Privacy Policy

1. Data Controller

The data controller for this website is:
Portalix UG (haftungsbeschränkt)
Thalkirchner Str. 103
81371 Munich, Germany
Email: privacy@privacychat.de

2. Data We Collect

We collect the following data:

  • Email address: When signing up for the waitlist or contacting us
  • Usage data: Number of messages, masked PII types (anonymized)
  • Technical data: IP address, browser type, access time (server logs)

3. No PII Storage

Important: PrivacyChat does not store any personally identifiable information (PII) from your chat messages. Masking happens in real-time in memory. Token mappings are only kept for the duration of a session and deleted afterwards.

4. Purpose of Processing

  • Providing the chat service
  • Communication and support
  • Improving our service
  • Billing (for paying customers)

5. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR (contract performance)
  • Art. 6(1)(a) GDPR (consent, e.g., newsletter)
  • Art. 6(1)(f) GDPR (legitimate interest)

6. Your Rights

You have the right to:

  • Access your stored data
  • Rectification of inaccurate data
  • Erasure of your data
  • Restriction of processing
  • Data portability
  • Object to processing

7. Account Deletion

You can request deletion of your account at any time. Send an email to privacy@privacychat.de with the subject "Delete account". We will delete your data within 72 hours and confirm the deletion by email.

Upon deletion, the following will be removed:

  • Your account data (email, registration data)
  • Your chat history
  • Active subscriptions will be cancelled

Invoice data must be retained for 10 years due to legal requirements (§ 147 AO German tax law).

8. Hosting

Our servers are operated by NOEZ GmbH, Germany. Server logs (IP addresses, access times) are automatically deleted after 7 days. A data processing agreement (DPA) according to Art. 28 GDPR has been concluded.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

9. Email Service

For sending system emails (magic links, notifications), we use Mailgun (Sinch Email) via EU servers. Only email addresses are transmitted. A data processing agreement (DPA) has been concluded.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

10. LLM Providers

PrivacyChat forwards your masked messages to LLM providers (e.g., OpenAI). Important: Due to masking, no personal data is transmitted to these providers. The LLM provider only sees anonymized tokens like "[PERSON_1]" instead of real names.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

11. Web Analytics (Simple Analytics)

To analyze website usage, we use Simple Analytics (Simple Analytics B.V., Netherlands). Simple Analytics is a privacy-friendly analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not store IP addresses
  • Is GDPR-compliant without requiring consent

Only aggregated, anonymous data is collected (page views, referrer, country based on timezone). Simple Analytics' privacy policy can be found at: simpleanalytics.com/privacy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing website usage)

12. Payment Processing

We use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland) for payment processing. When subscribing to a paid plan, your email address is transmitted to Stripe. Payment information (credit card, SEPA) is entered directly at Stripe - we have no access to this data.

Stripe processes this data for payment handling. Stripe's privacy policy can be found at: stripe.com/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance)

13. Contact

For privacy questions: privacy@privacychat.de

Last updated: January 2026