Privacy Policy
In short: Beckmann (beckmann.ai) is a statically served website with no ad tracking and no cookie-banner circus. For audience measurement we run a self-hosted, cookieless solution that stores no personal data (section 7a). Otherwise, data is only processed where technically necessary — and for features you actively use (search, account/MCP hub, newsletter).
1. Controller
2. Hosting & server logs
The website runs on our own server (VPS) at STRATO AG, Pascalstraße 10, 10587 Berlin, Germany — server location Germany. When you access pages (beckmann.ai) or services (api.beckmann.ai, mcp.beckmann.ai), the web server technically processes: IP address, timestamp, requested URL, HTTP status, referrer and user agent (access/error logs). Purpose: delivery, stability, debugging and abuse prevention (e.g. rate limits). Legal basis: Art. 6(1)(f) GDPR. Retention: logs rotate daily and are deleted automatically after 14 days at the latest.
3. Local storage in your browser
The site stores a few settings locally in your browser only (localStorage/sessionStorage): the
color scheme (theme), a sign-in hint and a small profile snapshot (name, avatar
URL) for instant display after login (bmcp-*), plus a short-lived configuration
cache. These values are never transmitted to us and solely serve the feature you requested
(§ 25(2) no. 2 German TDDDG); you can delete them anytime via your browser settings. We set no
tracking cookies of our own; for Clerk's necessary login cookies see section 5.
4. Blog search & knowledge base (RAG)
Search queries are sent to our own API (api.beckmann.ai). For semantic search the query text — without any name, account or contact data — is transmitted to OpenAI, L.L.C. (USA) to compute an embedding; OpenAI is certified under the EU-US Data Privacy Framework. Results are cached server-side briefly (approx. 60 seconds); IP-based rate limiting protects against abuse. Legal basis: Art. 6(1)(b)/(f) GDPR.
5. Account & sign-in (Clerk)
You can create an account for the MCP hub (“My MCP Server”). Sign-in is handled by our
processor Clerk, Inc. (USA; certified under the EU-US Data Privacy Framework). Clerk processes
e-mail address, name, profile picture (if any) and IP address, and sets strictly necessary
authentication cookies (e.g. __session, __client_uat) under
beckmann.ai — without signing in, no Clerk scripts are loaded and no cookies are set. On our
server we only store your Clerk user ID and your tool selection. Legal basis: Art. 6(1)(b)
GDPR. Retention: until you delete your account (via “Manage profile” or by e-mail).
6. Personal MCP server (mcp.beckmann.ai)
When you connect an AI client (e.g. Claude, ChatGPT), it receives an access token (valid 30 days) after your sign-in, stored by your client. Our server only processes the individual tool calls (e.g. a query of the knowledge-base search — then as in section 4 incl. the OpenAI embedding) plus technical connection data (section 2). We do not receive the rest of your conversations with the AI client. Legal basis: Art. 6(1)(b) GDPR.
7. Newsletter
For the newsletter we run a self-hosted instance of the open-source software Listmonk on our own server – no data is shared with third-party providers. Sign-up uses double opt-in: we store your email address, the sign-up and confirmation timestamps and your subscription status; sending only starts after confirmation. Every email contains a one-click unsubscribe link; your data is then deleted. Legal basis: Art. 6 (1) (a) GDPR (consent).
7a. Audience measurement (Umami, cookieless)
To measure reach (page views, referrers, coarse device class) we run a self-hosted instance of the open-source software Umami on our own server. Umami sets no cookies, builds no user profiles and stores no personal data; IP addresses are not stored and visitors are only counted as anonymous daily aggregates. We additionally count individual interactions as anonymous events (e.g. clicks on share buttons, browsing post sliders, or newsletter sign-ups) – likewise without any personal reference and without search terms or input content. No data is shared with third parties. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in anonymous audience measurement); no cookie banner is required for this.
8. E-mail contact
If you write to us, we process your details to handle the request (Art. 6(1)(b)/(f) GDPR) and delete them once no longer required, unless retention obligations apply.
9. Recipients & third-country transfers
Service providers: STRATO AG (hosting, Germany), Clerk, Inc. (sign-in, USA) and OpenAI, L.L.C. (search embeddings, USA). Transfers to the USA rely on the adequacy decision for the EU-US Data Privacy Framework. No data is shared for advertising purposes; there is no automated decision-making within the meaning of Art. 22 GDPR.
10. Your rights
You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18) and data portability (Art. 20 GDPR). You may object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR). You may also lodge a complaint with a data protection authority — e.g. the State Commissioner for Data Protection of Lower Saxony, Germany. The German version of this policy is authoritative.
11. Version
July 2026. This policy will be updated when features or service providers change.