Prompt with plain data
An employee pastes a contract, a customer list or source code into ChatGPT and the like – to get done faster.
A prompt with customer data. An upload to the wrong cloud. A tool that trains in the background. When internal data has leaked into an AI, the first 72 hours count. Here you get a clear head and a plan – without panic, without a compliance monologue.
Free · No login · Not legal advice, but clear orientation
No attacker needed – a helpful team and a convenient tool are enough. Do you recognise one of these situations?
An employee pastes a contract, a customer list or source code into ChatGPT and the like – to get done faster.
A free AI tool uses inputs for model training under its terms. Your data is now part of something you no longer control.
Data ends up on a US provider’s servers – without a checked data processing agreement and without a transfer basis.
Nobody approved it, everybody uses it. You learn about the tool only when something goes wrong.
A clearly prioritised checklist for the first hours. No jargon – the concrete steps in the right order.
Enter your email – you will receive the checklist directly.
Five short questions. At the end you get a recommendation tailored to your situation – including an assessment of the 72-hour reporting duty.
This determines which rules apply.
Orientation aid, not legal advice. When in doubt, involve your data protection officer or a lawyer.
I am an AI architect, not an agency type. In a focused conversation we classify the incident, stop the data leak and define what happens next technically and organisationally – so you are able to act instead of paralysed.
Today’s incident is yesterday’s blind spot. The radar makes visible which AI tools are in use, rates them by data risk – and warns before sensitive data flows into the wrong cloud.
Captures the AI services in use – via browser signal, log import or a short team self-check. Result: an honest list.
Each tool gets a traffic light: server location, training use of inputs, DPA available, EU alternative present.
A clear recommendation per tool: approve, secure or replace – plus a lean AI policy the team accepts.
Early access, a say in the features and a preferential launch price. No spam – just one message when it starts.
Note: This page, the checklist and the wizard are a general orientation aid and do not replace individual legal or data protection advice. For binding assessments – in particular on notification duties under GDPR Art. 33/34 and the requirements of the EU AI Act – please involve your data protection officer or a lawyer. As of: July 2026.