Copia AICopia AI

Privacy Policy

Last Updated: April 11, 2026

1. About

Welcome to Copia AI (“we”, “us”, “our”). HIRTE ENERGY GmbH is the company behind Copia AI / floxform. We are a Germany-based company providing an MCP-first GTM platform that connects your sales and marketing tools to AI agents. Your privacy is of paramount importance to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform and services.

2. Data Controller & Roles

For website, account, billing and support data, HIRTE ENERGY GmbH is the data controller. For customer-submitted content and contact/lead data processed in the Service (e.g., CRM data, email interactions, LinkedIn interactions), the Customer is the controller and HIRTE ENERGY GmbH acts as processor.

Contact Information:

  • Company: HIRTE ENERGY GmbH
  • Address: Tölzer Strasse 1, 82031 Grünwald, Germany
  • Managing Director: Ralf Hirte
  • Email: philipp@floxform.com

3. Information We Collect

Account & Billing Information: Name, business email, role, company, billing details (payment is handled by our PSP as a separate controller).

Usage & Log Data: Product interactions, IP address, device/browser info, timestamps, diagnostics.

Communication Data: Support requests, emails, in-product messages.

Customer Content & Contacts (Processor Data): Messages, lead/contact details, notes, and related metadata that you or your organization upload or connect (e.g., via CRM, email, LinkedIn).

Cookies & Similar Technologies: We use cookies and similar technologies for core product functionality. On our public website, we also use Google Analytics 4 for traffic and aggregate engagement measurement only after you grant analytics consent. Non-essential analytics are off by default until you opt in. Where configured, we may also use the LinkedIn Insight Tag for marketing measurement only after you grant marketing consent.

Sources: Data from you/your organization; automatically via the Service; from connected integrations you authorize (e.g., email, CRM, LinkedIn); from our service providers; and, where lawful, publicly available business sources.

4. How We Use Your Information

We process personal data to:

  • Provide and operate the Service (accounts, seats, features, integrations).
  • Secure the Service (access control, logging, abuse/fraud prevention).
  • Support & communications (product updates, incident notices, responses to requests).
  • Improve the Service and measure public-website traffic and engagement where analytics consent has been granted.
  • Marketing with consent where required (newsletters, promos; unsubscribe anytime).
  • Compliance & enforcement (contracts, legal obligations).

Processor role: Where we act as processor, we process data only on Customer instructions per the DPA.

5. Legal Basis for Processing

  • Contract necessity (Art. 6(1)(b) GDPR) for providing the Service.
  • Legitimate interests (Art. 6(1)(f) GDPR) for security, service improvement, and fraud prevention, balanced against your rights.
  • Consent (Art. 6(1)(a) GDPR) for non-essential analytics cookies on the public website and for marketing where required.
  • Legal obligation (Art. 6(1)(c) GDPR) for tax, accounting, compliance.

(Processing also follows applicable German data protection law where relevant.)

6. Sharing Your Information

  • Service providers / sub-processors (hosting, infrastructure, communications, email, support, analytics providers such as Google, CRM, logging) under data protection terms.
  • Payment processors (PSP) as independent controllers for payments.
  • Legal Authorities where required by law or valid process.
  • Business transfers in connection with mergers, acquisitions, or asset sales, where personal data may be transferred to the new owner.

7. International Data Transfers

We may transfer data outside the EEA. Where we do, we implement appropriate safeguards, including:

  • EU Standard Contractual Clauses (Modules 2/3) and UK IDTA/Addendum where applicable.
  • Transfer Impact Assessments and supplementary measures (e.g., encryption, access controls).

8. Your Rights

Subject to law, you have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), and data portability. Where processing relies on consent, you may withdraw it at any time (without affecting prior processing). You can update your optional cookie preferences at any time via the Cookie Preferences control in the website footer. We respond within one month (extendable as permitted). You may lodge a complaint with the competent supervisory authority in Germany or with your competent EU supervisory authority.

Submit a Request: Email: philipp@floxform.com (We may verify your identity before processing requests)

9. Data Retention

  • Account & billing: contract term + up to 10 years (applicable commercial and tax retention obligations).
  • Usage/logs: 90–180 days (security/diagnostics).
  • Customer content/contacts (processor): contract term + 30 days post-termination (then deletion or anonymization per DPA).
  • Support tickets: up to 24 months.

Retention periods may vary where legal holds or statutory duties apply.

10. Security

We maintain appropriate technical and organizational measures, including encryption in transit and at rest, role-based access with MFA, least-privilege, audit logging, backups, vendor due diligence, and an incident response process with notification obligations (incl. GDPR 72-hour notice where required).

11. Automated Decision-Making & Profiling

We do not make solely automated decisions producing legal or similarly significant effects about you. If this changes, we will inform you about the logic, significance, and your rights (including human review).

12. Changes to This Policy

We may update this Policy. We will notify you of material changes (e.g., in-app/email) and indicate the “Last Updated” date. Continued use after the effective date signifies acceptance.

Questions: philipp@floxform.com

Cookie preferences

We use necessary cookies to keep the site secure and working. Optional analytics and marketing cookies load only if you allow them.

You can reject optional cookies, allow them, or choose by category. You can change this later from the footer or in our privacy policy / Datenschutzerklaerung.