How this website handles personal data.
A clear notice for visitors, founders, owners, and advisors who contact AILPA through this website. The legal controller is Mainhattan Labs UG (haftungsbeschränkt).
Last updated 2026-07-15
Controller and contact
The controller for this website is the organisation responsible for deciding why and how personal data is processed. AILPA is an operating brand of Mainhattan Labs UG (haftungsbeschränkt) and is not a separate legal entity.
Mainhattan Labs UG (haftungsbeschränkt)Operating brand: AILPA
Managing Director: Rahul Aildasani
Große Gallusstraße 14
60315 Frankfurt am Main
Germany
[email protected]
Register court: Amtsgericht Frankfurt am Main
Registration number: HRB 142557
Questions can be sent to [email protected].
Scope of this notice
This notice covers the public website at ailpa.ai, direct contact through the website, and email correspondence that begins from the website. It covers the website operated under the AILPA brand by Mainhattan Labs UG (haftungsbeschränkt). It does not replace a mandate letter, non-disclosure agreement, data room agreement, or other engagement-specific privacy notice.
If a mandate proceeds, the parties may agree additional confidentiality, security, data processing, technology-use, and document-handling terms appropriate to that transaction.
Data we process
Depending on how you use the site, we may process the following categories of data:
- Website access data: IP address, request time, URL, browser and device information, referrer, and security events generated when the site is delivered through Cloudflare.
- Contact data: name, email address, company, message, and technical metadata submitted through the contact form.
- Email correspondence: the content of your message, email headers, attachments you choose to send, and follow-up correspondence.
- Font delivery data: browser requests made to Fontshare to load the Switzer web font used by the site.
Please do not send highly sensitive information through the public contact form. If a matter requires a secure exchange, we will arrange the appropriate channel directly.
Purposes and legal bases
We process personal data for the following purposes:
- To deliver, secure, monitor, and maintain the website. This processing is based on our legitimate interest in operating a secure public website.
- To receive, assess, and respond to confidential inquiries. This processing is based on steps requested before entering into a possible advisory relationship and our legitimate interest in responding to business communications.
- To keep appropriate records of communications and protect legal rights. This processing is based on legitimate interests and, where applicable, legal obligations.
Contact form submissions
The contact form posts submissions to a Cloudflare Pages Function. The Function validates the request, applies basic anti-spam checks, and stores the inquiry in Cloudflare KV under a submission reference so it can be reviewed and answered.
Contact submissions are used only to respond to the inquiry and manage the relationship that may follow. They are not sold, used for advertising profiles, or used to train public AI models. The website does not make automated decisions about whether we will work with you. Any mandate use of Jordan or related proprietary technology is governed separately by the agreed engagement terms and confidentiality controls.
Recipients and processors
We use service providers only where needed to run the site and communications. These include Cloudflare for hosting, security, Pages Functions, and KV storage; Fontshare for web font delivery; and email infrastructure providers used to receive and answer messages.
We may also share data with professional advisers or authorities if this is necessary to comply with law, protect rights, or handle a dispute. We do not sell personal data.
International transfers
Some providers operate global infrastructure. Where personal data is transferred outside the European Economic Area, we rely on the safeguards made available by the relevant provider, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
Retention
Website security and delivery logs are kept only as long as needed by the relevant provider for security, diagnostics, and service operation. Contact submissions stored through the website are retained for up to 24 months unless a shorter or longer period is necessary because of a live relationship, legal requirement, dispute, or deletion request.
Email correspondence may be kept longer where it forms part of business records, a potential mandate history, or legal documentation.
Your rights
Subject to the conditions in applicable data protection law, you may request access, rectification, erasure, restriction, portability, or object to processing based on legitimate interests. Where processing is based on consent, you may withdraw that consent at any time.
You may also lodge a complaint with a supervisory authority. For Hessen, the competent authority is the Hessian Commissioner for Data Protection and Freedom of Information at datenschutz.hessen.de.
Questions can be sent to [email protected].
Updates
We may update this notice when the website, contact workflow, providers, or legal requirements change. The date at the top of the page shows the latest version.
Need to reach us?