Privacy Policy
Last updated: April 2026
1. Data Controller
The data controller for data processing on this website is:
Detalex GmbH
[Address]
Email: info@detalex.de
Web: detalex.de
2. General Information on Data Processing
We respect your privacy and take the protection of your personal data very seriously. Personal data is collected and processed exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Your data is only processed for the purpose for which it was provided — for example, to provide information, answer inquiries, or deliver our services.
3. Hosting and Server Logs
When you visit our website, information is automatically transmitted from your browser to our server. This information is temporarily stored in server log files:
- IP address of the requesting device
- Date and time of access
- Name and URL of the requested file
- Website from which access was made (referrer URL)
- Browser used and, where applicable, operating system
Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in ensuring trouble-free operation).
4. API Usage (Oddy Medicator Service)
When you use the Oddy Medicator API service, we process the following data:
- API Key: For authentication and association with your customer account. API keys are stored encrypted and never logged.
- Request Data: Device names, nameplate images and other data you submit for classification.
- Usage Data: Number of API calls per month, timestamps, endpoints used.
- AI Results: Classification results, confidence scores and assignments are stored for quality improvement.
Legal basis: Art. 6 (1)(b) GDPR (performance of contract).
4.1 Processing by AI Services
For automated classification, we use the Claude API by Anthropic, PBC (San Francisco, USA). Device names you submit are forwarded to Anthropic for processing.
Anthropic processes data in accordance with their Privacy Policy. We have concluded a Data Processing Agreement (DPA) with Anthropic. Data transfers to the USA are based on Standard Contractual Clauses (Art. 46 (2)(c) GDPR).
Note: No personal patient data or clinical data is transmitted to the AI. Classification relates exclusively to device names and categories.
5. Special Notice for Medical Device Data
Oddy Medicator processes data about medical devices (device names, manufacturers, categories). This data is generally not personal data within the meaning of the GDPR, as it relates to products rather than natural persons.
Should you nevertheless transmit personal data (e.g. patient information) in API requests, please note:
- Do not send patient data, clinical data or health data via the Medicator API.
- The API is designed for device classification, not for processing health data under Art. 9 GDPR.
- You as the user are responsible for not transmitting impermissible data.
6. Contact Form
When you send us inquiries via the contact form, your details (name, company, email address, message) are stored for the purpose of processing your request.
Legal basis: Art. 6 (1)(b) GDPR (pre-contractual measures) or Art. 6 (1)(f) GDPR (legitimate interest in answering inquiries).
7. Customer Management via Odoo
Customer data (company name, contact person, email, API key, subscription plan, usage statistics) is managed in our Odoo system (self-hosted). Data remains on our own servers within the EU.
Legal basis: Art. 6 (1)(b) GDPR (performance of contract).
8. Caching
For performance optimization, we use Redis as an in-memory cache. Customer-related authentication data is cached for a maximum of 60 seconds and then automatically deleted. No permanent storage occurs in the cache.
9. Disclosure to Third Parties
Your personal data will only be disclosed to third parties if:
- You have given explicit consent (Art. 6 (1)(a) GDPR),
- This is necessary for the performance of a contract (Art. 6 (1)(b) GDPR),
- There is a legal obligation (Art. 6 (1)(c) GDPR),
- Disclosure is necessary to protect legitimate interests (Art. 6 (1)(f) GDPR).
10. Data Security
We protect your data through technical and organizational measures against unauthorized access and misuse. In particular:
- Encrypted transmission via HTTPS/TLS
- API keys are not logged
- Database-level access control
- Regular security updates
11. Your Rights
You have the right to:
- Access your stored data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
To exercise your rights, please contact: info@detalex.de
You also have the right to lodge a complaint with a data protection supervisory authority.
12. Changes
We reserve the right to adapt this privacy policy to changed legal requirements or business practices. The current version is always available on this page.