Privacy Policy

1. Controller and Data Protection Officer

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Note: Please update the controller information above with actual company details.

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

Our web application operates entirely within your web browser using JavaScript. All data processing occurs locally on your device. We process personal data of our users only to the extent necessary to provide a functional website and our content and services.

2.2 Legal Basis for Processing Personal Data

Insofar as we obtain consent from the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Since all data is stored exclusively in your browser's local storage, data deletion is entirely under your control. You may delete all stored data at any time by clearing your browser's local storage or using the application's "Clear All Data" function.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system. This is handled by your hosting provider (e.g., Vercel, Netlify) and typically includes:

• Information about the browser type and version used
• The user's operating system
• The user's Internet service provider
• The IP address of the user
• Date and time of access
• Websites from which the user's system reaches our website (referrer URL)

These data are stored in the log files of the hosting system. This data is not stored together with other personal data of the user.

3.2 Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3.4 Duration of Storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collection of data for the provision of the website, this is the case when the respective session is ended. Storage in log files typically occurs for a maximum period of 7 days. The exact retention period is determined by the hosting provider.

4. Data Storage in Your Browser (Local Storage)

4.1 Description and Scope

Our web application uses the browser's local storage mechanism to store the following data exclusively on your device:

• API Keys: Your personal API keys for AI service providers (e.g., OpenAI, OpenRouter, Requesty.ai)
• Chat Conversations: Complete history of your conversations with AI models
• User Preferences: Application settings, selected models, and interface preferences
• Theme Settings: Your dark mode or light mode preference

4.2 Legal Basis

The legal basis for the use of local storage is Art. 6 para. 1 lit. a GDPR (consent) in conjunction with Art. 6 para. 1 lit. b GDPR (contract performance), as this storage is necessary to provide the functionality you have requested.

4.3 Important Notice About Local Storage

4.4 Deletion of Data

You can delete all locally stored data at any time by:

• Using the "Clear All Data" function in the application
• Manually deleting individual API keys or conversations in the interface
• Clearing your browser's local storage through browser settings
• Using your browser's incognito/private mode (data will be deleted when closing the session)

5. Direct Data Transmission to Third-Party API Providers

5.1 Description of Data Processing

When you use our application to communicate with AI models, your browser establishes a direct connection to the API provider you have configured (e.g., OpenAI, Anthropic via OpenRouter, or Requesty.ai).

This direct communication includes:

• Your chat messages and prompts
• Your API key (for authentication with the provider)
• Selected model and parameters
• Your IP address (visible to the API provider)

5.2 Your Responsibility

As the user, you are responsible for:

• Choosing an API provider that meets your privacy requirements
• Reviewing and understanding the privacy policy of your chosen API provider
• Ensuring that your use of the API provider complies with applicable data protection laws
• Managing your own API keys securely

5.3 Recommendations for GDPR Compliance

If you are subject to GDPR or process personal data from EU citizens, we recommend:

• Selecting API providers with EU data centers and GDPR compliance
• Reviewing whether a Data Processing Agreement (DPA) is required and available
• Considering providers like Requesty.ai that are specifically designed for EU GDPR compliance
• Not entering personal data of third parties into the chat without proper legal basis

For detailed information about choosing a GDPR-compliant provider, please see our Privacy Architecture page.

6. Use of Cookies

7. Web Analytics and Tracking

8. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

8.1 Right to Information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. Given that we do not collect or store personal data on our servers, there is no data we can provide information about. All data is stored locally on your device and is accessible to you through the application interface.

8.2 Right to Rectification

You have the right to rectification of inaccurate personal data concerning you. Since all data is stored locally on your device, you can directly edit, update, or correct any data through the application interface.

8.3 Right to Restriction of Processing

Under certain conditions, you can request the restriction of the processing of your personal data. Since no processing occurs on our servers, you can control all processing by using or not using the application.

8.4 Right to Erasure

You have the right to obtain the erasure of personal data concerning you without undue delay. You can exercise this right at any time by:

• Deleting individual data items through the application interface
• Using the "Clear All Data" function
• Clearing your browser's local storage

8.5 Right to Information

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or restriction of processing. In our case, since we do not store or process data on our servers, there are no recipients to notify.

8.6 Right to Data Portability

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format. Our application provides an export function that allows you to download your conversations and data as JSON files, ensuring full data portability.

8.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. Since our application processes data only locally on your device and at your explicit instruction, you can stop any processing by simply not using the application.

8.8 Right to Withdraw Consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal. You can withdraw consent by deleting your data and ceasing to use the application.

8.9 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

9. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Since all sensitive data (API keys, conversations) is stored exclusively in your browser's local storage:

• We cannot access your data
• Your data is protected by your device's security measures
• We recommend using secure devices and keeping your browser updated
• Consider using your browser's private/incognito mode for additional security
• All API communications use encrypted HTTPS connections

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated privacy policy on this page and update the "Last updated" date at the top of this policy.

Given the nature of our application (no server-side data collection), substantial changes to this policy are unlikely. However, we recommend reviewing this privacy policy periodically.

11. Contact Information

If you have any questions about this privacy policy or about data protection at Privacy Llama, please contact us at:

Note: Please update the contact information above with actual company details.