Privacy Policy
Effective:
Draft. This policy is a first draft. A qualified data-protection lawyer in must review it before launch, particularly the lawful-basis table and the processor list.
1. Who is the controller
(, ) is the data controller for the personal data described below. Contact: .
2. What we collect and why
| Category | Examples | Lawful basis (GDPR Art. 6) |
|---|---|---|
| Account | Email, username, display name, password hash | Contract (Art. 6(1)(b)) |
| Profile | Avatar, bio, cover photo, eCV entries you add | Contract |
| Content | Posts, comments, messages, groups, media uploads, notes, calendar events | Contract |
| Payment | Stripe customer ID, subscription status, tier, expiry, invoice history | Contract + legal obligation (tax, Art. 6(1)(c)) |
| Technical | IP address, user agent, authentication cookies, session tokens | Legitimate interest: operating and securing the Service (Art. 6(1)(f)) |
| Optional integrations | OAuth tokens and content fetched from external accounts you connect (email, social) | Contract + your explicit action |
| AI assistant | Your prompts and the assistant's replies | Contract + legitimate interest to operate the feature |
We do not store full payment card numbers — Stripe handles those directly.
3. Who we share it with (our processors)
We use the following sub-processors, each bound by a data-processing agreement:
- Stripe Payments Europe, Limited (Ireland) — payments, subscription billing, Billing Portal.
- Hetzner Online GmbH (Germany) — primary hosting (virtual server in Nuremberg).
- Cloudflare, Inc. (US, with EU data-localisation) — CDN, DDoS protection, DNS.
- Cloudflare R2 — media storage for uploaded files.
- Anthropic PBC (US) — AI assistant inference. Your prompts transit to Anthropic's API. Anthropic does not train on API inputs by default.
- Brave Software, Inc. (US) — web search queries the assistant performs on your behalf.
- Telegram Messenger Inc. — only if you opt into the Telegram bot integration.
- Matrix homeserver — only if you opt into the Matrix integration.
- Sentry (Functional Software, Inc.) — error monitoring, if enabled.
For transfers to the United States we rely on the EU-US Data Privacy Framework where the processor is certified, and on Standard Contractual Clauses otherwise.
4. Cookies
We use a small number of strictly necessary cookies for authentication (JWT access and refresh tokens) and for remembering your theme preference. We do not use advertising or analytics cookies. Strictly necessary cookies do not require consent.
5. How long we keep data
- Account + content: for as long as your account is open. Deleted on account deletion, with a 30-day soft-delete window for recovery.
- Backups: daily database dumps are retained for 30 days (with a 7-most-recent floor).
- Invoices and tax records: up to 10 years as required by tax law.
- Assistant conversations: kept with your account; deletable per conversation.
- Security logs: up to 90 days.
6. Your rights (GDPR Art. 15–22)
- Access — request a copy of your data.
- Rectification — correct inaccurate data.
- Erasure — delete your account and its data, subject to legal retention.
- Portability — receive your data in a machine-readable format.
- Restriction / Objection — tell us to stop specific processing based on legitimate interest.
- Withdraw consent — where we rely on consent, you can withdraw it at any time.
- Complain — to your local data-protection authority in the EU.
Write to to exercise any of these rights.
7. International transfers
Primary processing happens in the EU (Germany). Some sub-processors (Anthropic, Brave, Cloudflare US operations) process data in the US under the safeguards described in §3.
8. Children
The Service is not intended for people under 16. We do not knowingly collect data from children.
9. Changes to this policy
We will notify you in-app or by email of material changes at least 30 days before they take effect.