Privacy Policy¶
Last updated: May 12th, 2025
1. General information¶
Prior Labs GmbH, Kaiser-Joseph-Str. 254, 79098 Freiburg (hereinafter “PriorLabs”, “we” or “us”) takes the protection of personal data very seriously.
We treat personal data confidentially and always in accordance with the applicable data protection laws, in particular Regulation (EU) 2016/679 (hereinafter “General Data Protection Regulation” or “GDPR”), the German Federal Data Protection Act (hereinafter “BDSG”), and in accordance with the provisions of this privacy policy.
The aim of this privacy policy is to inform you (hereinafter “data subject” or “you”) in accordance with Art. 12 et seq. GDPR about how we process your personal data and for what purposes we process your personal data when using our website https://priorlabs.ai/ (hereinafter “Website”), our services or contacting us.
Unless otherwise stated in this privacy policy, the terms used here have the meaning as defined in the GDPR.
2. Data controller¶
PriorLabs acts as a controller within the meaning of the GDPR in relation to your personal data processed in connection with the use of our Website, Service or a contact made to or by PriorLabs.
If you have any questions about this privacy policy or the processing of your personal data, you can contact us at the following contact details:
Prior Labs GmbH
Kaiser-Joseph-Str. 254
79098 Freiburg
E-mail: dataprotection@priorlabs.ai
Categories, purposes and legal bases of the personal data processed¶
We process different categories of your personal data for different purposes. Below you can see which data we process in which contexts, for which purposes and on which legal basis we base the respective processing.
2.1. Visiting our Website¶
When visiting our Website for informational purposes (i.e., mere viewing and without you providing us with any other information), certain personal data is automatically collected and stored in so-called server log files:
- Browser type and version
- Operating system used
- Host name of the accessing computer
- Date and time of access
- IP address of the requesting computer
Such data is not merged with other data sources and is not evaluated for marketing purposes.
Legal basis:
Art. 6 para. 1 sent. 1 lit. f GDPR – our legitimate interest in providing a technically functional, user-friendly Website and ensuring system security.
Duration of storage:
Personal data in log files is deleted after 7 days unless legal retention obligations require longer storage.
2.2. Use of our Services¶
We provide a software to access TabPFN foundation models for analysis of tabular business data (“Services”). Our Acceptable Use Policy strictly prohibits the upload of personal data to use our Services.
Although uploading personal data is not permitted, we do process some personal data when you access our Services via our API.
2.2.1. User account¶
We process the following data upon registration:
- First and last name
- E-mail address
- Password
Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – performance of or steps prior to entering a contract.
Duration of storage:
You can request account deletion via dataprotection@priorlabs.ai. Inactive accounts are deleted after 3 years.
2.2.2. Usage data¶
We process the following log file data:
- IP address
- Browser type and version
- Operating system used
- Date and time of access
- Host name of the accessing computer
This data ensures technical functionality, usability, and security.
Legal basis:
Art. 6 para. 1 sent. 1 lit. f GDPR – our legitimate interest in providing and securing our services.
Duration of storage:
Deleted after 7 days unless legally required otherwise.
2.3. Contact¶
If you contact us via e-mail, we process:
- Name
- E-mail address
- Other voluntarily provided data (“Contact Data”)
Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – if related to a (pre-)contractual relationship.
Otherwise, Art. 6 para. 1 sent. 1 lit. f GDPR – legitimate interest in appropriate customer communication.
Duration of storage:
Deleted once the inquiry is resolved, unless legal obligations require retention.
2.4. Newsletter¶
With your consent, we process:
- E-mail address
- Date and time of registration
- IP address and browser type
Newsletters may include tracking links to analyze user engagement. We process:
- Newsletter opening (date/time)
- Clicked links
- IP address, browser type, device type, operating system (“Tracking Data”)
Legal basis:
Art. 6 para. 1 sent. 1 lit. a GDPR – based on your explicit consent.
Duration of storage:
Stored while subscription is active. You can revoke consent anytime via unsubscribe link.
2.5. Social media and professional networks¶
We maintain company profiles on LinkedIn, Github, X, and Discord. Clicking on icons on our Website redirects you to these platforms in a new browser window. No personal data is transferred before you click.
2.5.1. Visiting our pages¶
Each platform is primarily responsible for processing data when you visit our page there.
2.5.2. Communication via platforms¶
We may process information such as:
- User name
- E-mail address
- Contact details and communication content
- Job title, company, education, photo, etc.
Legal basis:
Art. 6 para. 1 sent. 1 lit. b GDPR – for contractual/pre-contractual communication.
Otherwise, Art. 6 para. 1 sent. 1 lit. f GDPR – legitimate interest in customer communication.
Duration of storage:
Deleted once no longer needed unless retention is legally required.
3. Data receivers¶
We may share personal data with:
- Legal/tax consultants (acting as independent controllers)
- Advisors or potential buyers in corporate transactions
- Data Processors (under Art. 28 GDPR or EU SCCs)
Current Data Processors:
Data Processor | Purpose |
---|---|
OpenAI | Processing text inputs to our model API |
Mailchimp | Newsletter signup |
Google Analytics | Usage analytics |
Google Cloud | Cloud infrastructure, model processing/inference |
4. Data transfers to third countries¶
We primarily process data within the EEA.
Data may be transferred to third countries (e.g., USA) only under appropriate safeguards:
- EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR)
- Adequacy decisions if available
Documentation available on request.
5. Your rights¶
Under GDPR, you have the following rights:
5.1. Right of revocation¶
Art. 7 para. 3 GDPR – revoke your consent at any time (future effect only).
5.2. Right of access¶
Art. 15 GDPR – obtain confirmation and details about your processed personal data.
5.3. Right to rectification¶
Art. 16 GDPR – request correction of inaccurate/incomplete data.
5.4. Right to erasure¶
Art. 17 GDPR – request deletion of your data.
5.5. Right to restrict processing¶
Art. 18 GDPR – request restriction of data processing.
5.6. Right to data portability¶
Art. 20 GDPR – receive your data in a structured, machine-readable format.
5.7. Right to object¶
Art. 21 GDPR – object to processing based on legitimate interest.
5.8. Right to complain to a supervisory authority¶
Art. 77 GDPR – complain to a supervisory authority.
Responsible authority for PriorLabs: State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg.
List: [Link to German supervisory authorities]
6. Obligation to provide data¶
Some data must be provided to use the Website as described above. If not provided, we may be unable to respond to inquiries or provide services.
7. Automated decisions / profiling¶
We do not engage in automated decision-making within the meaning of Art. 22 para. 1 GDPR.
8. Changes to this privacy policy¶
We may update this policy. The “Last updated” date will be adjusted accordingly.
Latest version always available at: https://priorlabs.ai/privacy_policy
9. Link to General Terms¶
For information on the use of our services, including contractual obligations, limitations of liability, and user responsibilities, please refer to our General Terms.