Privacy Policy
Last updated: 16.06.2026
Deutsch · English
1. Privacy at a glance
General information
The following notes provide a simple overview of what happens to your personal data when you visit or use ConceptNote. Personal data is any data with which you can be personally identified.
Who is responsible for data collection?
Data processing on this website is carried out by the website operator. You can find their contact details in the imprint.
How do we collect your data?
On the one hand, your data is collected when you provide it to us — e.g. when you register as a consultant, create a master profile, upload a CV or edit a terms-of-reference document.
Other data is collected automatically or with your consent when you visit the website (e.g. browser type, operating system, time of the page request).
What are your rights?
You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to have this data corrected or deleted.
2. Hosting
Server location
ConceptNote is hosted on a dedicated server at netcup GmbH, Karlsruhe, Germany. All data is processed and stored exclusively on servers in Germany.
Host: netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe
The host is used in the interest of a secure, fast and efficient provision of our online service (Art. 6 (1) (f) GDPR).
3. General notes and mandatory information
Controller
Wendland-IT
Owner: M. Osman Kabbashi
Nemitzer Straße 15, 29494 Trebel
Email: datenschutz@conceptnote.eu
Storage period
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing it no longer applies. We delete consultant profiles on request or, at the latest, after 24 months of inactivity.
Withdrawal of your consent
Many data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
4. Data collection on this website
Cookies
ConceptNote uses technically necessary cookies to manage your session and to provide security features such as CSRF protection. These cookies are required for the platform to function. Functional and analytics cookies are only activated after your express consent via the cookie banner.
Cookies used:
Essential: session cookies (login), CSRF protection, language cookie, cookie consent
Functional: user settings in the consultant area (theme, language, saved filters)
Analytics: Plausible Analytics (self-hosted, no cookies, no IP storage) — only active if you consent.
Server log files
The server automatically collects information in log files: browser type, operating system, referrer URL, host name, time of the request and IP address. This data is not merged with other data sources (Art. 6 (1) (f) GDPR).
Consultant account and login
When you register, we create a master profile. At minimum, your name and email address are stored; further details (headline, bio, skills, past performance, CV content, ToR drafts) are voluntary and are only processed if you enter them yourself. Login is by email and password.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures).
CV, ToR and proposal data
Uploaded CVs, terms-of-reference documents, past-performance descriptions as well as generated CV exports (Europass, GIZ, World Bank STAR, UN P11), methodology and logframe drafts are stored exclusively on our servers in Germany. You can export or delete this content yourself at any time.
AI-assisted features
On your explicit request (e.g. "rewrite the specific experience for this ToR", "draft a methodology", "check a tender match") we send the content of your profile, ToR or proposal that is required for the task to an AI service provider in order to generate a suggestion. The transfer only takes place on your action and only with the data you have stored yourself.
The AI providers currently used are documented in our processor overview; the contractual status and the location of processing are available on request.
Legal basis: Art. 6 (1) (a) GDPR (consent) or (b) (performance of a contract).
5. Plugins and tools
SSL/TLS encryption
For security reasons, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the lock symbol in your browser bar and by "https://" in the address line.
CDN (Cloudflare)
We use Cloudflare as a CDN and DNS provider. When the site is accessed, Cloudflare may process technical data (IP address, browser information). Use is based on Art. 6 (1) (f) GDPR. Privacy policy: cloudflare.com/privacypolicy.
Stripe (payment service provider)
For payments we use Stripe Payments Europe Ltd., Dublin, Ireland. When you take out a paid subscription, your browser transmits payment data directly to Stripe; we ourselves do not store any credit card or bank details. Legal basis: Art. 6 (1) (b) GDPR. Privacy: stripe.com/privacy.
Plausible Analytics (self-hosted)
We operate our own instance of Plausible Analytics on our German server. Plausible uses no cookies, stores no IP addresses and transfers no data to third parties. It is only activated if you consent to "Analytics" in the cookie banner.
Email delivery
Transactional emails (login confirmations, invoices, notifications) are sent via an email service provider with servers in Germany or the EU. A data processing agreement pursuant to Art. 28 GDPR is in place.
6. Your rights
7. Supervisory authority
In the event of breaches of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5, 30159 Hannover, Germany
8. Changes to this privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services.
This English version is provided for convenience. In case of any discrepancy, the German version prevails.