Privacy Policy

Last updated: March 20, 2026

1. Data Controller

DCSI AG, Talheimer Straße 22-24, 74223 Flein bei Heilbronn, Germany (contact details in Imprint). For data protection inquiries: datenschutz@revolverdoor.com

2. Data Collected

We collect and process the following personal data:

  • Registration data: Name, email address, OAuth profile data (Google/GitHub)
  • Usage data: Created stories, avatar configurations, question answers, reading history
  • Technical data: IP address, browser type, device information, usage times
  • Payment data: Processed directly by Stripe; we do not store credit card data

3. Legal Basis (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): Platform provision and story data processing
  • Consent (Art. 6(1)(a)): Use of analytics tools, optional features
  • Legitimate interest (Art. 6(1)(f)): Platform security, abuse prevention

4. AI Processing

User inputs (avatar descriptions, answers) are transmitted to a local AI model (Ollama/Mistral) running on our own servers. No data is transmitted to external AI services. AI-generated content is stored linked to user data.

5. Image Generation

For optional avatar image generation, ComfyUI is used on our servers. Uploaded photos are processed exclusively for image generation and deleted after completion.

6. Cookies and Tracking

We only use technically necessary cookies for authentication (NextAuth session). No tracking or advertising cookies are used.

7. Data Sharing with Third Parties

  • Stripe: Payment processing (independent controller)
  • OAuth providers: Google, GitHub (authentication only)
  • Email delivery: Transactional emails via our email provider

No data transfers to third countries outside the EU occur unless secured by appropriate safeguards.

8. Data Retention

User data is stored for the duration of account use. After account deletion, personal data is removed within 30 days. Anonymized stories may persist. Statutory retention obligations remain unaffected.

9. Your Rights

You have the following rights under GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to lodge a complaint with a supervisory authority

10. Youth Protection

We do not knowingly process data from children under 16. Registration requires confirmation of minimum age. For users between 16 and 18, we only process data with parental consent.

11. Data Security

We employ technical and organizational measures to protect your data, including encrypted transmission (TLS), hashed passwords, and regular security audits.