Translation Notice
This is a translation of the German Privacy Policy. The German version is legally binding. In case of any discrepancies, the German version shall prevail.
→ View German version (rechtlich bindend)Privacy Policy
Information about the processing of your personal data according to GDPR
Table of Contents
- Data Controller
- Overview of Processing
- Legal Basis
- Hosting and Servers
- Registration and Authentication
- Payment Processing (Stripe)
- AI Services and Third Parties
- Cookies and Tracking
- Your Rights
- Data Security
- Data Transfer to Third Countries
- Changes
1. Data Controller
EG Vision IT GmbH
Margeritenstraße 2
92138 Lappersdorf
Germany
Represented by: Viktor Eigenseer (Managing Director)
Email: info@egvision.de
Website: https://artvibes.io
2. Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing:
Types of Data Processed
- Master data (names, email addresses)
- Contact data (email addresses)
- Content data (prompts, generated content)
- Usage data (generation history, credit consumption)
- Payment data (processed via Stripe)
- Meta/communication data (IP addresses, timestamps)
Categories of Data Subjects
- Users (customers, prospects, website visitors)
Purposes of Processing
- Provision of the platform and its functions
- Creation of a user account
- Contract fulfillment and subscription management
- Payment processing
- AI-powered content generation
- Customer service and support
- Security measures
- Analysis and optimization (with consent)
3. Legal Basis for Processing
We process your personal data based on the following legal grounds according to Art. 6 (1) GDPR:
Art. 6 (1) (a) GDPR (Consent): For cookies for analytics and marketing purposes, newsletters, optional features
Art. 6 (1) (b) GDPR (Contract Performance): For registration, account management, subscription management, payment processing, and provision of AI generation services
Art. 6 (1) (f) GDPR (Legitimate Interests): For technically necessary cookies, security measures, fraud prevention, and improvement of our services
Art. 6 (1) (c) GDPR (Legal Obligation): For compliance with statutory retention obligations and tax requirements
4. Hosting and Servers
Our platform is hosted on the following infrastructures:
Vercel (Website Hosting)
Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Data Processed: IP addresses, access data, technical log data
Legal Basis: Art. 6 (1) (f) GDPR (legitimate interests)
Privacy Policy: https://vercel.com/legal/privacy-policy
Supabase (Database)
Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore
Data Processed: User data, generation history, credit transactions
Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
Privacy Policy: https://supabase.com/privacy
Cloudflare R2 (File Storage)
Provider: Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA
Data Processed: Generated images, videos, and audio files
Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
Privacy Policy: https://www.cloudflare.com/privacypolicy/
5. Registration and Authentication (Clerk)
We use Clerk for user registration and authentication:
Provider: Clerk Inc., 548 Market St, PMB 80717, San Francisco, CA 94104, USA
Data Processed: Email address, name, profile picture (optional), password (encrypted), IP address, device information
Purpose: Secure user authentication, session management, account security
Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
Retention Period: Until deletion of the user account
Privacy Policy: https://clerk.com/privacy
Upon registration, we create a linked entry in our database that connects your Clerk ID with your platform profile.
6. Payment Processing (Stripe)
We use the payment service provider Stripe for payment processing:
Provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Data Processed: Name, email address, payment data (credit card number, IBAN, etc.), billing address, IP address, transaction data
Purpose: Secure processing of payments for subscriptions and credit packages
Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
Privacy Policy: https://stripe.com/privacy
Important Notes:
- Payment data is processed directly by Stripe and not stored on our servers
- We only store the Stripe Customer ID and Subscription ID for linking
- Stripe is PCI DSS Level 1 certified (highest security standard)
- Stripe uses EU Standard Contractual Clauses for data transfer to the USA
The processing of payment data is required for contract performance. Without transmission to Stripe, no payment can be made.
7. AI Services and Third Parties
For AI content generation, your prompts are transmitted to the following third-party providers:
7.1 OpenAI (DALL-E 3, GPT, TTS)
Provider: OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA
Services: DALL-E 3 (image generation), GPT (text processing), TTS (Text-to-Speech), Content Moderation
Data Transmitted: Text prompts, settings
Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
Note: OpenAI stores API requests for up to 30 days for abuse prevention purposes. The data is not used for model training (API usage).
Privacy Policy: https://openai.com/policies/privacy-policy
7.2 fal.ai (Flux Models)
Provider: fal.ai, Inc.
Services: Flux Schnell, Flux Pro (image generation)
Data Transmitted: Text prompts, image settings
Note: Flux models were developed by Black Forest Labs (Germany) and are provided via fal.ai.
Privacy Policy: https://fal.ai/privacy
7.3 Replicate (Various Models)
Provider: Replicate, Inc., San Francisco, CA, USA
Services: Stable Diffusion XL, Stable Video Diffusion, Kling, Runway Gen-3, Luma Dream Machine, MusicGen, Real-ESRGAN, Background Removal
Data Transmitted: Text prompts, input images if applicable, settings
Note: Input data is deleted after processing and not used for training.
Privacy Policy: https://replicate.com/privacy
7.4 ElevenLabs (Voice Synthesis)
Provider: ElevenLabs Inc., USA
Services: Text-to-Speech, Voice Cloning
Data Transmitted: Texts for speech synthesis, voice samples if applicable
Privacy Policy: https://elevenlabs.io/privacy
Important Notice: By using our generation functions, you consent to the transmission of your prompts to the respective AI providers. Please do not enter sensitive personal data in your prompts. The provider assumes no liability for data you enter in prompts.
8. Cookies and Tracking
8.1 What are Cookies?
Cookies are small text files stored on your device when you visit our website. They allow us to save your preferences and improve your use of our services.
8.2 Technically Necessary Cookies
These cookies are essential for the operation of the website and cannot be disabled:
| Cookie | Purpose | Duration |
|---|---|---|
| __clerk_* | Authentication and session | Session / 1 year |
| sb-* | Supabase Session | Session |
| cookie_consent | Storage of your cookie preferences | 1 year |
Legal Basis: Art. 6 (1) (f) GDPR (legitimate interests) and § 25 para. 2 Nr. 2 TDDDG (technically necessary)
8.3 Analytics and Tracking Cookies
With your consent, we set the following cookies for analytics and optimization purposes:
| Service | Purpose | Provider |
|---|---|---|
| Google Analytics | Website analysis, usage statistics | Google Ireland Ltd. |
| Hotjar | Heatmaps, Session-Recording | Hotjar Ltd. |
Legal Basis: Art. 6 (1) (a) GDPR (consent) and § 25 para. 1 TDDDG
These cookies are only set after you have given your consent via our cookie banner. You can revoke your consent at any time.
8.4 Your Cookie Settings
You can change or revoke your cookie settings at any time via the "Cookie Settings" link in the footer of our website.
9. Your Rights as a Data Subject
According to the GDPR, you have the following rights:
Right of Access (Art. 15 GDPR): You can request information about your personal data stored with us.
Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
Right to Erasure (Art. 17 GDPR): You can request the deletion of your data, provided no statutory retention obligations exist.
Right to Restriction of Processing (Art. 18 GDPR): Under certain conditions, you can request the restriction of processing of your data.
Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, commonly used format.
Right to Object (Art. 21 GDPR): You can object to the processing of your data insofar as the processing is based on legitimate interests.
Right to Withdraw Consent (Art. 7 (3) GDPR): You can withdraw a given consent at any time with effect for the future.
Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. The competent authority is the supervisory authority of the federal state where you reside or where the provider is located.
To exercise your rights contact us at: info@egvision.de
10. Data Security
We use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons:
- SSL/TLS encryption for all data transfers
- Encrypted storage of sensitive data
- Row Level Security (RLS) for database access
- Regular security audits
- Access restrictions and authentication
- Webhook signature verification
Our security measures are continuously improved in line with technological developments.
11. Data Transfer to Third Countries
Some of our service providers are based outside the European Union, particularly in the USA. For these transfers, we use the following safeguards:
EU Standard Contractual Clauses (SCCs): Most US providers have implemented EU Standard Contractual Clauses that ensure an adequate level of data protection.
EU-U.S. Data Privacy Framework: Some providers are certified under the EU-U.S. Data Privacy Framework.
The specific safeguards of the individual providers can be found in their respective privacy policies (see links above).
12. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy to keep it in line with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit.
Registered users will be informed by email of significant changes.
Last updated: December 2024