Privacy Policy
The legally binding version of this notice is in German. The operator is Digitalmindsoft Publishing e.K., based in Germany.
1. Controller
The party responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Digitalmindsoft Publishing e.K.
Owner: Christian Kramer
Hörvelsinger Weg 51, 89081 Ulm, Germany
Email: info@digitalmindsoft.eu
2. General information & SSL/TLS
We process personal data only to the extent necessary to provide our services, and always in accordance with the GDPR. For security reasons, this site uses SSL/TLS encryption; you can recognise an encrypted connection by the „https://“ prefix in the address bar.
3. Hosting & server log files
Hosting and content delivery are provided by Vercel Inc. When the pages are accessed, server log files are processed automatically (IP address, date and time, requested resource, referrer, browser type/version). This data serves the technical provision, security and stability of the service. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR).
4. User account & sign-in
To use the Studio, we create an account for you. Authentication, the database and profile data are processed via Supabase (hosted in the EU, Frankfurt region). When you sign in via magic link, we process your email address; when you optionally sign in via Discord or Twitch (OAuth), we receive your identifier, username, email address and, where applicable, a profile picture from them. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR).
5. AI generation
To create your assets, we transmit your inputs (style/subject selection, text inputs) and, where applicable, generated images to our AI service providers: OpenAI (image generation and editing), Atlas Cloud (video generation), Amazon Web Services (video cutout in Frankfurt) and optionally fal.ai as a technical fallback. This may involve a transfer to the USA; such transfer is safeguarded by EU Standard Contractual Clauses (Art. 46 GDPR). The legal basis is the performance of a contract (Art. 6(1)(b) GDPR). No AI training is carried out on your content for our purposes.
Reference uploads (selfies/logos): if you (as a paying user) upload your own photo or logo as a reference, we store it in a private, access-restricted object store (Cloudflare R2, EU jurisdiction). Before storage, every image is automatically screened for prohibited content (NSFW and apparent minors); for this we transmit it to Amazon Web Services (Amazon Rekognition, Frankfurt/EU region) as a processor. To create your assets, the reference image is additionally transmitted to OpenAI. Selfie references may contain personal and potentially biometric features; the legal basis is performance of a contract (Art. 6(1)(b) GDPR) and your explicit, logged consent (Art. 6(1)(a), and where applicable Art. 9(2)(a) GDPR), which you may withdraw at any time with future effect. Reference images are not used for AI training and are deleted when you remove them or delete your account.
6. Storage of your created works
The files you create are assigned to your account and stored in an object storage (Cloudflare R2, EU jurisdiction) in order to make them available to you for retrieval and download (Art. 6(1)(b) GDPR).
7. Payment processing
Payments (subscriptions and Amber packages) are processed via our payment service provider Creem as the „Merchant of Record“. For this purpose, Creem processes the necessary payment, invoicing and address data under its own responsibility and remits the applicable VAT. We ourselves do not receive or store complete payment-instrument data. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR).
8. Cookies & analytics
We use exclusively technically necessary cookies, in particular to maintain your sign-in session. We do not use tracking or marketing cookies. The legal basis for necessary cookies is § 25(2) TDDDG as well as our legitimate interest (Art. 6(1)(f) GDPR).
We use Vercel Web Analytics and Vercel Speed Insights (Vercel Inc., USA) only on public marketing, login and legal pages. Studio, account and admin pages are technically excluded. URLs are stripped of identifiers and unnecessary parameters before transmission; unreadable or private URLs are discarded. These services are cookieless and involve no cross-site tracking; they collect aggregated, anonymized usage and performance data (e.g. page views, Web Vitals) to improve the service and its loading speed. No profiles are created. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR); any transfer to the USA is safeguarded by the EU Standard Contractual Clauses (Art. 46 GDPR).
9. Provider and transfer register
The following overview describes the recipients currently integrated into the product and is maintained alongside the implementation.
| Provider | Purpose | Data | Region / role |
|---|---|---|---|
| Supabase | Sign-in, accounts and database | Account, profile, usage and evidence data | Frankfurt/EU; processor |
| Vercel | Hosting, server logs and public reach/performance measurement | IP/request data; minimized public-page URLs without account IDs | USA/EU; DPA and EU Standard Contractual Clauses |
| Cloudflare R2 | Private works and reference files | Generated media, selfies and logos | EU jurisdiction; DPA and EU Standard Contractual Clauses |
| OpenAI | Image generation and editing | Prompts, selected references and generated images | USA; DPA and EU Standard Contractual Clauses |
| Atlas Cloud | Video generation | Source image, motion instruction and generated video | Third-country transfer possible; EU Standard Contractual Clauses |
| Amazon Web Services | Content screening and video cutout | Reference images or technical video frames | Frankfurt/EU (eu-central-1) |
| fal.ai | Optional video-cutout fallback | Video being processed | USA; EU Standard Contractual Clauses |
| Creem | Checkout, invoicing, tax and payment processing | Purchase, invoice, address and payment data | Estonia/EU; independent controller as Merchant of Record |
| Resend | Transactional and newsletter email | Email address, language and delivery metadata | USA; DPA and EU Standard Contractual Clauses |
| Discord / Twitch | Optional OAuth sign-in | Identifier, username, email and profile image | USA; transfer only when OAuth is selected |
10. Retention period
We store personal data only for as long as it is necessary for the stated purposes or as long as statutory retention periods (e.g. under commercial and tax law) exist. Account and content data are removed when the account is deleted, unless retention obligations prevent this.
11. Your rights
You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object (Art. 21 GDPR). To exercise these rights, please contact info@digitalmindsoft.eu. You also have the right to lodge a complaint with a data protection supervisory authority; the authority responsible for us is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg.
12. Changes to this privacy policy
We will amend this privacy policy as soon as changes to our services or the legal situation make this necessary. The version published on this page applies in each case.