MAXQDA Tailwind The latest member of our AI product family
MAXQDA

Privacy Statement

Last Updated: July 2025

Introduction

This privacy policy is intended to inform you, as a user, about the collection of personal data on this website. We therefore place great importance on presenting all essential information regarding the protection of your data as transparently as possible.

If there are still any uncertainties, questions, or a need for clarification, please do not hesitate to contact us.

Controller

The controller pursuant to Article 4(7) of the General Data Protection Regulation (GDPR) is:

VERBI – Software. Consult. Sozialforschung. GmbH
Invalidenstraße 74
10557 Berlin
info@maxqda.com
Germany

The Data Protection Officer of VERBI – Software. Consult. Sozialforschung. GmbH can be contacted at kontakt@datenschutzrechte.de.

Collection and Storage of Personal Data When Visiting Our Website

Below, we inform you about the processes that occur when you access our website. Each time our website is accessed, we automatically collect data and information from the computer system that you use to visit the site.

The following data is collected:

  1. Information about your browser type and version
  2. Information about your operating system
  3. Information about your internet service provider
  4. Date and time of your access
  5. Websites accessed from your system via our website
  6. Your IP address (possibly in anonymized, truncated form)

We do not draw any conclusions about your identity when processing this data. There is no personal analysis, no use of the data for marketing purposes, and no profiling.

Your data will be deleted as soon as you leave our website and end the respective session. Your IP address will be anonymized no later than thirty days after your visit to the website. This data is not stored together with any other personal data of yours. The legal basis for the temporary storage of this data is Article 6(1)(f) GDPR. Both the collection of data and its storage in log files are absolutely necessary for the provision and operation of our website.

Applications for Job Postings

If you apply for a position with us by post or electronically, the following personal data will be stored:

  1. Contact details
  2. Your application documents sent by mail or electronically, including any personal data contained therein
  3. Occupation/field of study
  4. Work experience
  5. Qualifications/skills and languages

The application data is collected, sent via email to our HR department, and stored on our server. The data is processed solely for the purpose of handling the application process.

Application documents are retained for approximately 3 months, after which the data is deleted.

Please note that we also post job advertisements on third-party platforms. In such cases, data may be collected and processed by the respective platform. For more information, please contact the respective portal directly.

Contacting us

You can contact us electronically, for example via email, chat, or through one of the contact forms on our website. Before contacting us, it is also possible to schedule an appointment online.

If you contact us and are interested in our content or have already entered into a contract with us, the legal basis for data processing is Article 6(1)(b) of the GDPR. Otherwise, the data processing is based on our legitimate interest in responding to customer inquiries, pursuant to Article 6(1)(f) of the GDPR. We process the data that you provide to us and that is necessary for communication.

1. Service provider

For customer communication, we use third-party service providers:

Email and contact form

We use the services of BREVO (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) and Freshdesk, a service provided by Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA. The data you provide during contact is transferred to these companies as part of a data processing agreement in accordance with Article 28(3) of the GDPR. This means that the data is not used by these companies to contact you directly or to pass your data on to third parties.

Chat

Our website uses Freshchat, a live chat software provided by Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA. Data transfers to Freshworks in the USA are safeguarded by Freshworks’ certification under the EU-U.S. Data Privacy Framework.For more information on Freshworks’ data processing, please refer to their privacy policy: https://www.freshworks.com/security/.

Chatbot

We offer an AI-powered chatbot tool on our website. For this, we use the service provided by Wonderchat Private Limited, Singapore, 7 Temasek Boulevard #12-07, Suntec City Tower One, 038987 Singapore. Data is encrypted during transfer to Wonderchat and is hosted within the EU.

Self-service portal

We use Freshdesk, a product of Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA, for our self-service customer portal.

Online appointment booking

We use Microsoft Bookings (part of Microsoft Office 365), provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.

WhatsApp Business

You can also communicate with us via WhatsApp Business. Personal data such as your name, phone number, and message content will be processed. The use of WhatsApp is entirely voluntary and only takes place if you initiate contact via this channel. If you no longer wish to communicate via WhatsApp, you can let us know at any time. We will then immediately discontinue communication and delete your WhatsApp contact data from our system. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which processes your personal data on our behalf. We have concluded a data processing agreement with WhatsApp. Your data may be transferred to WhatsApp LLC and Meta Platforms Inc., both based in the USA. Both companies are certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection within the meaning of Article 45 GDPR.

2. Customer Support

By default, VERBI has no access to your project data. This data is stored exclusively on your own device.

For the resolution of certain support cases that cannot be handled without access to your project data, we may ask you to provide us with your project files. The transfer of this data takes place via a secure, self-managed web service. The data is stored on an FTP server for a maximum duration of three months and is permanently deleted after your support case has been resolved.

Your project data is used exclusively to process your request and will not be processed for any other purpose.

As part of your support requests, you may provide us with support ZIP files containing additional technical information necessary for troubleshooting.

In specific cases that require a more detailed error analysis, we may ask you to record your screen using the Screendesk tool, provided by Screendesk SAS, 7 allée du long, 26500 Bourg-les-Valence, France. These recordings help us better understand the issue encountered while using MAXQDA. The recordings are stored by our service provider Screendesk for a duration of 30 days and are then deleted. For more information on data processing by Screendesk, please refer to their privacy policy: https://security.screendesk.io/screendesk-privacy.

3. Disclosure of Computer Names in Support Case

As part of support services and license management tasks, it may be necessary to disclose computer names to the respective license holder or their administrators. This transmission is used to identify and manage licensed devices and to resolve technical issues.

The processing is based on Article 6(1)(b) of the GDPR, as it is necessary for the fulfillment of contractual obligations. It is also in our legitimate interest, pursuant to Article 6(1)(f) of the GDPR, to ensure efficient license management and technical support.

Please note that license holders are obligated to inform affected users about this data processing.

4. Improving Customer Support, Anonymization, Artificial Intelligence

We are continuously working to improve our customer support. For this purpose, we process contact inquiries and customer communications.

We anonymize certain contact inquiries and communications to enhance the quality of our support services. Anonymized data refers to information that can no longer be linked to you personally. The legal basis for the anonymization of data is Article 6(1)(f) of the GDPR. We have a legitimate interest in generating anonymized data to use it for improving the quality of our services—both in our interest and yours.

Some customer inquiries may be forwarded to service providers operating artificial intelligence (AI) systems. In particular, we use the services of OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117–126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland. Such inquiries are forwarded especially for the purpose of generating a draft response. The legal basis for the automated generation of a response is Article 6(1)(f) of the GDPR. Our legitimate interest lies in improving customer support by supporting our staff with AI for quality assurance and faster processing.

The legal basis for transferring data to the service provider is Article 28 of the GDPR in conjunction with a data processing agreement.

Newsletter

In our newsletter, we regularly inform you about new products, features, updates, special promotions, trainings, and other events.

To subscribe to our newsletter, we only require your email address as well as your first and last name. No additional data is collected. This data is used exclusively for sending our newsletter.

After submitting the registration form, you will receive a confirmation email from us. Your subscription becomes active only once you click the link in the confirmation email (“double opt-in”).

The legal basis for data processing is your consent pursuant to Article 6(1)(a) GDPR and Section 7 of the German Act Against Unfair Competition (UWG). You may unsubscribe from the newsletter and thus withdraw your consent to data processing at any time. This can be done via the unsubscribe link provided in each newsletter, by emailing us at cs@maxda.com, or via this link: Unsubscribe from Newsletter.

If we receive your email address in connection with the sale of a product or service, we reserve the right to send you regular information by email about our own similar products or services.

Processing your email address for this purpose is based on Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG, and does not require separate consent.

You may object to the use of your email address for this purpose at any time without incurring any costs other than the transmission costs according to basic rates. You can declare your objection, for example, via the unsubscribe link included in every newsletter email.

We use Sendinblue, a service provided by BREVO, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, to distribute our newsletter. The above-mentioned data is transmitted to this company under a data processing agreement in accordance with Article 28(3)(1) GDPR. This means that the company does not use the data to contact you directly or to share it with third parties.

BREVO/Sendinblue provides analytical tools that help us evaluate the effectiveness of our newsletter campaigns. These analyses are only of statistical interest to us—for example, how many subscribers read our newsletters and which links are clicked. For more information, please refer to https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go.

Use of a Trial Version

When you request the free trial version via the form, we use your data to provide you with the necessary information, ask about your experience with the software, and introduce you to MAXQDA and its features. The following data is processed for this purpose:

  • Contact information (name, email address)

To ensure the security of our website and to protect against unwanted automated access such as spam, we use the service reCAPTCHA as part of the trial version form. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In addition to your IP address, Google may collect further information necessary for the provision and functionality of this service. The legal basis for this processing is Article 6(1)(f) of the GDPR. An adequate level of data protection is ensured through the use of the EU Commission’s Standard Contractual Clauses in accordance with Article 46(2)(c) of the GDPR.

Further information on how Google handles your user data can be found at: https://policies.google.com/privacy.

Free Offer of Digital Content

To provide you with our downloadable content (books and guides), we collect the following personal data:

  • Contact details (name, email address)

This data is collected in order to deliver the requested content to you in a personalized manner. The legal basis is Article 6(1)(b) of the GDPR.

Online-Shop

When visiting the online shop or ordering products and services from VERBI, you leave the VERBI website and are redirected to the website of our reseller, cleverbridge GmbH. All services, orders, and inquiries made on that site, i.e., in the “shop”, are subject to the privacy policy of cleverbridge GmbH: Online store powered by Cleverbridge

Subscription Manager

Customers have the option to manage their subscription via the Subscription Manager, an online service provided by VERBI GmbH. When using this service, the user’s first and last name, email address, and IP address are stored. The legal basis for this processing is Article 6(1)(b) of the GDPR.

Conference/Event Registration

If you register for an event organized by us, we process the data you provide solely for the purpose of organizing and conducting the event.

The data processing is based on Article 6(1)(b) of the GDPR (performance of a contract), as the provision of this data is necessary for participation in the event.

For the technical implementation of the event, we use the service Zoom, provided by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

You can find Zoom’s privacy policy at the following link: https://explore.zoom.us/de/privacy/.

Data Disclosure

Apart from the cases mentioned above, we will only disclose your personal data to third parties if:

  • you have given your explicit consent pursuant to Article 6(1)(a) GDPR,
  • the disclosure is legally permissible and required for the performance of a contract with you pursuant to Article 6(1)(b) GDPR,
  • there is a legal obligation to do so under Article 6(1)(c) GDPR, or
  • the disclosure is necessary under Article 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed.

Data may, in particular, be disclosed to the following categories of recipients:

  • IT service providers (e.g., hosting providers, system maintenance and support)
  • Communication service providers (e.g., email newsletter services)
  • Sales and implementation partners involved in the provision of our services
  • Payment service providers and banks, where necessary for payment processing
  • External consultants (e.g., tax advisors, legal counsel), if necessary to protect our legal interests
  • Authorities and public bodies, where a legal obligation to disclose exists

All recipients process the data either as independent controllers or as processors under a data processing agreement in accordance with Article 28 GDPR. In the latter case, they are contractually obligated to process the data solely on our instructions and in compliance with applicable data protection laws.

It is possible that your personal data may be transferred to recipients in so-called third countries, i.e., countries outside the EU/EEA. Please note that data processed in other countries may be subject to foreign laws and may be accessible to foreign governments, courts, law enforcement agencies, and supervisory authorities.

When transferring your personal data to third countries, we will take appropriate measures to ensure an adequate level of protection. Where no adequacy decision exists for the recipient country by the European Commission, the transfer is safeguarded either through the use of EU Standard Contractual Clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) or through binding corporate rules. In all other cases, a transfer will only take place if an exception under Article 49 GDPR applies.

General Data Retention Period

Unless otherwise specified in this privacy notice, personal data is stored only for as long as necessary to fulfill the purpose for which it was collected or to comply with applicable legal retention periods. Once the purpose no longer applies or the retention period has expired, the data is deleted.

Data Subjects Rights

In connection with the processing of your personal data, you as the data subject have the following rights under the applicable legal provisions:

  • Right of access (Article 15 GDPR): You have the right to request information about the personal data we process about you.
  • Right to rectification (Article 16 GDPR): You have the right to request the immediate correction or completion of inaccurate or incomplete personal data stored by us.
  • Right to erasure (Article 17 GDPR): You have the right to request the deletion of your personal data stored by us.
  • Right to restriction of processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data.
  • Right to data portability (Article 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
  • Right to withdraw consent (Article 7(3) GDPR): You may withdraw your previously given consent at any time by notifying us.
  • Right to object (Article 21 GDPR): If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation, or without such grounds if the objection relates to direct marketing. In the case of direct marketing, you have a general right to object which we will implement without requiring a specific situation.

If you wish to exercise any of the rights mentioned above, simply send an email to: kontakt@datenschutzrechte.de. You also have a general right to lodge a complaint with a data protection supervisory authority.

Final Provisions

VERBI reserves the right to amend this privacy policy at any time in order to comply with current legal requirements or to reflect changes in our services in this privacy policy, e.g., when introducing new services or making changes to the website. The new privacy policy will apply upon your next visit to this website.

Use of Cookies

We use cookies on our website. Cookies are small text files that are stored on the device you use to access our website. We use different categories of cookies, including essential cookies, functional cookies, cookies for displaying external media, and marketing cookies.

  • Essential cookies are necessary to ensure the basic functionality of the website.
  • Functional cookies are used to track user behavior on our website and to enhance its functionality.
  • Marketing cookies are used to display interest-based advertising.
  • External media cookies are used to display content such as videos or maps.

The legal basis for the use of essential cookies is Article 6(1)(f) GDPR in conjunction with Section 25(2) of the German Telecommunications and Telemedia Data Protection Act (TDDDG), as we have a legitimate interest in providing a functional website. The legal basis for the use of all other cookies is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG, which requires your consent.

We will not set any non-essential cookies without your consent, and you may withdraw your consent at any time with future effect via the link provided. You can also disable all non-essential cookies via the opt-out link provided or by adjusting your browser settings. Please note that disabling cookies may limit or completely disable the functionality of the website.

Essential

Essential services enable basic functions and are required for the proper functioning of the website.

Borlabs Cookie

Our website uses the consent management tool Borlabs Cookie, provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

Borlabs Cookie sets a technically necessary cookie to store your cookie preferences. It only stores the information regarding your given or withdrawn consents so that your browser can recognize them upon revisiting the website.

Further information: https://de.borlabs.io/datenschutz/

Google Tag Manager

This website uses Google Tag Manager, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager manages website tags via an interface and does not process any personal data itself. It only triggers other tags, which may in turn collect data (e.g., Google Analytics or marketing tools).

Privacy policy: https://policies.google.com/privacy

Matomo

We use Matomo (self-hosted) for web analytics. The following anonymized data is stored:

  • Browser type and version, operating system
  • Date and time of server request
  • Page views (title, URL), referrer URLs
  • Number of visits
  • Region of internet access
  • Pages accessed via our website

IP addresses are immediately pseudonymized. No data is shared with third parties. Raw data is automatically deleted after 90 days.

Wordfence

We use Wordfence, a service by Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA, to protect our website against attacks, malware, and unauthorized access. Wordfence collects IP addresses, access attempts, and other security-related data. Data may be transferred to the USA under EU Standard Contractual Clauses.

Privacy policy: https://www.wordfence.com/privacy-policy/

Statistics / Analytics

Statistics cookies collect usage data that help us understand how our visitors interact with our website.

Google Analytics

Google Analytics collects and analyzes usage data such as:

  • Browser information
  • Device type and operating system
  • Traffic source
  • Time spent on the website
  • Interactions (clicks, page views)

Marketing

Marketing services are used by third-party providers or publishers to display personalized advertisements. They do this by tracking visitors across websites.

Brevo

We use Brevo, a service by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, for newsletters and transactional emails.

Emails may include tracking pixels to measure open and click rates.

More info: https://www.brevo.com/de/legal/privacypolicy/

Facebook

Facebook is a social network operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you consent to this service, content from Facebook (e.g. embedded posts, comments, like buttons, or Messenger functions) will be displayed on our website. In doing so, personal data (e.g. IP address, browser information) may be transmitted to Meta servers, possibly also in the USA. Meta bases this data transfer to the USA on the EU-U.S. Data Privacy Framework in accordance with Article 45 GDPR.

Purpose of processing:

  • Display of Facebook content
  • Recognition across multiple pages
  • Analysis and measurement of advertising effectiveness
  • Technical optimization and security

LinkedIn – Insight Tag

Our website uses the LinkedIn Insight Tag, a tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. It collects information about website visits (e.g. URL, IP address, device information, timestamp) to analyze the effectiveness of our LinkedIn advertising and to display targeted ads. IP addresses are pseudonymized. Personal data is deleted no later than 90 days.

Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

An opt-out is possible at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-outhttps://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Meta Pixel

With this service, we process the following personal data:

  • Facebook user ID
  • IP address
  • Facebook cookie information
  • Pixel ID
  • Social media friend network
  • Usage data / user behavior
  • Views and interactions with content, ads, and services
  • Viewed content
  • Device information
  • Success of marketing campaigns
  • Transaction information
  • Geographic location
  • Cookie ID
  • Information from third-party sources

Microsoft Advertising

For these cookies, the following analytical values are typically stored: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be targeted). If you are registered with a Microsoft service, Microsoft can associate the visit with your account. Even if you are not registered or logged in, the provider may still obtain and store your IP address.

LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag, a tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. It collects information about website visits (e.g. URL, IP address, device information, timestamp) to analyze the effectiveness of our LinkedIn advertising and display targeted ads.

IP addresses are pseudonymized. Personal data is deleted no later than 90 days.

The legal basis is your consent in accordance with Article 6(1)(a) GDPR.

Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

An opt-out is possible at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Microsoft Clarity

Clarity records user interactions on our website, e.g. how the page was rendered and which interactions the user had on our site, such as mouse movements, clicks, scrolling, etc. The data is deleted after three months.

External Media

Content from video platforms and social media platforms is blocked by default. When external services are accepted, no manual consent is required to access this content.

Google reCAPTCHA

To protect against automated input (e.g. by bots), we use the Google reCAPTCHA service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA analyzes the behavior of website visitors based on various characteristics (e.g. IP address, mouse movements, time spent on the page, possibly also Google cookies) to determine whether it is a human user. The analysis begins automatically as soon as the respective page is loaded. This may result in data being transmitted to Google servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

Google Fonts

This website uses Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure consistent font display.

Google Fonts are embedded locally on our server, so no connection is made to Google servers when you access our pages, and no personal data is transmitted to Google.

Vimeo

Our website includes videos from the provider Vimeo. The operator is Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA. When a video is played, a connection is established to Vimeo’s servers, and your IP address as well as possibly other technical data (e.g., browser type, device, time of visit) is transmitted.

Vimeo may also use cookies and similar technologies to analyze user behavior. This may include data transfer to the USA. The legal basis is your consent in accordance with Article 6(1)(a) GDPR.

According to Vimeo, the data is stored for up to 2 years unless deleted or anonymized earlier.

Further information on data protection at Vimeo can be found at: https://vimeo.com/privacy

YouTube

We use YouTube to embed videos. All YouTube videos are embedded in “enhanced privacy mode,” meaning no data is transmitted to YouTube unless the videos are played. Only when a user plays a video are the following data transmitted. We have no control over this data transmission.

If you access a page on our site that contains such a plugin (e.g. our media library), a connection is established to YouTube servers and the plugin is displayed. This transmits to the YouTube server which of our pages you visited. If you are logged into your YouTube account, YouTube assigns this information to your personal user account. When using the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account.

You can prevent this assignment by logging out of your YouTube and other Google user accounts before using our website and deleting the respective company’s cookies.

Turnstile

We use Turnstile, a CAPTCHA service from Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany.

Turnstile protects our website against automated access and abuse (e.g. by bots). The service analyzes various technical characteristics (e.g. browser and header information, behavior on the page) to distinguish between human users and automated requests—usually without active interaction (e.g. without image-based puzzles).

In some cases, data including the IP address may be transmitted to Cloudflare servers, possibly also in third countries (e.g. the USA). Cloudflare is certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

Cookies we use