Privacy Policy

Last updated: February 25, 2026

Experim ("we", "us", "our") is operated by Markus Rothmüller. We take your privacy seriously. This policy explains what data we collect, why, and how we protect it.

1. What we collect

When you use Experim, we may collect:

• Account information — name, email address, and profile picture when you sign up via email or Google OAuth.
• Usage data — hypotheses, experiments, learnings, and other content you create within the platform.
• Technical data — browser type, device type, and IP address for security and debugging purposes.

We do not collect data beyond what is necessary to provide the service.

2. Why we collect it

We use your data to:

• Provide and maintain the Experim platform
• Authenticate your account and manage access
• Power AI features (experiment recommendations, hypothesis analysis)
• Improve the product based on aggregate usage patterns
• Communicate with you about your account or updates

3. Legal basis (GDPR)

We process your data based on:

• Contract performance — to provide the service you signed up for (Art. 6(1)(b) GDPR).
• Legitimate interest — to improve our product and ensure security (Art. 6(1)(f) GDPR).
• Consent — for optional communications like our newsletter (Art. 6(1)(a) GDPR).

4. Third-party services

We use the following third-party services to operate Experim:

• Supabase (EU region) — database, authentication, and file storage.
• Vercel — hosting and content delivery.
• Google OAuth — optional sign-in method.
• OpenAI / Anthropic API — AI-powered features. Your content may be sent to these APIs for processing but is not used to train their models.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

5. Cookies

Experim uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

6. Data storage and security

Your data is stored on Supabase servers in the EU. We use industry-standard security measures including encryption in transit (TLS), row-level security policies, and secure authentication flows.

7. Your rights

Under GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — for any consent-based processing, at any time.

To exercise any of these rights, contact us at privacy@experim.space.

8. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.

10. Contact

For any privacy-related questions or requests:

Markus Rothmüller
privacy@experim.space