AI² Network

Legal

Privacy policy

Last updated: 20 May 2026

1. Controller

The controller responsible for this website is:

AI² – Association Industrial AI
Website: https://www.industrial-ai-network.com

2. General information

We take the protection of personal data seriously. We process personal data only where necessary and in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law.

This privacy policy explains what data we collect, why we collect it, and what rights you have.

3. Data collected when visiting this website

When you visit our website, technical data may be processed automatically, including:

  • IP address
  • date and time of access
  • browser type and version
  • operating system
  • referring website
  • pages visited

This data is processed to ensure the secure and reliable operation of the website.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in operating a secure website.

4. Contact forms and membership inquiries

If you contact us, register interest, or apply to join AI², we may process:

  • name
  • email address
  • organization
  • role or professional background
  • message content
  • LinkedIn profile, if provided

We use this data to respond to your request, evaluate membership interest, and communicate with you about AI² activities. Where we sync enquiries to HubSpot, that transfer happens from our servers (not via a HubSpot tracking pixel in your browser unless we add one separately and list it in our consent tool).

Legal basis: Art. 6(1)(b) GDPR for pre-contractual communication and Art. 6(1)(f) GDPR for legitimate organizational communication.

5. Event registration

If you register for an AI² event, we may process:

  • name
  • email address
  • organization
  • job title
  • registration status
  • participation information

Event registration may be handled through third-party providers such as Zoom, LinkedIn, or other event platforms. Their own privacy policies apply when you use their services.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

6. Newsletter and updates

If you subscribe to updates or newsletters, we process your email address and, where provided, your name and organization.

You can unsubscribe at any time using the unsubscribe link or by contacting us directly.

Legal basis: Art. 6(1)(a) GDPR - consent.

7. Portal accounts and member profiles

If you create a portal account (sign-up or sign-in), we process data needed to authenticate you and maintain your member profile, for example:

  • email address and account identifiers
  • name and professional details you provide in your profile
  • profile photo, if uploaded
  • sign-in method (e.g. email/password or LinkedIn OAuth, if enabled)
  • technical session data required to keep you logged in securely

This data is stored in our application database (Supabase, EU region) and used to operate the member area of the website, not for advertising profiling.

Legal basis: Art. 6(1)(b) GDPR for providing the account and member services you request, and Art. 6(1)(f) GDPR for securing and operating the portal.

8. Member hub (members-only community)

Member hub is our optional members-only space for discussion and collaboration with other AI² members. It is hosted on Discord (Discord Inc., USA). We do not operate a separate chat product on this website; connecting Member hub links your portal account to Discord so we can grant access to our private server.

When you choose to join. If you are an eligible portal member, you can start setup from your profile or the navigation. We redirect you to Discord to authorize access (OAuth scopes identify and guilds.join). We then store in Supabase (EU):

  • your Discord user ID
  • your Discord display name at the time of connection
  • connection timestamp and sync status for access management
  • the link between your portal user ID and that Discord account

We use a short-lived OAuth access token only during setup to add you to our server and assign a member role; we do not store that token in our database. We do not read or store the content of your messages, voice, or other activity inside Discord through this website.

While you use Discord. Anything you post or do inside Discord (messages, files, voice, metadata) is processed under Discord's privacy policy. Discord acts as an independent controller (or co-controller) for that in-product processing. We are responsible for the link data we store and for managing access to our server (including revoking the member role when you disconnect or are no longer eligible).

Disconnect and access. You can leave Member hub from your profile; we remove the stored link fields and revoke server access. We may also reconcile access periodically when eligibility changes (for example if your portal account no longer meets the conditions for member access).

Legal basis: Art. 6(1)(b) GDPR — providing the member community benefit tied to your portal membership; and, for the OAuth authorization step, Art. 6(1)(a) GDPR where applicable as your voluntary choice to connect the accounts.

9. LinkedIn and external links

Our website may link to LinkedIn profiles or other external websites. We are not responsible for the data processing of external providers. Please review their privacy policies separately.

10. Cookies, local storage, consent, and analytics

We keep this site's footprint small. We do not use third-party advertising or social pixels in the browser. What we use today:

  • Essential / session. When you sign in, Supabase Auth sets first-party cookies (or equivalent storage) so your session works. These are strictly necessary for authentication and security and are not used for marketing.
  • Member hub setup (short-lived). When you start connecting Member hub, we set a short-lived, first-party cookie to prevent abuse of the OAuth flow (state parameter). It is deleted after the callback completes or expires within minutes.
  • Consent choice (Klaro). We load Klaro, an open-source consent manager (KIProtect), hosted from this same website. Klaro stores your preferences in browser local storage (storage key klaro-ai2-consent; consent records use a 180-day expiry in our configuration). You can reopen the dialog anytime via Cookie settingsin the site footer. Klaro's own link in the dialog points to its project; this policy is the authoritative description of our processing.
  • Optional analytics (Plausible). If enabled in our environment, we initialise Plausible using the official @plausible-analytics/tracker package, only after you opt in through Klaro. Page views and optional custom events are sent to a first-party endpoint on this domain (/api/p/event), which our hosting configuration forwards to Plausible Analytics (EU-based). That design avoids third-party advertising cookies and keeps measurement privacy-oriented. When opted in, the tracker may also record anonymised signals such as outbound link clicks, file downloads, and form submissions, as supported by the SDK. If Plausible is not configured in our deployment, no analytics measurement runs even if you accept the category.
  • Performance monitoring (Vercel Speed Insights). On our production deployment we use Vercel Speed Insights to measure real-world page speed (Core Web Vitals such as load time and layout stability). It sends anonymised performance beacons from your browser to Vercel; it does not use advertising cookies and is separate from optional Plausible analytics. We use this to see which pages feel slow and improve the site.
  • News and article applause.On public news and article pages you can use a one-tap "applause" control. Your browser stores a random identifier in local storage (and a per-article flag) so we can offer a Medium-style experience: at most one applaud per piece of content from your browser without requiring an account. When you applaud, we send that identifier with a content key to our database (Supabase, EU region) so we can deduplicate votes and show an aggregate count. We do not use applause to identify you by name or email, and you can clear the effect in your browser by deleting site data for this domain.

Legal basis: essential cookies and storage under Art. 6(1)(f) GDPR (secure operation of the site and services) and, where applicable, Art. 6(1)(b) GDPR for log-in; optional optional analytics under Art. 6(1)(a) GDPR via Klaro; anonymised performance monitoring under Art. 6(1)(f) GDPR (operating and improving the site); anonymous applause and the related first-party browser storage under Art. 6(1)(f) GDPR for operating that optional engagement feature.

11. Data sharing

We do not sell personal data.

We use a small set of processors to run the platform. Depending on what you use on the site, data may be processed by:

  • Supabase (EU region) for authentication and application data when you have an account or submit data through authenticated flows, and for anonymous applause on public news and articles (content key plus random visitor identifier for deduplication and aggregate counts only).
  • Vercel for hosting and delivery of the website (including technical logs such as IP address for a limited time as part of normal HTTP operation), and Speed Insights (anonymised Core Web Vitals beacons from production pages).
  • HubSpot when you submit a membership enquiry or similar forms: profile and message fields are sent from our servers to HubSpot as part of CRM processing. We do not rely on HubSpot marketing cookies in the browser for this; integration is server-side unless we explicitly add a separate tracking technology later (which would then appear in Klaro).
  • Plausible Analytics only if you have opted in to analytics in Klaro and the feature is enabled in our configuration. Requests go from your browser to our own domain first (first-party endpoint), then to Plausible for counting.
  • Resend when we send transactional emails (for example account confirmation, password reset, or membership-related notifications): your email address and message content are transmitted to Resend for delivery.
  • Discord when you connect Member hub: Discord receives OAuth authorization data from you directly in the browser, and our servers call Discord's API to add your account to our private server and manage a member role. Discord also processes your activity on their platform under their own terms.

Other providers (e.g. event platforms) apply only when you use those features. Such providers act either as processors under Art. 28 GDPR or as independent controllers, as described in their own policies.

Transfers outside the EEA. Some providers are based outside the European Economic Area (including the USA), for example Discord, HubSpot, Resend, and Vercel. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and/or provider certifications, as offered by those vendors for their services.

12. Data retention

We store personal data only as long as necessary for the purpose for which it was collected, unless legal retention obligations apply.

Contact and inquiry data is usually deleted once the request has been completed, unless further communication or documentation is required.

Portal account and profile data are kept while your account exists. Member hublink data (Discord user ID and related fields) is kept while you remain connected; when you disconnect or lose eligibility, we clear those fields and revoke server access. Data may remain on Discord's systems according to their retention rules until you delete your Discord account or exercise rights with Discord directly.

13. Your rights

Under the GDPR, you have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent at any time
  • lodge a complaint with a supervisory authority

14. Contact

For privacy-related questions, contact us at:

Contact person: Vlad Larichev
Email: mail@ai2n.eu

15. Changes to this privacy policy

We may update this privacy policy when our website, services, or legal requirements change.