 180 days of inactivity. You can delete them at any time from /konto.

When you fetch certificates or test reports via the get_product_files tool, we log user id, product, file kind and timestamp so the owning manufacturer can see who pulled their documents through MCP. Manufacturers can opt selected file kinds out of MCP delivery in the admin dashboard.

Each approve / deny decision on the consent page is written to an OAuth consent audit log (user id, OAuth client, scopes, decision, IP address, user agent) for traceability under GDPR Art. 7(1).

Anthropic is separately responsible for processing your prompts as the operator of Claude. Anthropic’s privacy policy applies in parallel. You can disconnect the connector at any time in your Claude settings.