Product

Solutions

Pricing

resources

book a demo

Privacy Policy

Privacy Policy

  1. Wo We Are

  1. Scope

  1. Website Use

  1. Account and Subscription Data

  1. Desktop App

6. Developer Workspace

  1. Cloud and Enterprise Workspaces

  1. Service Providers and Data Transfers

  1. Data Retention

  1. Your Rights

  1. Security

  1. Changes to This Policy

Last Updated: February 18, 2026

Wo We Are

Curiosity GmbH (“Curiosity”, “we”, “us”) operates curiosity.ai and provides the Curiosity Desktop App, Developer Workspace, and Cloud and Enterprise Workspaces.

Curiosity GmbH
Baaderstr. 19
80649 Munich
Email: privacy@curiosity.ai

Unless stated otherwise, Curiosity is the controller of personal data described in this policy.

Scope

This Privacy Policy applies to:

  • Visitors of our website

  • Users of the Curiosity Desktop App (free and paid)

  • Users of the Developer Workspace (free test license)

  • Customers of our Cloud Workspace

  • Enterprise customers using Curiosity on-premises

  • Business contacts communicating with us

Website Use

When you visit our website, we process technical information such as your IP address, browser type, device information, and pages accessed. This is necessary to operate, secure, and improve the website.

We use essential cookies to ensure proper functionality. Where required, optional analytics or similar tools are only used with your consent.

If you contact us via form or email, we process your name, email address, company (if provided), and the content of your message to respond to your request.

Legal basis

  • Art. 6(1)(b) GDPR (pre-contractual measures)

  • Art. 6(1)(f) GDPR (legitimate interests in operating and securing our services)

  • Art. 6(1)(a) GDPR (consent, where applicable)

Account and Subscription Data

When you create an account or subscribe to our services, we process:

  • Name

  • Email address

  • Company name (if applicable)

  • Account credentials

  • Billing information (if applicable)

We use this data to provide access to our services, manage subscriptions, and communicate service-related information.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Desktop App

The Curiosity Desktop App processes and indexes data locally on your device.

By default, documents and files indexed by the Desktop App are processed locally on your device and not transferred to Curiosity servers.

If you use optional AI features, the content you submit for processing (such as prompts or selected text) may be transmitted to third-party AI model providers to generate responses. This only occurs when you actively use such features.

Legal basis: Art. 6(1)(b) GDPR.

We may also process limited technical information (such as version data or error reports) to maintain stability and security.

Developer Workspace

The Developer Workspace runs locally in your environment and does not require an account. By default, workspace content is not transmitted to Curiosity.

If you use AI features, the content you submit may be transmitted to third-party AI model providers in order to generate responses.

Legal basis: Art. 6(1)(b) GDPR.

Cloud and Enterprise Workspaces

For Cloud and Enterprise Workspaces, customers upload or connect their own data (such as documents, emails, and structured data).

In these cases:

  • The customer is the data controller.

  • Curiosity acts as a data processor and processes data only to provide the agreed services.

Where applicable, processing is governed by a Data Processing Addendum (DPA).

For on-premises deployments, data generally remains within the customer’s environment. Curiosity only accesses such data if explicitly authorized for support or maintenance.

AI features in Cloud or Enterprise Workspaces may rely on external AI model providers when activated by users.

Service Providers and Data Transfers

We use selected service providers to operate our services, including:

  • Hosting and infrastructure providers

  • AI model providers (for AI features)

  • Payment providers (if applicable)

A current list of our service providers is available in our Trust Center.

Where personal data is transferred outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions.

Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, including:

  • Duration of the contractual relationship

  • Legal retention obligations

  • Security and audit requirements

Workspace data is retained according to contractual agreements and customer instructions.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request deletion

  • Restrict processing

  • Data portability

  • Object to processing based on legitimate interests

  • Withdraw consent at any time 

You also have the right to lodge a complaint with a supervisory authority. 

To exercise your rights, contact us at privacy@curiosity.ai.

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

An overview of security measures is available in our Trust Center.

Changes to This Policy

We may update this Privacy Policy from time to time. The current version is available on our website with the date of last update.