Data Protection Impact Assessment (DPIA)
Pursuant to Art. 35 GDPR — Platform: Auftragr (auftragr.de) — April 2026
1. Processing Description
Auftragr is a market intelligence platform for German public procurement. The platform aggregates publicly available tender data from TED, Bund.de, DTVP, and German state portals, enriches it with AI-powered analysis, and provides personalized matching to registered business users.
1.1 Personal Data Processed
| Category | Data | Source | Necessity |
|---|---|---|---|
| Account data | Name, email, password (hashed) | User input | Authentication |
| Company data | Company, website, size, phone | User input | Matching |
| Construction DNA | Trade, CPV codes, regions | User input | Matching |
| Usage data | Page views, clicks, searches | Automated | Improvement |
| Pipeline | Tenders, notes, status | User input | Core feature |
1.2 Data NOT Processed
No special categories (Art. 9), no biometric data, no health data, no financial data, no location tracking, no social media profiles.
2. Necessity and Proportionality
2.1 Legal Basis
| Processing | Legal Basis | Justification |
|---|---|---|
| Account registration | Art. 6(1)(b) | Contract performance |
| Profile matching | Art. 6(1)(b) | Core functionality |
| AI analysis (tender texts) | Art. 6(1)(f) | No PII sent to AI — public texts only |
| Usage tracking | Art. 6(1)(f) | 90-day retention |
| Session cookie | Art. 6(1)(b) + ePrivacy | Strictly necessary |
2.2 Data Minimization
- Business data only — no personal IDs, no home addresses
- Passwords never stored in plaintext (bcrypt, 12 rounds)
- AI services receive ONLY public tender texts — zero PII transfer
- No third-party analytics (no Google Analytics, no Meta Pixel)
- No advertising cookies or trackers
3. Risk Assessment
| Risk | Likelihood | Severity | Mitigation |
|---|---|---|---|
| Unauthorized access | Low | Medium | RLS, Auth-Middleware, JWT |
| Cross-user data leakage | Very low | High | RLS FORCE on 8 tables, 16 policies, 26 test cases passed |
| Data breach | Low | Medium | TLS 1.3, AES-256, no sensitive PII |
| AI profiling of individuals | N/A | N/A | AI processes public texts only |
| Excessive retention | Low | Low | 90-day events, user deletion, 30 days post-termination |
| Account takeover | Low | Medium | bcrypt, E-Mail-Verifizierung, Admin-Widerruf |
Residual risk after mitigation: LOW
4. Technical and Organizational Measures
Technical
- PostgreSQL RLS (8 Tabellen, FORCE, 16 Policies)
- bcrypt (12 Runden) for passwords
- TLS 1.3 + AES-256
- NextAuth.js JWT (30 day expiry)
- Global auth middleware
- Rate Limiting (Signup, Login)
- German business email required
- React Error Boundaries
Organizational
- Admin access control (Approve/Revoke)
- Data export in Settings
- Account deletion in Settings
- Cookie consent banner
- Platform-specific DPA
- Code review before deployment
- Event tracking (12 types) for audit
5. Conclusion
The processing carried out by Auftragr presents low risk to data subjects' rights and freedoms.
- Business data only — no sensitive personal data
- AI processes only public government data (no PII sent to AI)
- Database-level RLS prevents cross-user access
- Users have full control (export, delete, opt-out)
- No third-party analytics or advertising trackers
Decision: Processing may proceed with the documented technical and organizational measures in place.
Next review: October 2026 (or upon significant processing changes)
Last updated: April 2026 | Platform: Auftragr (auftragr.de) | Operator: BlackSwanAI, Erlangen | info@blackswanai.de