Last updated: March 14, 2026
DefoAI UG (haftungsbeschränkt)
Wiltinger Straße 11, 13465 Berlin, Germany
Email: [email protected]
This Service is intended for users aged 16 and over.
| Data | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Email address, display name | Account authentication and communication | Contract (Art. 6(1)(b)) |
| Ad platform data (Google Ads, Microsoft Advertising — authorised via OAuth) | Importing, managing, and syncing your ad campaigns | Contract (Art. 6(1)(b)) |
| Subscription and payment status | Managing your subscription and billing | Contract (Art. 6(1)(b)) |
| Anonymised usage events | Improving the Service (Firebase Analytics, only with your consent) | Consent (Art. 6(1)(a)) |
| IP address (at login) | Security and fraud prevention (Cloudflare Turnstile) | Legitimate interest (Art. 6(1)(f)) |
Ad platform data (Google Ads, Microsoft Advertising) is used solely to provide the Service and is not shared with third parties beyond what is necessary for that purpose. We do not use it to train AI models or for advertising. Our use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell your data. We share data only with the following service providers, who process it on our behalf under contractual data protection obligations:
| Provider | Role | Location | Safeguard |
|---|---|---|---|
| Google (Firebase) | Authentication & Analytics | EU / USA | Standard Contractual Clauses |
| Stripe | Payment processing | USA | Standard Contractual Clauses |
| Cloudflare | Infrastructure & bot protection | EU / Global | Standard Contractual Clauses |
| Upstash | Database | Ireland (EU) | Within EEA |
| EdenAI | AI provider routing | France (EU) | Within EEA |
| OpenAI | AI text generation (via EdenAI) | USA | Standard Contractual Clauses |
We may disclose data where required by law or to protect legal rights.
Under GDPR, you have the right to: access your data, rectify inaccuracies, erasure ("right to be forgotten"), restrict processing, data portability, object to processing based on legitimate interest, and withdraw consent at any time (without affecting prior lawful processing).
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your national data protection authority. In Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.
| Category | Provider | Purpose | Retention |
|---|---|---|---|
| Strictly necessary | Google (Firebase) | Authentication session | Until sign-out |
| Strictly necessary | DefoAI | Stores your cookie consent choice | Persistent |
| Functional | Stripe | Payment fraud prevention | Up to 1 year |
| Analytics (consent required) | Google (Firebase Analytics) | Anonymised usage analysis to improve the Service | Up to 2 years |
You can accept or decline analytics cookies via the banner on first visit, or change your choice at any time via Cookie Preferences in the application footer.
We will notify you of material changes to this policy by updating the date above. Continued use of the Service constitutes acceptance of the updated policy.
DefoAI UG (haftungsbeschränkt)
[email protected]