Privacy policy · Datenschutzerklärung · Política de privacidad
Effective 2026-04-30. We update this page when our practices change.
Who is the controller
Buronia — the operator of the Buronia service. Reach us at privacy@buronia.com.
Data Protection Officer (GDPR Art. 37)
Victor Cheng — dpo@buronia.com. Contact our DPO directly with any data-protection request, including subject-access, deletion, and rectification requests under GDPR Art. 15–22.
What we collect, why, and on what legal basis
| Data | Purpose | Legal basis (GDPR Art. 6/9) | Retention |
|---|---|---|---|
| Name, address, date of birth | Generating your application draft | 6(1)(b) — performance of contract | 30 days after last activity, then deleted |
| Income, household size, rent | Eligibility calculation, draft generation | 6(1)(b) — performance of contract | 30 days |
| National ID, IBAN | Filling these into your draft after payment | 6(1)(b) | 30 days; encrypted at rest |
| Disability status (if applicable) | Eligibility for higher allowances | 9(2)(a) — explicit consent | 30 days; encrypted at rest |
| Email, payment data | Stripe checkout, receipt | 6(1)(b) | As required by accounting law (US/EU) |
| Email (account) | Sign-in via magic link, account access | 6(1)(b) | Until you delete the account |
| Uploaded documents (image/PDF) | OCR & drafting your reply to the authority | 6(1)(b) — performance of contract | 30 days, then auto-deleted |
| IP address, browser fingerprint | Security, abuse prevention | 6(1)(f) — legitimate interest | 14 days |
Address autocomplete (Google Maps Places API)
On benefit landing pages, the inline address field uses Google Maps Places API to suggest real addresses while you type. Each keystroke is sent to Google so the API can return matching suggestions. Google receives the partial text, your IP address, and standard request metadata. Google's processing is governed by Google's own privacy policy. If you prefer not to use it, type your address manually and do not select a suggestion — Google still receives the keystrokes during typing, so the only way to fully avoid it is to enter the address on the next page (the full form), which uses no third-party services.
How AI processing works
Your answers are sent to Anthropic (Claude) to generate the application draft. Sensitive fields (national ID, IBAN, exact income) are redacted before being sent to Buronia; the redacted placeholders are substituted on your device after payment. Anthropic does not train models on prompts sent through their API. We do not use your data for any other AI model training.
Where your data lives
Application drafts are stored on EU servers (Frankfurt, Germany). Payment is processed by Stripe (Standard Contractual Clauses for US/EU transfer). The Anthropic API call is routed via Anthropic's EU endpoint where available.
Your rights
- Access — request a copy of your data: privacy@buronia.com.
- Erasure — request deletion before the 30-day automatic window.
- Rectification — fix incorrect data.
- Portability — receive your data in JSON.
- Object to legitimate-interest processing — security/abuse logs only.
- Lodge a complaint with your national supervisory authority. The complete list with direct complaint links is on the complaints page. Examples by country we operate in:
- 🇩🇪 Germany — Bundesbeauftragte für den Datenschutz (BfDI), bfdi.bund.de.
- 🇪🇸 Spain — Agencia Española de Protección de Datos (AEPD), aepd.es.
- 🇫🇮 Finland — Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman), tietosuoja.fi, Lintulahdenkuja 4, 00530 Helsinki.
- 🇱🇹 Lithuania — Valstybinė duomenų apsaugos inspekcija (VDAI), vdai.lrv.lt.
Cookies
We use one functional cookie (formera_country) to remember
which country site you're on. After sign-in we additionally set
formera_user_id (httpOnly, SameSite=Lax) so you stay
logged in for 30 days. We do not use advertising or analytics cookies.