Can I get a signed DPA / AVV?

Yes. We sign a standard German GDPR DPA (Auftragsverarbeitungsvertrag) on request - reach out from /sales. The text is the standard form most customer DPOs already know, no surprise clauses; we also accept your own paperwork if your legal team prefers their template. Reply time is within a working day. Most teams under 50 seats don't need one (the standard plan terms cover the legal posture); larger setups get a short signed addendum alongside.

How do I export my data?

Account settings → export. Returns a JSON archive containing every record you own, every file you uploaded, and the relevant audit-log entries. No support ticket, no waiting period, no fee. Same export shape works on every plan.

How do I delete my account?

Account settings → delete. Confirms once, then removes records, files, embeddings, and audit-log entries within 30 days. Stripe payment metadata stays as long as German tax law requires it (10 years), in line with §147 AO; everything else is gone.

Who are your subprocessors?

Two: Stripe (payment processing only, transferred under the EU-US Data Privacy Framework) and our transactional mail relay (EU-hosted). Neither sees your records. The full list and what each one is allowed to touch lives at /privacy and /security.

Does KI BMS use Google Analytics or Meta Pixel?

No. No third-party analytics at all. Device + session metrics live in our own Postgres + Redis. The cookie banner that GA / Meta require doesn't apply because we don't load them - one fewer dialog between a visitor and the page they came for.

KI BMS

Pricing

Compare

KI BMS: the GDPR-friendly alternative to NextStep HR

Plain-language privacy notice, standard German GDPR DPA available on request, self-serve export + delete.

GDPR alternative

ATS

Self-serve

Distribution

Finn GlasCo-Founder + Engineering

·May 25, 2026·

4 min read

GDPR isn't a checkbox - it's a posture. If you're moving off NextStep HR because their AVV / DPA is opaque, KI BMS is what a clean alternative looks like: subprocessor list of two (Stripe + mail relay), self-serve export + delete from account settings, and a standard German GDPR DPA on request when your procurement team needs one.

At a glance

NextStep HR and KI BMS solve different problems - and they're different kinds of offering. NextStep HR is KI-driven job-ad distribution and social recruiting: pick the right channels data-first, optimise the ad, fill the top of funnel. Access and pricing aren't openly published, and the offering increasingly looks like a done-for-you service (managed / consulting) rather than a tool you simply sign up for and run. KI BMS is the opposite in format: a self-serve product with public pricing (€0 / €1 / €10 per month), a free tier and self-onboarding - and, in substance, the applicant management afterwards (pipeline, KI pre-sort with reasoning, structured interviews, auto-mails, GDPR retention). Short version: if you want someone to run your reach for you, NextStep HR is a candidate. If you want an affordable tool you start and own yourself today, it's KI BMS.

GDPR posture

GDPR is a posture, not a checkbox

Three things matter under GDPR for a tool like this: (1) lawful basis for processing, (2) data subject rights (export, delete, port), and (3) the auftragsverarbeitungsvertrag / DPA chain. KI BMS treats them as engineering invariants, not legal optics. Lawful basis is the contract you sign with us. Subject rights are self-serve from your account settings - no support ticket required. The subprocessor list has two entries (Stripe + mail relay). A standard German GDPR DPA is available on request from /sales whenever your procurement team needs one - we don't charge for it and don't gate it behind a plan tier. Where NextStep HR sits on each of these is the rest of this page.

KI BMS vs NextStep HR: GDPR comparison

	Ours KI BMS	Theirs NextStep HR
GDPR retention + audit log		GDPR yes, details not publicly stated
Self-serve product (start it yourself today)		More done-for-you / managed
Public pricing	€0 / €1 / €10 per month	Not publicly stated
Free tier without a sales call		Not publicly stated
KI channel selection + distribution
Social / passive-talent reach
Dedicated applicant management (pipeline)		Optional / via API to your ATS
KI fit-score per application with reasoning
Structured interviews + scorecards
Hosted in Germany		GDPR yes, location not publicly stated

When to pick which

Pick KI BMS when

You want a tool you start and own yourself today - no sales call, with public pricing and a free tier.

Your bottleneck isn't too few applications but too many unsorted ones - you need reading, scoring, replying.

You want KI pre-sort with reasoning, structured interviews and auto-mails as a default.

GDPR retention with auto-anonymisation and an audit log are mandatory, not nice-to-have.

Pick NextStep HR when

You don't want to run reach yourself but have it managed for you - someone picks channels, optimises the ad and steers the budget.

Your real problem is reach: simply too few or too poorly-matched applications arrive.

You want to reach passive talent via social and niche channels, not just the big job boards.

You have budget for a managed service and an existing applicant management that receives the applications via API.

GDPR questions

What customer data-protection teams typically ask before signing a DPA.

Start with KI BMS

Free plan, no credit card. We host in Germany. Export + delete are self-serve.

Written by

Finn Glas

Co-Founder + Engineering

Finn is one of the Co-Founders. He owns the engineering side, the infrastructure, and most of the late-night fixes that ship before anyone notices.

finn.glas at aicuflow dot comLinkedIn Website