Privacy Policy


Your privacy is critically important to us. At Alpaqa Studio, we have a few fundamental principles:

  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
  • We don’t store personal information on our servers unless required for the ongoing operation of one of our services.

Below is our Privacy Policy, which incorporates and clarifies these principles.


We at APC Labs GmbH, the developer and operator of Alpaqa Studio, respect your privacy. All information you give us is held with the utmost care and security. Alpaqa Studio is committed to protecting your privacy. If you’re visiting our websites, using our products and services, working with any of our teams, meeting us at events or applying for a role with us, this privacy policy sets out what data we collect, and how we use it. It also describes your rights regarding our use of your data.

Please take time to review this privacy policy as it sets out our privacy practices and tells you how we will treat your personal information. We do not sell, rent or loan any identifiable information regarding our customers to any third party. Only in the circumstances described within this Privacy Policy would we share your information with any third party.

Our use of personal data is in accordance with the General Data Protection Regulations (GDPR).

1. Identity of the controller

APC Labs GmbH
c/o Kreuzkoelln Office
Friedelstr. 40
12047 Berlin

2. Data processing

2.1. Personal data

Pursuant to the General Data Protection Regulation (“GDPR“), personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2. General use of the Website

Our webserver(s) register(s) all connections to the Website automatically and collects the following technical information about your visit:

  • Your IP address;
  • the name of the files accessed;
  • information about the transmission;
  • date and time of the connection;
  • the amount of data transmitted;
  • the requesting provider;
  • the referrer; and
  • the web browser/user agent.

We store this data in log files in order to ensure the safety and integrity of our IT-Systems. Additionally, we use your IP address only to enable communication with our Website. Both constitute our legitimate interests of us pursuant to Art. 6 par. 1 lit. f) GDPR. We store our log files for 8 weeks.

2.3. Signing up for Early Access

You can sign up for Early Access by providing us your personal data, namely:

  • First name
  • Last name
  • Email address
  • Area code (optional)
  • Phone number (optional)

We use this data to get insights who shows interest in our software and services and for what purpose our software and services might be used. Moreover we use this data to contact you to provide you with guidance, support and helpful tips & tricks for our software and services, and general information about our products and services. The legal basis is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes also constitute our legitimate interests. If you agreed to receive helpful information, we store your data until you object. Otherwise, we delete your data after 2 years.

2.4. Buying our Software and Services

If you are a commercial user, you can buy our products directly from our Website or via the Microsoft Azure Marketplace. For this purpose we collect your:

  • First name
  • Last name
  • Company
  • Email address
  • Telephone number
  • A billing address
  • Additional payment information depending on the payment method you choose

We use this information for the purposes of performance and conclusion of contract. The legal basis is Art. 6 par. 1 lit. b) GDPR. Additionally, we are legally obliged to store certain data, which is included in contracts and invoices as well as in business letters or other documents relevant for taxation or accounting. The legal basis is Art. 6 par. 1 lit. c) GDPR. If you purchase the software or the service for somebody else, we collect the customer’s name and the companies’ name. We only use this information to embed it into the license key. We store the data that is relevant for taxation and accounting for 11 years from the end of the year the contract is concluded in. Any other data is stored for 3 years after the end of the year the contract is concluded in.

2.5. Feedback and Support via our Website, the Software, or the Service

We enable you to contact us and ask us for support on our Website. For these purposes we collect your:

  • First name
  • Last name
  • Email address and
  • Your message to us

Depending on the topic you request our help for, we may ask you for additional information to help us assist you. We may share this with our product development teams to enable them to reproduce and fix product issues. Alpaca Studio also maintains a presence on Twitter, Facebook, Youtube, and LinkedIn. We manage your interactions with us using Hootsuite and Publer as well as using social media platforms directly. If you send us a message via social media, we may include this in our CRM systems.

The legal basis for these processing is Art. 6 par. 1 lit. f) GDPR. Our legitimate interest is to answer your questions and fulfill your requests. We store your data for 3 years.

Some of our products also include feedback mechanisms such as live chat. If you’re signed into the product, we’ll see your name and email address when you chat to us. Any information you send to us in the chat session will be shared with our product development and support teams. We store your data for 3 years.

2.6. Newsletters and drip campaigns

We send newsletters, onboarding, and educational emails using HubSpot, MailChimp and SendGrid on the legal basis of Art. 6 par. 1 lit. a) GDPR. We store the data necessary for sending the newsletters until you withdraw your consent. We gather statistics around email opening and interaction using industry-standard technologies, including tracking pixels, to analyze the performance or email campaigns. We use data about your interactions with our emails as an indicator of your interest in our products. We may also use your interaction with our previous newsletters to send you more appropriate information in the future. The legal basis for this processing is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute our legitimate interests. We store your data for 3 years.

You can opt out of receiving these newsletters and drip campaigns at any time by clicking the unsubscribe link in these emails, or sending an email to

2.7. Information sent to us when you use our products

Our products send usage and fault reporting information to us. We use this to:

  • Measure how many people are using the different versions of our products, and the different features within them,
  • Understand the environments in which our products are used,
  • Measure the success of our sales and marketing operations,
  • Guide product development decisions and improve our products,
  • Assist you in your evaluation, purchasing, and renewal of our products.

We use your basic environment and high-level usage data in conjunction with your records in our marketing and CRM systems. Your use of individual features is submitted anonymously and is not linked to your identity.Some of our products allow you to submit error reports if something goes wrong. These contain logs and other diagnostic data, and you can choose to include your contact details and any additional information you think may be useful. Our support and development teams use this data to improve our products.
If you choose not to include diagnostic data with an error report, an anonymous record of the type of error which occurred will be sent. This allows us to measure how many of our customers experience errors and prioritize our focus for product development. The legal basis for this processing is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute our legitimate interests. We store your data for 3 years

2.8. Applying for a role with us

If you apply for a role at Alpaqa Studio, we will use all the information you provide to assess your application. In most cases this will be at least your name, address, birth date and your CV. If you are unsuccessful in your application, we will remove your data after 6 months. The legal basis is Art. 6 par. 1 lit. f) GDPR. We may ask your permission to keep your details on file in our talent pool on the legal basis of Art. 6 par. 1 lit. a) GDPR. We store this data until you withdraw your consent.

2.9. Cookies

Your web browser allows you to control whether cookies can be stored by our websites. However, disabling cookies will prevent certain parts of our websites from working correctly. Your web browser’s documentation has more information on controlling cookie behavior.

We use cookies on our websites to:

  • Maintain your active session
  • Store your preferences
  • Track the success of our marketing and advertising campaigns
  • Analyze the way people use our websites
  • Gather data on how our websites are performing

Our use of cookies is based on Art. 6 par. 1 lit. f) GDPR. The mentioned purposes also constitute our legitimate interest. For a detailed information on the analytics, tracking and advertising tools and the respective possibilities to opt-out, please refer to Section 11.

2.10. Using our Service

When you start using and use the Alpaqa Studio Service you might submit more data depending on the way of use of our services according to our terms of service. Alpaqa Studio will collect:

  • Your first and last name associated with your Azure account used to sign up
  • Your email address associated with your Azure account used to sign up
  • Cosmos DB account details for accounts added to Alpaqa Studio

We use the information and data collected in the Service, including your personal data, in order to fulfill our contractual obligations for you/our customers based on the legal basis of Art. 6 (1) b. GDPR or TMG and as further set forth in this privacy policy or our terms of service. This also includes sending you emails and notifications necessary for the Service.

In the event we process personal data controlled by the customer as a data processor we will offer and enter into a respective separate data processing agreement with such customer whereas such data processing agreement may be requested via email

We do not store or receive any kind of payment or credit card data but use external payment providers as set forth on the Website.

We may also analyze your personal data when using the Alpaqa Studio Service for the purpose of improving our Service. We may also store your data to assure fair use of our Service. The legal basis for analyzing and storing such data is Art. 6 (1) f. GDPR with our legitimate interest in marketing, quality assurance and fraud prevention.

We also process your data if this is necessary to comply with our legal obligations (legal basis: Art. 6 (1) c. GDPR), for example legal retention periods.

For the above mentioned purposes your data may also be shared with our shareholders or affiliated companies.

3. Recipients of personal data

Internally, we process your personal data in the relevant department. Externally, we use selected third parties to help us process data, which helps us deliver our products and services to you. Specifically, we use service providers to run our online shop, to send you emails, to provide you with the Website’s “Feedback & Support” tool and generally, to give you access to our Website. If you ask for assistance, support or other services, your data may be processed by affiliated companies, which will provide the services directly to you.
We do not sell any data regarding your use of our products or services except as part of a reorganization or a sale of the assets of Alpaqa Studio. In such cases, we will ensure that your privacy continues to be protected.

4. Transfer of Data to Third Parties

We will transfer your personal data to a third party only (i) within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, (ii) if applicable, legal provisions authorize the transfer, e.g. if the transfer is required to pursue our legitimate interests or to fulfil a contract, for example in case of mergers and acquisitions, (iii) or if you give your explicit consent.

5. Transferring your information outside of the European Economic Area

Some of our service providers, especially Microsoft Azure where Alpaqa Studio is hosted, reside outside of the EU, especially in the USA. These service providers are either EU-US-Privacy Shield certified or we concluded standard contractual clauses approved by the EU Commission with such providers. You can obtain a copy of the standard contractual clauses texts on the website of the Commission (

Your data may also be processed outside the EU when visiting our Social Media pages.

6. Your rights

If the respective requirements are met, the GDPR grants you certain rights as a data subject.

– Art. 15 GDPR – Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information.

– Art. 16 GDPR – Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

– Art. 17 GDPR – Right to erasure: You shall have the right to obtain from us the erasure of personal data concerning you without undue delay.

– Art. 18 GDPR – Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.

– Art. 20 GDPR – Right to data portability: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

– Art. 21 GDPR – Right to object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

In such a case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, then you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
– Art. 77 GDPR – Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to

7. Your obligation to provide us with personal data

You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.

8. Existence of automated decision-making, including profiling

We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, such profiling or automated decision making may happen by third party providers through the Website or Service. We will inform you about such a fact if possible.

9. Questions about data privacy

If you have any questions regarding this policy, or wish to make a complaint about the way we’ve handled your personal information, contact

10. Tools used on our Website for analytics, marketing and other purposes

10.1. Google Analytics

We use Google Analytics, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“) to collect information about how users use our Site. The information generated by the cookie about your use of the Site will be transmitted to and stored by Google on servers in the United States. As IP-anonymization is activated, your IP address will be anonymized as soon as technically feasible at the earliest possible stage of the collection network. In addition, it will only be partially used within the European Union or just in the European Economic Area if it is used by other parties. Only in exceptional cases, the full IP address will be transferred to a Google server in the United States, and then shortened so it is only partially used there.

Google will use this information on our behalf for the purpose of analyzing your use of the Site, compiling reports on the website activity and providing other services relating to activity on the Site and internet usage. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; please note, however, that if you do this you may not be able to use our service comprehensively. You can also opt-out from being tracked by Google Analytics in the future by downloading and installing ‘Google Analytics Opt-out Browser Add-on’ for your current web browser: Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it. The collected data is stored for 50 months. Further information on how Google processes personal data is available at:

10.2. Google Ads

We use Google Ads, which is an online advertising program from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google Ads, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page. The information obtained using the conversion cookie is used to create conversion statistics for the Ads advertisers who have opted for conversion tracking. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy:

10.3. Google Analytics and Google Ads Remarketing

We use the features of Google Analytics Remarketing combined with the capabilities of Google Ads Remarketing, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). Such features make it possible to advertise to website visitors and users based on their previous behavior and usage, through image and text ads placed on various websites online. You can opt-out of Google Marketing Platform’s use of cookies by visiting the Google Marketing Platform opt-out page:

Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:

11.4. Google Fonts

Our Website uses the “Google Fonts” service of Google (inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA to integrate and display text on the website. For this purpose Google may process your data (including the IP address) on servers in the USA.

When the IP address is processed this is based on our legitimate interests of technical functionality of the Website based on Art. 6 (1) f. GDPR or TMG.

For Users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

You can also find more information in Google’s privacy policy:

10.5. Bing Ads

We use Bing Ads Universal Event Tracking, a conversion tracking service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). The service enables us to track your activities, if you accessed our site by clicking on a bing advertisement. For this purpose, Microsoft stores a cookie on your device. By using this cookie, Microsoft and we can see the total number of users that clicked on the ad. This data is stored by Microsoft for 180 days. We have no access to any personal information about you.

If you do not want to be tracked, you can opt-out under the following link: Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it. For further information, please click here:

10.6. Quora Ads

We use Quora Ads, a service of Quora, Inc. This function enables Quora to show you our advertising within the Quora network. For this purpose, Quora will establish a direct connection between you and its servers and collect data about your use of our website. Quora may relate this data to your user account. We have neither knowledge of nor a possibility to influence the data processing by Quora. You can find more information on how Quora processes your data in its privacy policy under

Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interest we pursue with it. If you want to opt-out, please change the respective settings in your user profile on Quora:

10.7. HubSpot

We use the services of HubSpot (HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefon: +353 1 5187500 “HubSpot”). HubSpot is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:

  • Email marketing (e.g. marketing and sales emails)
  • Contact management (e.g, user segmentation & CRM)
  • Customer support (e.g. tickets, customer support emails)
  • Reporting (e.g., sources of traffic, access, etc.)
  • Contact forms

HubSpot tracks visitors using browser cookies. Every time a visitor lands on our website, HubSpot will check for an existing tracking cookie. If one does not exist, a cookie will be associated with that visitor and will log every page that person visits moving forward. Visitors will be tracked anonymously. If a visitor fills out a form, HubSpot will associate their previous page views based on the tracking cookie. Visitors will be tracked anonymously even before they become contacts. We use this data to analyze and improve our website and services in order to make them more appealing to you.

HubSpot transfers personal data to the HubSpot Inc., which processes the data within the United States of America, however, HubSpot Inc. is certified under the EU-US-Privacy Shield. Hence, an adequate level of protection is ensured. You can find more information through these links:

Our processing of your personal data is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes also constitute the legitimate interest we pursue with it. The personal data will be retained for the period of time outlined in section 2 of this Privacy Policy.
To remove any current browser cookies, please see the cookie management section of your browser.

10.8. Facebook

We use the Facebook “Customer Audience” and “Facebook Pixel” services on our websites to optimize our advertising offers provided that you have granted an appropriate consent. For more information about these Facebook services and their privacy policy (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)), please visit

If you use a Facebook user account, the Facebook Pixel on our web pages can recognize this by the Facebook cookie which is used to transmit the usage data it has collected to Facebook for analysis and marketing purposes. Under certain circumstances, the Facebook Pixel may enable tracking on many other websites. You can check and/or deactivate this data collection and the additional processing and use of the data by Facebook directly on Facebook. With Facebook Pixel, the following data is transmitted to Facebook:

  • HTTP header information (including IP address, web browser information, web page location, document, web page URL, web browser user agent, and date and time of use)
  • Pixel-specific data: this includes the Pixel ID and Facebook cookie data including your Facebook ID (this data is used to associate events with a specific Facebook ad account and associate them with a Facebook user)
  • Additional information about your visit to our websites, as well as standard and customised data events
  • Orders placed (sales transactions)
  • Completed registrations and trial subscriptions
  • Searched products, request for product information

The above data processing only applies to users who have a Facebook account or have requested a Facebook partner page (where a cookie was set). Playing advertising on Facebook (partner) pages using the “Customer Audience” service does not concern users who are not members of Facebook. If the Facebook ID contained in a Facebook cookie can be assigned to a Facebook user, then Facebook will assign this user to a target group (“Custom Audience”) according to the rules we have defined, provided that the rules are relevant. We use the information obtained in this way for the presentation of advertisements on Facebook (partner) pages or other websites.

Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.

If you wish to object to the use of Facebook Pixel, you can set an opt-out cookie on Facebook or disable JavaScript in your browser. For additional information and configuration options for protecting your privacy within the scope of advertising activities, please refer to Facebook’s privacy policy which can be found, among others, at

10.9. LinkedIn

Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. We use their conversion tracking technology and the retargeting feature on our website. This technology allows visitors to this website to play or display personalized ads on LinkedIn. It is also possible to create anonymous reports on ad performance and website interaction information. To do this, the LinkedIn Insight tag is included on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. Please see LinkedIn’s privacy policy at for more information on data collection and use, and the choices and rights to protect your privacy.

Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.

If you are logged in to LinkedIn, you can deactivate the data collection at any time at the following link:

11. Miscellaneous

We encourage the responsible disclosure of security issues, and will act quickly on any vulnerabilities reported. We will not take legal action against you if you:

  • Provide us with the information needed to reproduce and validate the vulnerability
  • Avoid violating the privacy of our customers, staff and other users
  • Avoid the destruction of data, or degradation of our services
  • Do not modify or access data that is not your own
  • Give us a reasonable time to address the issue before making any information public

12. Changes to this privacy policy

We regularly review our privacy policy. This policy was last updated on 9th July 2021.