PRIVACY

Privacy Policy

Last updated: March 2026

Data Controller

Theo Conrads

Kaiserstraße 49

42329 Wuppertal

Germany

Email: [email protected]

Phone: +49 174 4996039

What Data We Collect

  • Account data (email address, name) via registration — Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
  • User-generated content: notes, books, chat messages — Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
  • Usage analytics via Vercel Web Analytics (cookieless, privacy-friendly) — Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — Service improvement

Third-Party Processors

Vercel

Hosting and deployment. Vercel Web Analytics collects no personal data and uses no cookies. Legal basis: Performance of contract. Third-country transfer USA: EU-US Data Privacy Framework.

OpenRouter

AI processing of notes, books, and chat queries. User content is sent for processing but not stored or used for training. Legal basis: Performance of contract. Third-country transfer USA: EU-US Data Privacy Framework / Standard Contractual Clauses.

Polar Software Inc.

Payment processing as Merchant of Record for Pro subscriptions. Legal basis: Performance of contract. Polar processes payment data as an independent controller (not a processor).

Resend

Sending transactional emails (registration confirmation, password reset). Your email address is transmitted to Resend, Inc., San Francisco, CA, USA. Legal basis: Performance of contract. Third-country transfer: Standard Contractual Clauses.

Cloudflare

DNS management and DDoS protection. Cloudflare, Inc., San Francisco, CA, USA may process technical access data (IP addresses). Legal basis: Legitimate interest (security). Third-country transfer: EU-US Data Privacy Framework.

Data Storage

  • User data is stored on Vercel infrastructure (EU region where possible).
  • Neo4j database for graph data.

Your Rights (GDPR Art. 15–21)

You have the following rights regarding your personal data:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to deletion (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact: [email protected]

Data Retention

Your account data and content are stored as long as your account is active. After account deletion, all personal data will be deleted within 30 days, unless statutory retention obligations apply (e.g., tax retention periods for billing data: 10 years).

Technical access data (server logs) are automatically deleted after 30 days.

Cookies

  • Only essential cookies (authentication session)
  • Vercel Web Analytics is cookieless
  • No tracking cookies, no third-party marketing cookies