Can I get a signed DPA / AVV?

Yes. We sign a standard German GDPR DPA (Auftragsverarbeitungsvertrag) on request - reach out from /sales. The text is the standard form most customer DPOs already know, no surprise clauses; we also accept your own paperwork if your legal team prefers their template. Reply time is within a working day. Most teams under 50 seats don't need one (the standard plan terms cover the legal posture); larger setups get a short signed addendum alongside.

How do I export my data?

Account settings → export. Returns a JSON archive containing every record you own, every file you uploaded, and the relevant audit-log entries. No support ticket, no waiting period, no fee. Same export shape works on every plan.

How do I delete my account?

Account settings → delete. Confirms once, then removes records, files, embeddings, and audit-log entries within 30 days. Stripe payment metadata stays as long as German tax law requires it (10 years), in line with §147 AO; everything else is gone.

Who are your subprocessors?

Two: Stripe (payment processing only, transferred under the EU-US Data Privacy Framework) and our transactional mail relay (EU-hosted). Neither sees your records. The full list and what each one is allowed to touch lives at /privacy and /security.

Does KI BMS use Google Analytics or Meta Pixel?

No. No third-party analytics at all. Device + session metrics live in our own Postgres + Redis. The cookie banner that GA / Meta require doesn't apply because we don't load them - one fewer dialog between a visitor and the page they came for.

KI BMS

Pricing

Compare

KI BMS: the GDPR-friendly alternative to Notion

Plain-language privacy notice, standard German GDPR DPA available on request, self-serve export + delete.

GDPR alternative

ATS

Notion

DIY

Finn GlasCo-Founder + Engineering

·April 8, 2026·

3 min read

GDPR isn't a checkbox - it's a posture. If you're moving off Notion because their AVV / DPA is opaque, KI BMS is what a clean alternative looks like: subprocessor list of two (Stripe + mail relay), self-serve export + delete from account settings, and a standard German GDPR DPA on request when your procurement team needs one.

At a glance

Notion stays our wiki + strategy tool, no fight. As an ATS it works as long as you have one open role and fewer than 30 applications per quarter. The moment that becomes three roles or 100 applications, you're missing the five things a dedicated ATS does and a wiki doesn't: public application form, auto-mails with variables, KI pre-sort with reasoning, audit log + GDPR retention, conflict-free multi-person pipeline. KI BMS doesn't replace Notion - it takes over the part that needs behaviour.

GDPR posture

GDPR is a posture, not a checkbox

Three things matter under GDPR for a tool like this: (1) lawful basis for processing, (2) data subject rights (export, delete, port), and (3) the auftragsverarbeitungsvertrag / DPA chain. KI BMS treats them as engineering invariants, not legal optics. Lawful basis is the contract you sign with us. Subject rights are self-serve from your account settings - no support ticket required. The subprocessor list has two entries (Stripe + mail relay). A standard German GDPR DPA is available on request from /sales whenever your procurement team needs one - we don't charge for it and don't gate it behind a plan tier. Where Notion sits on each of these is the rest of this page.

KI BMS vs Notion: GDPR comparison

	Ours KI BMS	Theirs Notion
GDPR retention + auto-anonymisation
Structured fields per application		With database properties, manual
Public application form
Auto-mails with variable substitution
KI fit-score with reasoning		Notion AI without recruiting context
Who-changed-what audit log		Per-page version history
Careers page with custom domain		Notion Sites possible, no ATS form
Conflict-free multi-person pipeline		In theory
Hosted in Germany
Starting price	€0 / €1 / €10 per month	€0 (free) to ~€10 per seat

When to pick which

Pick KI BMS when

Three or more open roles, 50+ applications per quarter, two or more people reading along.

You need a public application form that writes directly into your pipeline.

GDPR retention is an open question - Notion has no 'anonymise after 6 months' switch.

You want KI pre-sorting that knows the role profile, not a generic 'Notion AI summarises' layer.

Pick Notion when

One role, one HR person, fewer than 30 applications across the role's lifetime.

Recruiting is a one-shot project right now; a dedicated tool feels oversized.

You live in Notion and tool sprawl is your biggest worry.

GDPR questions

What customer data-protection teams typically ask before signing a DPA.

Start with KI BMS

Free plan, no credit card. We host in Germany. Export + delete are self-serve.

Written by

Finn Glas

Co-Founder + Engineering

Finn is one of the Co-Founders. He owns the engineering side, the infrastructure, and most of the late-night fixes that ship before anyone notices.

finn.glas at aicuflow dot comLinkedIn Website