Privacy Policy

Last updated: May 12^th, 2025

1. General information

Prior Labs GmbH, Kaiser-Joseph-Str. 254, 79098 Freiburg (hereinafter “PriorLabs”, “we” or “us”) takes the protection of personal data very seriously.
We treat personal data confidentially and always in accordance with the applicable data protection laws, in particular Regulation (EU) 2016/679 (hereinafter “General Data Protection Regulation” or “GDPR”), the German Federal Data Protection Act (hereinafter “BDSG”), and in accordance with the provisions of this privacy policy.

The aim of this privacy policy is to inform you (hereinafter “data subject” or “you”) in accordance with Art. 12 et seq. GDPR about how we process your personal data and for what purposes we process your personal data when using our website https://priorlabs.ai/ (hereinafter “Website”), our services or contacting us.

Unless otherwise stated in this privacy policy, the terms used here have the meaning as defined in the GDPR.

2. Data controller

PriorLabs acts as a controller within the meaning of the GDPR in relation to your personal data processed in connection with the use of our Website, Service or a contact made to or by PriorLabs.

If you have any questions about this privacy policy or the processing of your personal data, you can contact us at the following contact details:

Prior Labs GmbH
Kaiser-Joseph-Str. 254
79098 Freiburg
E-mail: dataprotection@priorlabs.ai

---

Categories, purposes and legal bases of the personal data processed

We process different categories of your personal data for different purposes. Below you can see which data we process in which contexts, for which purposes and on which legal basis we base the respective processing.

2.1. Visiting our Website

When visiting our Website for informational purposes (i.e., mere viewing and without you providing us with any other information), certain personal data is automatically collected and stored in so-called server log files:

• Browser type and version
• Operating system used
• Host name of the accessing computer
• Date and time of access
• IP address of the requesting computer

Such data is not merged with other data sources and is not evaluated for marketing purposes.

Legal basis:
Art. 6 para. 1 sent. 1 lit. f GDPR – our legitimate interest in providing a technically functional, user-friendly Website and ensuring system security.

Duration of storage:
Personal data in log files is deleted after 7 days unless legal retention obligations require longer storage.

---

2.2. Use of our Services

We provide a software to access TabPFN foundation models for analysis of tabular business data (“Services”). Our Acceptable Use Policy strictly prohibits the upload of personal data to use our Services.

Although uploading personal data is not permitted, we do process some personal data when you access our Services via our API.

2.2.1. User account

We process the following data upon registration:

• First and last name
• E-mail address
• Password

Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – performance of or steps prior to entering a contract.

Duration of storage:
You can request account deletion via dataprotection@priorlabs.ai. Inactive accounts are deleted after 3 years.

2.2.2. Usage data

We process the following log file data:

• IP address
• Browser type and version
• Operating system used
• Date and time of access
• Host name of the accessing computer

This data ensures technical functionality, usability, and security.

Legal basis:
Art. 6 para. 1 sent. 1 lit. f GDPR – our legitimate interest in providing and securing our services.

Duration of storage:
Deleted after 7 days unless legally required otherwise.

---

2.3. Contact

If you contact us via e-mail, we process:

• Name
• E-mail address
• Other voluntarily provided data (“Contact Data”)

Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – if related to a (pre-)contractual relationship.
Otherwise, Art. 6 para. 1 sent. 1 lit. f GDPR – legitimate interest in appropriate customer communication.

Duration of storage:
Deleted once the inquiry is resolved, unless legal obligations require retention.

---

2.4. Newsletter

With your consent, we process:

• E-mail address
• Date and time of registration
• IP address and browser type

Newsletters may include tracking links to analyze user engagement. We process:

• Newsletter opening (date/time)
• Clicked links
• IP address, browser type, device type, operating system (“Tracking Data”)

Legal basis:
Art. 6 para. 1 sent. 1 lit. a GDPR – based on your explicit consent.

Duration of storage:
Stored while subscription is active. You can revoke consent anytime via unsubscribe link.

---

2.5. Social media and professional networks

We maintain company profiles on LinkedIn, Github, X, and Discord. Clicking on icons on our Website redirects you to these platforms in a new browser window. No personal data is transferred before you click.

2.5.1. Visiting our pages

Each platform is primarily responsible for processing data when you visit our page there.

2.5.2. Communication via platforms

We may process information such as:

• User name
• E-mail address
• Contact details and communication content
• Job title, company, education, photo, etc.

Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – for contractual/pre-contractual communication.
Otherwise, Art. 6 para. 1 sent. 1 lit. f GDPR – legitimate interest in customer communication.

Duration of storage:
Deleted once no longer needed unless retention is legally required.

---

3. Data receivers

We may share personal data with:

• Legal/tax consultants (acting as independent controllers)
• Advisors or potential buyers in corporate transactions
• Data Processors (under Art. 28 GDPR or EU SCCs)

Current Data Processors:

Data Processor	Purpose
OpenAI	Processing text inputs to our model API
Mailchimp	Newsletter signup
Google Analytics	Usage analytics
Google Cloud	Cloud infrastructure, model processing/inference

---

4. Data transfers to third countries

We primarily process data within the EEA.
Data may be transferred to third countries (e.g., USA) only under appropriate safeguards:

• EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR)
• Adequacy decisions if available

Documentation available on request.

---

5. Your rights

Under GDPR, you have the following rights:

5.1. Right of revocation

Art. 7 para. 3 GDPR – revoke your consent at any time (future effect only).

5.2. Right of access

Art. 15 GDPR – obtain confirmation and details about your processed personal data.

5.3. Right to rectification

Art. 16 GDPR – request correction of inaccurate/incomplete data.

5.4. Right to erasure

Art. 17 GDPR – request deletion of your data.

5.5. Right to restrict processing

Art. 18 GDPR – request restriction of data processing.

5.6. Right to data portability

Art. 20 GDPR – receive your data in a structured, machine-readable format.

5.7. Right to object

Art. 21 GDPR – object to processing based on legitimate interest.

5.8. Right to complain to a supervisory authority

Art. 77 GDPR – complain to a supervisory authority.
Responsible authority for PriorLabs: State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg.
List: [Link to German supervisory authorities]

---

6. Obligation to provide data

Some data must be provided to use the Website as described above. If not provided, we may be unable to respond to inquiries or provide services.

---

7. Automated decisions / profiling

We do not engage in automated decision-making within the meaning of Art. 22 para. 1 GDPR.

---

8. Changes to this privacy policy

We may update this policy. The “Last updated” date will be adjusted accordingly.
Latest version always available at: https://priorlabs.ai/privacy_policy

9. Link to General Terms

For information on the use of our services, including contractual obligations, limitations of liability, and user responsibilities, please refer to our General Terms.