Privacy Policy

 

Last updated: 2025/25/11

1. Controller

 

This website is operated by: 
STD.DEV / Standard Deviation / Standardabweichung

Represented by: 
Daniel Kuhnlein
Herzogstr. 115
80796 Munich, Germany

Email: 
design@standardabweichung.de

2. Purpose of the Website

 

This website is designed to provide interested visitors and potential business partners with information about the competencies, services, and solutions offered by STD.DEV. 

It focuses on the interplay between visual design and modern Web-, Cloud-, and XR technologies to create digital products that are aesthetically sophisticated, interactive, and technologically advanced. 

Content is presented through a voice-controlled real-time knowledge graph, which analyzes user requests and visually displays relevant topics dynamically.

3. Processing of Audio, Text, and Usage Data

 

3.1 Speech Input (voluntary) 

When you activate the voice assistant, your device captures short audio fragments identified as speech by the local Voice Activity Detection (VAD). These fragments are transmitted in encrypted form to STD.DEV’s server solely for the purpose of forwarding them to OpenAI Whisper (OpenAI, L.L.C., USA) for speech-to-text conversion. 

The following data is processed: 

  1. Audio fragments containing spoken content 

  2. The resulting transcription generated by OpenAI Whisper 

STD.DEV does not store audio data. Audio fragments exist only transiently in server memory for the duration of the technical processing step required to relay them to OpenAI Whisper.

Once the transcription request is completed, they are immediately discarded. Only the transcribed text is used to continue the interaction.

Legal basis: 

  1. Consent (Art. 6(1)(a) GDPR)

3.2 Session and Chat Data (ephemeral processing) 

To enable the interaction, the system processes the following temporarily during the active session: 

  1. Transcribed user inputs 

  2. System responses 

  3. Technical metadata (timestamps, internal session identifiers) 

Sessions are strictly ephemeral. Data is stored only for the duration of active use. 

Automatic deletion: 
If no activity occurs for 10 minutes, the system: 

  1. Generates a fully anonymized summary for internal analytics 

  2. Permanently deletes the entire chat history 

After deletion, no personal data remains. 

Legal bases: 

  1. Contractual necessity (Art. 6(1)(b) GDPR — responding to your inquiry) 

  2. Legitimate interest (Art. 6(1)(f) GDPR — ensuring system stability)

3.3 Processing by Google AI

For generating contextual responses, the website uses the Google AI API (Gemini) to process: 

  1. The text content of your current message 

  2. Relevant parts of the temporary chat history 

No audio data, personal identifiers, cookies, or persistent user profiles are transmitted. 

Once your session expires and is deleted, no further processing takes place. 

Legal basis:

  1. Consent (Art. 6(1)(a) GDPR) 

Further information:
https://policies.google.com/privacy

3.4 Usage Data (Google Analytics 4 — optional) 

If you consent, this website uses Google Analytics 4 (GA4) to measure and analyze usage patterns. 

Processed data may include: 

  1. Browser and device information 

  2. Interaction data 

  3. Pseudonymized analytics identifiers

Data may be transferred to the United States. 

Legal basis:

  1. Consent (Art. 6(1)(a) GDPR) 

Privacy information: 
https://policies.google.com/privacy

3.5 Usage Data (Microsoft Clarity — optional)

If you consent, this website uses Microsoft Clarity to analyze user interaction and improve usability.

Processed data may include: 

  1. Interaction and movement data (scrolling, clicks, cursor paths) 

  2. Device and browser data Anonymous or pseudonymized session replays 

  3. Viewed content and page elements 

Data may be transferred to the United States. 

Legal basis:

  1. Consent (Art. 6(1)(a) GDPR) 

Privacy information: 
https://privacy.microsoft.com/privacystatement

3.6 Bot Protection (Cloudflare Turnstile)

This website uses Cloudflare Turnstile for bot detection and security purposes. 

Turnstile may process: 

  1. Browser and device characteristics 

  2. Interaction patterns 

  3. Technical metadata 

No personal identifiers are used, and no cookies are set for advertising.

Legal basis: 

  1. Legitimate interest (Art. 6(1)(f) GDPR — prevention of abuse and system security) 

Privacy information: 
https://www.cloudflare.com/trust-hub/privacy-and-data-protection/

4. International Data Transfers

 

Data transfers to the USA may occur in the context of: 

  1. OpenAI 

  2. Google AI 

  3. Google Analytics 

  4. Microsoft Clarity 

  5. Cloudflare Turnstile 

All transfers rely on the EU–US Data Privacy Framework.

5. Processors

ServicePurposeLocationLegal Basis
OpenAI Whisper (OpenAI, L.L.C.)Speech-to-TextUSAConsent
Google AI / GeminiLLM processingEU/USAConsent
Google Analytics (Google Ireland / Google LLC)AnalyticsEU/USAConsent
Microsoft Clarity (Microsoft Corp.)UX analyticsUSAConsent
Cloudflare TurnstileBot protectionEU/USALegitimate interest

Appropriate data processing agreements are in place with all providers.

6. Your Rights

 

You have the following rights at any time: 

  1. Access (Art. 15 GDPR) 

  2. Rectification (Art. 16 GDPR) 

  3. Erasure (Art. 17 GDPR) 

  4. Restriction (Art. 18 GDPR) 

  5. Data portability (Art. 20 GDPR) 

  6. Objection (Art. 21 GDPR) 

  7. Withdrawal of consent (Art. 7 GDPR) 

Because all session data is deleted after 10 minutes of inactivity, requests will often be answered with: 
"No personal data is stored at this time."

7. Withdrawal of Consent

 

You may withdraw your consent at any time by:

  1.  Disabling microphone access in your browser 

  2. Changing your cookie and analytics preferences 

  3. Ending your use of the service

8. Security

 

STD.DEV uses comprehensive technical and organizational security measures, including: 

  1. TLS encryption Ephemeral sessions (automatic deletion after 10 minutes) 

  2. Strict access controls 

  3. No audio storage 

  4. No profiling or personalized targeting 

  5. No use of third-party frontend libraries that could introduce security risks

9. Automated Processing

 

The website uses automated processing solely to enable the technical functions of the voice interface: 

  1. Speech-to-text processing via OpenAI Whisper (OpenAI, L.L.C.) 

  2. Generation of contextual responses using Google AI (Gemini) 

No automated decision-making with legal or similar effects occurs, and no user profiling is performed.

Enter with Voice Interaction

Standard Deviation Graph 


An immersive spatial interface for exploring the STD.DEV knowledge graph. It interprets your requests and visualizes how technologies, projects, and concepts connect.


Experience Requirements
1. Audio output for spatial sound and spoken responses.
2. Optional microphone access for voice interaction.

 

Start by asking a question or selecting a topic to explore.

Enter Without Voice Enter with Voice Interaction