Last Updated: Jan 28, 2026
This Privacy Policy explains how Apex Digital GmbH (“Apex Digital”, “Kalai”, "we", "us", "our") processes personal data when you visit our website or contact us about Kalai.
In the following provisions, we inform you about the type, scope, and purposes of the collection and use of your personal data when using Our Services. Personal data refers to any information that relates to an identified or identifiable natural person. This includes, in particular, your name and email address.
Our Services are intended for business users (B2B). However, business contact details can still be personal data under the GDPR.
Provider
The provider of Our Services and the controller in the sense of the GDPR is:
Apex Digital GmbH
Neuer Wall 80
20354 Hamburg
Germany
Email: support@getkalai.com
Data Processing to Enable Use
Whenever you access the content of Our Services, connection data is transmitted to our web server and infrastructure providers. This connection data may include:
The IP address of the user,
The date and time of the request,
The referring URL (referrer),
Device identifiers (where provided by your device/browser),
Device information (e.g., device type, operating system),
Browser type and browser version.
This connection data is not used to infer your identity nor merged with data from other sources for identification purposes. It is processed to provide the website, ensure stability, and protect against misuse and attacks.
Purpose: Providing the website, ensuring stability and IT security, preventing abuse.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest)
Data Processing upon Request
Our website can generally be used without actively providing personal data. However, if you request certain information or interact with us (for example by scheduling a demo or requesting a resource such as a whitepaper), we process the data you submit for that purpose.
3.1 Scheduling a Demo (Calendly)
If you schedule a demo via Calendly, we process the data you submit via the booking form, typically:
Name
Email address
Company name (if provided)
Selected time slot
Optional notes you enter
Technical data necessary to provide the booking (may include IP address and device information).
Purpose: Scheduling and conducting a demo and related pre-contract communication.
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR (steps prior to entering into a contract) and, where applicable, Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in efficient scheduling and communication).
Recipient (processor): Calendly LLC (or the relevant Calendly entity, depending on your location and Calendly setup).
International transfers: Depending on Calendly’s setup, data may be processed outside the EU/EEA. Where applicable, we rely on appropriate safeguards such as EU Standard Contractual Clauses and, if available, adequacy mechanisms (e.g., EU-US Data Privacy Framework).
Storage duration: 12 months after the meeting date, unless longer retention is required for documentation of business communication or legal obligations.
3.2 Requests for Resources (e.g., Whitepaper, Case Study, Webinar Materials) (if applicable)
If we offer downloadable resources (for example whitepapers, case studies, or webinar materials) and you request them via a form, we may process:
Name
Email address
Company name and role (if requested)
Any additional information you submit.
Purpose: Delivering the requested material and, where relevant, following up regarding your request.
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR (steps prior to entering into a contract) and/or Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in responding to requests and business communication).
If we send marketing emails beyond the requested material, we will do so only where a legal basis exists (for example consent under Art. 6 para. 1 lit. a GDPR, where required) and we will provide an opt-out.
Storage duration: 24 months after last interaction, unless legal obligations require longer.
3.3 Contacting Support
If you contact us by email (support@getkalai.com), we process the information contained in your message, typically:
Name, email address, company (if included),
Message content and any attachments,
Metadata required for communication (e.g., time of sending).
Purpose: Handling inquiries, customer support, and business communication.
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR (contract performance / steps prior to entering into a contract) and/or Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in responding to inquiries).
Storage duration: 24 months after last contact, unless statutory retention obligations require longer.
3.4 CRM Processing (HubSpot)
We use HubSpot as our CRM to manage inquiries, leads, and business communications. If you schedule a demo, contact us, or request materials, we may store the relevant contact data in HubSpot, for example:
Name, email address, company name, role (if provided),
Communication history and notes related to the business relationship.
Purpose: Managing business communications and customer relationships, documenting requests, improving response handling.
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR and/or Art. 6 para. 1 sentence 1 lit. f GDPR.
Recipient (processor): HubSpot, Inc. (or relevant HubSpot group entities depending on setup).
International transfers: Depending on HubSpot’s setup, data may be processed outside the EU/EEA. Where applicable, we rely on appropriate safeguards such as EU Standard Contractual Clauses and additional measures where required, and potentially adequacy mechanisms (e.g., EU-US Data Privacy Framework) where applicable.
Important note: We currently do not use HubSpot website tracking code for analytics/marketing cookies on our website. If we enable tracking features in the future, we will update this Privacy Policy and, where required, ask for consent via a cookie banner.
Storage duration: We store CRM records for as long as necessary for the business relationship and documentation, and delete or anonymize them in accordance with our retention policy: Delete after 24 months of inactivity unless legal reasons require longer.
Data Processing for Service Optimization (Cookies and Similar Technologies)
Our Services may use cookies or similar technologies that are technically necessary for operation, security, and performance.
Necessary technologies (e.g., essential cookies): These are required to operate the website and protect it from attacks
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest), and where applicable, relevant national rules on accessing end-user devices.
Optional technologies (e.g., analytics or marketing cookies): If we introduce optional analytics or marketing tools, we will request consent via a cookie banner where required.
Legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR (consent).
Consent (where required) can be withdrawn at any time via "Cookie Settings" in the footer, once implemented.
Service Providers (Hosting and Delivery)
We use the following providers to operate and secure Our Services:
5.1 Framer (Website Hosting)
Our website is hosted via Framer. When you visit our website, your browser loads content required to display the website, which results in the processing of technical data such as your IP address.
Purpose: Website delivery and operation.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in operating a secure and functional website).
5.2 Cloudflare (Security, CDN, Video Delivery)
We use Cloudflare to secure and accelerate delivery of website resources and videos. Cloudflare may process technical data (including IP address and request metadata) to provide content delivery and security functions (e.g., DDoS protection).
Purpose: Secure and reliable content delivery, performance, and protection against attacks.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in secure operation).
International transfers: Depending on configuration, data may be processed outside the EU/EEA. Where applicable, we rely on appropriate safeguards such as EU Standard Contractual Clauses and, where available, adequacy mechanisms.
Data Transfer
We only transfer your data when:
it is necessary for providing Our Services,
you have consented (where applicable),
a legal obligation exists, or
another legal basis applies.
6.1 Data Transfer to Non-EU Countries
Some of our service providers may process data outside the EU/EEA (including the USA). Where applicable, we rely on:
EU Standard Contractual Clauses (SCCs),
adequacy mechanisms where available (e.g., EU-US Data Privacy Framework),
Art. 49 GDPR derogations where applicable (exceptional cases).
Storage Duration
We store personal data only as long as necessary for the purposes for which it was collected or until statutory retention periods expire.
Security Measures
We protect your data with appropriate technical and organizational measures to prevent unauthorized access, loss, and misuse.
Your Rights
You have the right to:
Access your data
Correct inaccurate data
Request deletion
Restrict processing
Receive your data in a portable format (where applicable)
Object to processing based on legitimate interests
withdraw consent at any time (where processing is based on consent)
To exercise your rights, please contact: support@getkalai.com
Right to Object
Where we process personal data on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR), you may object to the processing of your personal data at any time for reasons arising from your particular situation.
Complaints
You have the right to lodge a complaint with a supervisory authority. A competent authority for Hamburg is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
Email: mailbox@datenschutz.hamburg.de
12. Changes to the Privacy Policy
We will update this Privacy Policy as necessary. The current version is always available on our website.
Kalai for all your documents