AJ NOVA Logo
    HomePackagesAboutServicesCourses
    Health Insurance in GermanyMandatory coverage for studentsCredit Cards for StudentsCards, Schufa & fees
    Profile AssessmentContact
    Sign In / Sign Up
    Back to Home

    Privacy Policy

    Datenschutzerklärung gemäß DSGVO

    1. Data Controller (Verantwortlicher)

    The data controller responsible for the processing of your personal data on this website is:

    AjNova UG (haftungsbeschränkt)

    Sitz: Berlin

    Registergericht: Amtsgericht Berlin (Charlottenburg)

    HRB 283491 B

    Geschäftsführer: Ajay Tripuraneni

    Wichurastraße 97, 12249 Berlin, Germany

    Email: privacy@ajnova.de
    Phone: +49 1577 8578326
    Website: www.ajnova.de

    2. Introduction

    At AJ NOVA, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the EU General Data Protection Regulation (GDPR - Regulation 2016/679) and the German Federal Data Protection Act (BDSG). This policy applies to all services offered through our website and student portal.

    3. Categories of Personal Data We Collect

    We collect the following categories of personal data:

    A. Identity Data

    • Full name, date of birth, gender, nationality
    • Passport number and expiry date (for APS guidance)

    B. Contact Data

    • Email address, phone number
    • Residential address, country of residence

    C. Educational Data

    • Academic qualifications, transcripts, grades (CGPA/percentage)
    • Institution names, field of study, graduation year
    • Language test scores (IELTS, TOEFL, German certificates)

    D. Application Documents

    • Statement of Purpose (SOP), Letters of Recommendation (LOR)
    • Resume/CV, Cover Letters
    • Uploaded documents (passport copies, transcripts, certificates)

    E. Technical Data

    • IP address (anonymized for analytics), browser type, device information
    • Cookies and usage data (with consent)

    F. Communication Data

    • Messages sent through our chatbot and messaging system
    • Consultation notes and feedback

    4. Purposes of Processing

    We process your personal data for the following purposes:

    • Providing university application guidance and counselling services
    • Assisting with APS application preparation and documentation
    • Generating AI-assisted application documents (SOP, LOR, Resume, Cover Letter)
    • Managing consultation bookings and communications
    • Processing payments and generating invoices
    • Improving our services through anonymized analytics
    • Sending service-related notifications (with your consent for marketing)
    • Complying with legal obligations
    • Document review by counsellors: Counsellors access and download uploaded documents (transcripts, passport copies, certificates) solely to prepare and submit your university or APS application. Documents are not used for any other purpose.

    5. AI Processing Disclosure

    Important: Some of our services use artificial intelligence (AI) to assist with document generation:

    • AI Provider: Google Gemini (via Google Cloud AI services)
    • Data Processed: Profile information, educational background, and preferences you provide
    • Purpose: Generating personalized application documents (SOP, LOR, Resume, Cover Letter)
    • Data Retention by AI: Google does not retain prompts or responses for model training. Data is processed in real-time and not stored beyond the request.
    • Your Consent: You must explicitly consent to AI processing before generating any document

    You can generate documents without AI by contacting our counsellors directly for manual assistance.

    6. Legal Basis for Processing (GDPR Article 6)

    We process your personal data based on the following legal grounds:

    • Consent (Art. 6(1)(a)): For AI document generation, marketing communications, analytics cookies, and optional data sharing
    • Contract Performance (Art. 6(1)(b)): To provide our paid guidance services, process payments, and fulfill our contractual obligations
    • Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, and legal requirements (e.g., invoice retention)
    • Legitimate Interests (Art. 6(1)(f)): For service improvement, fraud prevention, and security. Our legitimate interests do not override your fundamental rights.

    7. Data Retention Periods

    We retain your personal data only as long as necessary for the purposes stated:

    Data CategoryRetention Period
    Account & Profile DataUntil account deletion + 30 days for backup
    Application Documents (uploaded files)30 days after final application outcome (approved/rejected/withdrawn), then permanently deleted. Maximum 18 months if no outcome is reached. You may request early deletion at any time.
    AI-Generated Documents (SOP, LOR, Resume, Cover Letter)3 years after last activity or until deletion request
    Consultation Records2 years after service completion
    Payment & Invoice Data10 years (German tax law requirement - §147 AO)
    Contact Form Submissions2 years or until inquiry resolved
    Consent RecordsDuration of consent + 3 years for legal proof
    Download Audit Logs1 year (security & compliance purposes)
    Analytics Data26 months (Google Analytics standard)

    7a. Document Handling, Purpose Limitation & Deletion

    Purpose Limitation

    Documents you upload — including transcripts, passport copies, degree certificates, and language test results — are accessed by our counselling team exclusively to prepare and submit your university or APS application. They are never shared with third parties for marketing, sold, or used for any purpose beyond your application service.

    Retention Schedule

    Uploaded documents are retained as follows:

    • During your application: Retained for the full duration of the active application process.
    • After a final outcome (approved / rejected / withdrawn): Retained for a maximum of 30 days as a buffer to support any resubmission or appeal, then flagged for permanent deletion.
    • If no outcome is reached within 18 months: Documents are reviewed and may be deleted with prior notice to you.
    • Early deletion on request: You may request deletion of your documents at any time via Dashboard → Settings → Privacy or by emailing privacy@ajnova.de. We will action this within 30 days.

    Deletion Process

    When a document is deleted, the following steps are taken:

    1. The file is permanently removed from our primary object storage (Supabase Storage / S3, EU-Frankfurt region).
    2. The database record is deleted, removing all references to the file.
    3. Storage-level backups are overwritten within the backup rotation cycle (typically 7–30 days depending on the backup tier). Files are not retrievable after this period.
    4. A deletion event is written to our internal audit log, recording: document ID, deletion timestamp, reason, and the admin who actioned it. Audit logs are retained for 1 year for compliance purposes only.

    Your Right to Erasure (GDPR Art. 17)

    You have the right to request erasure of your documents at any time when: (a) the data is no longer necessary for the purpose it was collected, (b) you withdraw your consent (where processing was consent-based), or (c) the data has been unlawfully processed. We will confirm deletion in writing within 30 days. Exceptions apply where retention is required by law (e.g. payment records under §147 AO).

    8. Data Sharing & Recipients

    We do not sell your personal data. We may share your data with:

    • Service Providers: GDPR-compliant processors (see Section 9)
    • Universities: Only with your explicit consent for application purposes
    • APS/uni-assist: Only when you request us to submit on your behalf
    • Legal Authorities: When required by law or legal process

    9. GDPR-Compliant Service Providers

    We use the following GDPR-compliant processors. Data Processing Agreements (DPAs) are in place with all providers:

    • Supabase (Database & Authentication): EU region (Frankfurt), SOC 2 Type II certified, GDPR DPA in place
    • Supabase Storage (File Storage): Uploaded documents stored in EU region (Frankfurt) via S3-compatible object storage; files are encrypted at rest (AES-256)
    • Hetzner Cloud (Backend Hosting): EU-based (Nuremberg/Falkenstein, Germany), GDPR compliant
    • Vercel (Frontend Hosting): EU edge network, GDPR compliant
    • Stripe (Payments): PCI-DSS Level 1, GDPR compliant
    • Resend (Email): GDPR compliant email delivery
    • Google Cloud (AI): EU data processing, no training on user data
    • Google Analytics: IP anonymization enabled, consent required
    • Cal.com (Consultation Booking): GDPR compliant scheduling platform
    • Web Fonts (Inter, Space Grotesk): Fonts are downloaded at build time and self-hosted on our servers. No requests are made to Google Fonts servers by your browser — compliant with ECJ C-655/20 (Jan 2022).

    10. International Data Transfers

    Your personal data is primarily processed and stored within the EU/EEA (Germany). However, certain transfers occur in the following circumstances:

    EU → USA (Service Providers)

    Some third-party processors (e.g. Google, Stripe) are US-based. Transfers rely on: (a) EU-US Data Privacy Framework certification, (b) Standard Contractual Clauses (SCCs) approved by the European Commission.

    EU → India (Counselling Team Access)

    AJ NOVA's counselling team members are based in India and access your profile, documents, and consultation records through our secure platform solely to prepare and submit your university application. India is not currently recognised by the EU as providing an adequate level of data protection under GDPR.

    Safeguards in place for this transfer:

    • Standard Contractual Clauses (SCCs) — EU Commission Decision 2021/914, Module 2 (Controller → Processor), binding on all team members.
    • Role-based access control (RBAC) — Counsellors can only access files assigned to students under their care.
    • MFA enforcement — All staff accounts require TOTP-based multi-factor authentication.
    • Download audit logging — Every document access is recorded with timestamp, user ID, and IP address.
    • Purpose limitation — Counsellors may not use data beyond the agreed application-support purpose.

    India DPDP Act 2023 (Digital Personal Data Protection Act):

    Many of our students are Indian nationals whose data is processed in connection with their German university applications. India's Digital Personal Data Protection Act 2023 (DPDP Act) applies to the processing of digital personal data of Indian data principals, including where processing occurs outside India in connection with offering services to individuals in India. AjNova UG acknowledges these obligations and implements appropriate safeguards including: (a) collecting only the minimum data necessary (data minimisation), (b) using data solely for the stated application-support purpose, (c) honouring erasure and correction requests, and (d) not transferring Indian student data to countries not approved under the DPDP Act's cross-border transfer rules beyond those already bound by SCCs. Students may exercise rights under the DPDP Act by contacting privacy@ajnova.de.

    You can request a copy of the applicable SCCs or further information about our cross-border safeguards by contacting privacy@ajnova.de.

    11. Data Security

    We implement appropriate technical and organizational measures to protect your personal data:

    • TLS/SSL encryption for all data in transit
    • Encrypted database and file storage (AES-256)
    • Role-based access controls (RBAC) — students, counsellors, and admins have separate permissions
    • Multi-Factor Authentication (MFA/TOTP) mandatory for all staff accounts
    • Download audit logging — every document access by staff is recorded with timestamp and IP address
    • Document retention enforcement — uploaded files are automatically eligible for deletion 30 days after final application outcome
    • Regular security audits and updates
    • Secure authentication (OAuth 2.0, bcrypt password hashing, minimum 12-character password policy)

    12. Your GDPR Rights

    Under GDPR, you have the following rights:

    • Right to Access (Art. 15): Request a copy of all your personal data
    • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
    • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
    • Right to Restriction (Art. 18): Limit processing in certain circumstances
    • Right to Data Portability (Art. 20): Receive your data in machine-readable format (JSON)
    • Right to Object (Art. 21): Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

    How to Exercise Your Rights:
    • Dashboard: Go to Settings → Privacy to export or delete your data
    • Email: Contact privacy@ajnova.de
    • Response Time: We will respond within 30 days (extendable by 60 days for complex requests)

    13. Data Protection Officer (DPO)

    Following a formal assessment under GDPR Article 37, AjNova UG is not legally required to appoint a Data Protection Officer. AjNova is not a public authority, does not conduct large-scale systematic monitoring of individuals, and does not process special category data (Article 9) at large scale.

    However, we have designated a Data Protection Contact who is responsible for overseeing GDPR compliance, handling data subject rights requests, and serving as the point of contact for supervisory authorities:

    Data Protection Contact: Ajay Tripuraneni (Managing Director)

    Email: privacy@ajnova.de

    Phone: +49 1577 8578326

    Address: Wichurastraße 97, 12249 Berlin, Germany

    14. Data Breach Notification

    In the event of a personal data breach, we follow a structured response procedure in compliance with GDPR Articles 33 and 34:

    • Supervisory Authority (Art. 33): If a breach is likely to result in a risk to your rights and freedoms, we will notify the Berliner Beauftragte für Datenschutz und Informationsfreiheit within 72 hours of becoming aware of the breach.
    • Data Subject Notification (Art. 34): If a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, describing the nature of the breach, likely consequences, and measures taken.
    • Internal logging: All breaches — including those below the notification threshold — are documented in our internal breach register for accountability purposes.

    If you suspect a data breach involving your personal data, please contact us immediately at privacy@ajnova.de.

    15. Right to Lodge a Complaint (Art. 77)

    If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Germany, this is:

    Berliner Beauftragte für Datenschutz und Informationsfreiheit

    Friedrichstraße 219

    10969 Berlin, Germany

    Website: www.datenschutz-berlin.de

    16. Cookies

    We use essential cookies for website functionality and optional analytics cookies (with your consent). We do not use marketing or advertising cookies. For detailed information, please see our Cookie Policy.

    17. Children's Privacy

    Our services are intended for individuals aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact privacy@ajnova.de immediately.

    18. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes by email or prominent notice on our website. The "Last Updated" date at the bottom indicates the most recent revision.

    19. Contact Us

    For questions about this Privacy Policy or to exercise your rights, contact us at:

    AjNova UG (haftungsbeschränkt)
    Sitz: Berlin | Registergericht: Amtsgericht Berlin (Charlottenburg) | HRB 283491 B
    Geschäftsführer: Ajay Tripuraneni
    Wichurastraße 97, 12249 Berlin, Germany
    Privacy: privacy@ajnova.de | General: info@ajnova.de | Phone: +49 1577 8578326

    Last updated: March 10, 2026

    Version: 2.3

    AJ NOVA Logo

    AI-powered German university application guidance with APS support and personalised counselling.

    Dream • Build • Thrive

    • Wichurastraße 97, 12249 Berlin, Germany
    • support@ajnova.de
    • +49 1577 8578326

    Company

    • Home
    • Packages
    • About
    • Services
    • Contact

    Resources

    • Health Insurance Guide
    • Credit Cards Guide
    • Profile Assessment
    • Courses
    • FAQ

    Legal

    • Privacy Policy
    • Terms & Conditions
    • Refund & Cancellation
    • Impressum
    • Cookie Policy
    🔒 GDPR Compliant💶 All prices incl. 19% German VAT

    © 2026 AjNova UG (haftungsbeschränkt). All rights reserved.

    AjNova UG (haftungsbeschränkt)

    Sitz: Berlin

    Registergericht: Amtsgericht Berlin (Charlottenburg)

    HRB 283491 B

    Geschäftsführer: Ajay Tripuraneni

    USt-IdNr.: DE460175733

    Important Disclaimer: AjNova UG (haftungsbeschränkt) provides guidance and support for educational planning and application preparation. We do not represent universities, APS, or authorities. We do not guarantee admissions, visas, or outcomes. Final decisions are made by universities, APS authorities, uni-assist, and relevant official bodies based on their criteria.

    Developed by THREEATOMS