Data Protection Information (GDPR)

1. Controller Information

In accordance with Article 13 and 14 of the General Data Protection Regulation (GDPR), I inform you about the processing of your personal data:

2. Categories of Personal Data

We process the following categories of personal data:

• Identity data: Name, email address, user ID
• Account data: Login credentials, preferences, settings
• Usage data: Topics created, searches performed, interactions with the Service
• Technical data: IP address, browser type, device information, access times
• Content data: Survey responses, feedback, user-generated content

3. Purposes and Legal Basis for Processing

3.1 Contract Performance (Article 6(1)(b) GDPR)

We process your data to:

• Provide and maintain the Service
• Process your requests and transactions
• Manage your account
• Communicate with you about the Service

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

We process your data based on our legitimate interests to:

• Improve and optimize the Service
• Ensure security and prevent fraud
• Analyze usage patterns
• Provide customer support

3.3 Consent (Article 6(1)(a) GDPR)

We process your data based on your consent for:

• Marketing communications (if applicable)
• Non-essential cookies
• Additional services you opt into

3.4 Legal Obligation (Article 6(1)(c) GDPR)

We process your data to comply with legal obligations, such as:

• Tax and accounting requirements
• Legal retention obligations
• Compliance with court orders or legal requests

4. Data Recipients

We may share your personal data with:

• Service providers: Hosting, analytics, payment processing, email services
• AI service providers: OpenAI, Grok, and similar services for content generation
• Legal authorities: When required by law or to protect our rights
• Business partners: Only with your explicit consent

All data processors are contractually bound to process your data only in accordance with our instructions and GDPR requirements.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

6. Data Retention

We retain your personal data only for as long as necessary:

• Account data: For the duration of your account and up to 30 days after deletion
• Usage data: Up to 2 years for analytics purposes
• Legal obligations: As required by applicable law (e.g., tax records: 7-10 years)
• Consent-based data: Until you withdraw consent

After the retention period, we will securely delete or anonymize your data.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed and to access that data.

7.2 Right to Rectification (Article 16 GDPR)

You have the right to have inaccurate personal data corrected and incomplete data completed.

7.3 Right to Erasure (Article 17 GDPR)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the original purposes.

7.4 Right to Restrict Processing (Article 18 GDPR)

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data.

7.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7.6 Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent (Article 7(3) GDPR)

If processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Supervisory Authority in Hesse, Germany:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
Website: datenschutz.hessen.de

8. Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, except where:

• It is necessary for entering into or performing a contract
• It is authorized by EU or Member State law
• You have given explicit consent

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

10. Exercising Your Rights

To exercise any of your rights, please contact me:

Moritz Schafft
34132 Kassel
Germany
Email: moritzschafft@gmail.com
Phone: +49 151 12382531

I will respond to your request within one month. If your request is complex or I receive multiple requests, I may extend this period by up to two additional months, and I will inform you of any such extension.

11. Changes to This Information

We may update this Data Protection Information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated information on this page.

12. Additional Information

For more detailed information about data processing practices, please refer to the Privacy Policy and Cookie Policy.