Privacy Policy

1. Data Controller

The data controller for this website is:
Portalix UG (haftungsbeschränkt)
Thalkirchner Str. 103
81371 Munich, Germany
Email: privacy@privacychat.de

2. Data We Collect

We collect the following data:

Email address: Only when you contact us or request support
API usage data: Token count, costs (for billing)
Technical data: IP address, access time (server logs, 7 days)

Not collected: Your chat content, personal data from messages.

3. 100% Local PII Masking

Important: Detection and masking of personally identifiable information (PII) happens 100% locally on your device. Your real data (names, email addresses, IBANs, etc.) never leaves your computer.

How it works:

You type your message in the desktop app
The app detects PII locally (186 patterns) and replaces it with placeholders
Only the masked message is sent to our server
The response is unmasked locally

Token mappings only exist in the app's memory during your session.

4. Purpose of Processing

Providing the chat service
Communication and support
Improving our service
Billing (for paying customers)

5. Legal Basis

Processing is based on:

Art. 6(1)(b) GDPR (contract performance)
Art. 6(1)(a) GDPR (consent, e.g., newsletter)
Art. 6(1)(f) GDPR (legitimate interest)

6. Your Rights

You have the right to:

Access your stored data
Rectification of inaccurate data
Erasure of your data
Restriction of processing
Data portability
Object to processing

7. Data Deletion

PrivacyChat is a desktop app. Your chat history and PII mappings are not stored on our servers.

Delete local data: Uninstall the app or delete the folder ~/Library/Application Support/privacychat/ (macOS).

Server data: If you have received an API key from us and want to deactivate it, send an email to privacy@privacychat.de.

Invoice data must be retained for 10 years due to legal requirements (§ 147 AO German tax law).

8. Hosting

Our servers are operated by NOEZ GmbH, Germany. Server logs (IP addresses, access times) are automatically deleted after 7 days. A data processing agreement (DPA) according to Art. 28 GDPR has been concluded.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

9. Email Service

For sending system emails (magic links, notifications), we use Mailgun (Sinch Email) via EU servers. Only email addresses are transmitted. A data processing agreement (DPA) has been concluded.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

10. LLM Providers

PrivacyChat forwards your masked messages via our proxy server to LLM providers (e.g., OpenAI).

Important: Since masking happens locally on your device, neither our server nor the LLM provider sees your real personal data. The LLM provider only receives anonymized placeholders like "[NAME_1]" or "[EMAIL_1]" instead of real names or email addresses.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

11. Web Analytics (Simple Analytics)

To analyze website usage, we use Simple Analytics (Simple Analytics B.V., Netherlands). Simple Analytics is a privacy-friendly analytics service that:

Does not use cookies
Does not collect personal data
Does not store IP addresses
Is GDPR-compliant without requiring consent

Only aggregated, anonymous data is collected (page views, referrer, country based on timezone). Simple Analytics privacy policy: simpleanalytics.com/privacy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing website usage)

12. Payment Processing

We use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland) for payment processing. When subscribing to a paid plan, your email address is transmitted to Stripe. Payment information (credit card, SEPA) is entered directly at Stripe - we have no access to this data.

Stripe processes this data for payment handling. Stripe's privacy policy can be found at: stripe.com/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance)

13. Contact

For privacy questions: privacy@privacychat.de

Last updated: January 2026