top of page
labelflow.ai
Privacy Policy

Last updated: 11 October 2025

1. Controller

Till Antonio Mahler (sole proprietor)
Am Berlin Museum 12
10969 Berlin, Germany
Email: till@deep-tales.world

2. Purpose and Scope

This Privacy Policy explains how we collect and process personal data when you visit our website, request early access, or otherwise interact with LabelFlow.

We process personal data to:

  • manage beta access and early sign-ups,

  • communicate updates and product information,

  • analyze and improve website performance,

  • ensure secure and reliable operation of our services.

We comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

3. Legal Basis

Processing is based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR) – for email communication, analytics, and marketing tracking.

  • Performance of a contract (Art. 6(1)(b) GDPR) – for responding to your sign-up or inquiry.

  • Legitimate interests (Art. 6(1)(f) GDPR) – for basic site operation, security, and optimization.

You may withdraw your consent at any time by emailing till@deep-tales.world

4. Categories of Data

We may process the following categories of personal data:

  • Contact data: name, email address, organization (if provided).

  • Usage data: IP address (shortened where possible), browser type, pages visited, referrer URL, and session duration.

  • Communication data: form submissions, messages, or feedback you send us.

  • Technical data: timestamps, device information, consent preferences.

5. Data Sources

Data is obtained directly from you (via forms or contact) or indirectly through our analytics and communication tools.

6. Processors and Third-Party Tools 

We work with trusted third-party providers under strict data processing agreements (Art. 28 GDPR). These providers process data only as instructed and in compliance with GDPR and other applicable laws.

Airtable

Used as our internal database and CRM system to manage early-access requests and communication workflows.
Provider: Airtable, Inc., 799 Market Street, San Francisco, CA 94103, USA
Data transfer: Standard Contractual Clauses (SCCs).

Wix

Used for hosting our website and managing form submissions.
Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel
Data transfer: EU adequacy decision for Israel.

Google

Used for analytics (Google Analytics 4 via Google Tag Manager), tracking, and tag management.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data transfer: Standard Contractual Clauses (SCCs).

Twilio

Used for communication infrastructure such as WhatsApp or automated notifications.
Provider: Twilio Inc., 101 Spear Street, Suite 500, San Francisco, CA 94105, USA
Data transfer: Standard Contractual Clauses (SCCs).

Meta (Instagram / Facebook)

Used for analytics and retargeting via Meta Pixel and to measure campaign effectiveness.
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data transfer: Standard Contractual Clauses (SCCs).

OpenAI

Used to generate AI-assisted content (e.g., drafts for communication or text suggestions).
Provider: OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA
Data transfer: Standard Contractual Clauses (SCCs).
Note: No personal data from artists, labels, or users is used for AI training purposes.

Make (formerly Integromat)

Used for workflow automation (connecting forms, Airtable, and notifications).
Provider: Celonis SE, Erika-Mann-Str. 63, 80636 Munich, Germany
Data storage and transfer: EU-based servers unless otherwise stated.

7. Cookies and Analytics

We use essential cookies for site functionality and non-essential cookies (analytics, marketing) only with your consent.


You can adjust your preferences or withdraw consent at any time via the cookie banner or browser settings.

8. Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law.


After that, data is deleted or anonymized.

9. Your Rights

Under the GDPR, you have the right to:

  • request access to your personal data,

  • request correction or deletion,

  • restrict processing or object to it,

  • withdraw consent at any time,

  • request data portability (Art. 20 GDPR).

To exercise your rights, please contact: till@deep-tales.world

10. Data Security

We implement appropriate technical and organizational measures to protect data against loss, misuse, and unauthorized access, including SSL encryption and limited access to stored data.

11. International Data Transfers

When data is processed outside the EU/EEA (e.g. by Airtable, Google, Meta, or OpenAI), we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and additional technical measures where applicable.

12. Updates to this Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.


The current version is always available on this page.

bottom of page