Your AI Twin
PREVIEW

Privacy Policy

Last updated: 2026-04-03

1. Data Controller

The data controller responsible for data processing on this platform is: Andre Unger Heideweg 22 59069 Hamm Germany Email: twin_support@familie-unger.info If you have any questions about the processing of your personal data, please contact us at the email address above.

2. Types of Data Collected

We collect and process the following categories of personal data:

2.1 Account Data (Creators)

When you register as a Creator, we collect your email address, display name, and country declaration (ISO 3166-1 alpha-2 country code). This data is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR). The country declaration determines which Platform features are available and which country-specific legal conditions apply; see Section 2.10 for further details.

2.2 Usage Data

We collect anonymized usage data such as query counts, session durations, and interaction patterns. IP addresses are anonymized (hashed) immediately upon collection. This data is processed based on our legitimate interest in improving the service (Art. 6(1)(f) GDPR).

2.3 Technical Data

When you access our platform, your browser automatically transmits technical data (browser type, operating system, referrer URL). IP addresses are anonymized and not stored in identifiable form. No persistent cookies or fingerprints are used for tracking.

2.4 Billing Data

If you subscribe to a paid plan, we collect and store your billing address. This is required for the calculation of applicable VAT and for compliance with statutory commercial record-keeping obligations pursuant to § 257 HGB (10 years). Legal bases: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (legal obligation). Payment card data, bank account details, and other payment instrument data are neither stored nor processed by the Provider on its own servers at any time. Such data is processed exclusively by the external payment service provider displayed to the Creator in the Creator Portal and at checkout. The processing of such data is governed by the privacy policy of the respective payment service provider. Invoice data (invoice number, line items, amounts, taxes) is stored as part of the Provider's accounting records for the statutory retention period of 10 years.

2.5 Document Data (Creators)

Creators upload documents to train their AI Twins. These documents are processed and indexed for AI retrieval. Document data is strictly isolated per Creator and Twin through Row-Level Security (RLS). Only the Creator and authorized Learners can access the resulting knowledge.

2.6 Learner Interaction Data

Learners who interact with a Twin may optionally consent to storing their interaction history (conversation data, bookmarks). Without explicit consent, interactions are processed in anonymous mode only. Consent can be withdrawn at any time (Art. 7(3) GDPR). Learner access is provided via magic links: after entering their email address, a one-time access link is sent via email (valid for 15 minutes). Upon verification, a technically necessary session cookie is set (learner_session, 24 hours, httpOnly). The email address is stored exclusively as a SHA-256 hash — never in plain text. Bookmarks are stored in the database (not in the browser) and require active consent. Where a Creator operates their AI Twin in "Restricted" access mode, Learner email addresses are additionally processed in plain text for the purposes of access verification (comparison against the Creator's configured access list) and dispatch of the magic link. This plain-text processing is limited to the authentication process; after successful verification, storage is exclusively hash-based. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of contract with the Creator) in conjunction with Art. 28 GDPR (data processing agreement).

2.6a Chat Message Storage

Chat messages exchanged between Learners and AI Twins are stored for the purpose of service provision, response quality improvement, and analytics. Stored data includes the message text, timestamps, referenced sources, and the Twin identifier — no personally identifiable information beyond the pseudonymized session identifier is retained. Messages from authenticated Learners are retained for up to 120 days (90 days active + 30 days grace period), after which they are permanently deleted. For anonymous users (public Twins), session data is retained for 90 days of inactivity followed by a 30-day grace period before hard deletion. Aggregated, non-personal analytics (topic distributions, response quality metrics) derived from chat data may be retained beyond the deletion of raw messages. The legal basis for storing chat messages is Art. 6(1)(f) GDPR (legitimate interest in service provision and quality improvement) for anonymous users, and Art. 6(1)(b) GDPR (performance of contract) for authenticated users. Authenticated Learners may request deletion of their stored interaction data at any time via their profile settings.

2.7 Anonymous Usage (Public Twins)

When you use a publicly accessible Twin without registration or magic link, we only collect a pseudonymized session fingerprint (SHA-256 hash of IP address and browser identifier). Neither your IP address nor any other identifying data is stored in plain text. No cookies are set. Since we cannot identify you in this case, the data subject rights under Art. 15–20 GDPR do not apply (Art. 11 GDPR). The pseudonymized session data is automatically deleted after 90 days of inactivity.

2.8 Data in Partner Integrations

Twins may be embedded in platforms of partner organizations. When using an embedded Twin, the following data is processed: Your user identifier provided by the partner is stored exclusively as a non-reversible hash (HMAC-SHA256) — neither we nor the partner can derive your identity from it. Anonymized session data (session ID, message length, course context) may be transmitted to the partner via webhooks. These webhooks contain no personal data — only the hashed user identifier and aggregated interaction data. The partner additionally has access to anonymized analytics (topic distributions, usage patterns), which are only displayed when at least 10 users are present (k-anonymity). The partner is responsible for complying with their own data protection obligations towards their users.

2.9 API Usage Data (Audit Log)

Where a Creator uses the Twin API, pseudonymized API usage data is recorded in an audit log in order to ensure proper operation, detect misuse, and support billing. The audit log stores exclusively the following data: the channel used (e.g., Telegram, email, custom integration), the timestamp of the API call, token consumption, HTTP status code, and the session ID as a SHA-256 hash (pseudonymization). Message contents, IP addresses, and other personal data are not stored in the API audit log. The retention period for audit log entries is 90 days; entries are automatically deleted upon expiry of this period. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in operational security, misuse prevention, and billing).

2.10 Geo-Governance Data

At the time of registration, the country code provided by the Creator (ISO 3166-1 alpha-2, two letters, e.g., "DE" for Germany) is collected and stored. The country code determines which Platform features are available to the Creator, which country-specific legal conditions apply, and in which geographic region the Creator's data is processed (data plane region). The data plane region is derived from the country code; at the time of this policy update, the only supported region is the EU (server location: Germany). Changes to the country code are permitted no more than once per 90 calendar days; each change is logged. The legal basis is Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (compliance with legal obligations, in particular country-specific compliance requirements).

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): For optional analytics and Learner interaction history. Creators and Learners may withdraw consent at any time with effect for the future pursuant to Art. 7(3) GDPR, without affecting the lawfulness of processing carried out prior to withdrawal. To document consent (consent record), the following technical evidence is stored in pseudonymized form: the IP address and user agent of the consenting device, each as a SHA-256 hash using a separate, separately stored salt. The original value cannot be reconstructed from the stored hash. The salt is kept separate from the consent data. This measure serves to fulfill the accountability obligation pursuant to Art. 7(1) GDPR. The legal basis for processing the consent record is Art. 6(1)(c) GDPR.
  • Contract (Art. 6(1)(b) GDPR): For account creation, Twin management, and subscription services.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For platform security, fraud prevention, misuse detection, and service improvement through anonymized analytics, as well as for maintaining the API audit log (see Section 2.9).
  • Legal Obligation (Art. 6(1)(c) GDPR): For billing data retention as required by § 257 HGB (10 years) and for documentation of consent pursuant to Art. 7(1) GDPR.

4. Third-Party Services and Data Processors

We use the following third-party services to operate the platform:

  • Supabase (Supabase Inc., USA): Database hosting and authentication services. Data is hosted in the EU (Frankfurt, AWS region eu-central-1). Supabase participates in the EU-US Data Privacy Framework; Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR are also in place. A Data Processing Agreement (DPA) is in place.
  • Mistral AI (Mistral AI SAS, France): Large language model for AI Twin responses and document embeddings. Mistral AI is an EU-based company. Your queries are processed to generate responses but are not used to train Mistral's models.
  • Qdrant: Vector database for semantic search. Used to store document embeddings (not raw document content). Qdrant is self-hosted on EU infrastructure (Hetzner, Germany).
  • Email Service Provider (Mailjet by Sinch, France): For transactional emails (registration confirmation, password reset, quota notifications). Data transmitted: recipient email address and email content (name, if provided). Emails are processed within the EU. Data is deleted within 90 days after account termination. Sub-processor list: sinch.com/legal/data-protection-agreement-sub-processors/
  • Redis: Used exclusively for rate limiting. No personal data is persistently stored. Redis is self-hosted on EU infrastructure (Hetzner, Germany).
  • Payment service provider: Payment processing is handled by an external payment service provider; the provider currently in use is displayed to the Creator in the Creator Portal and at checkout. The payment service provider processes payment card data and other payment information in its own name and on its own responsibility; such data is not transmitted to the Provider. The only data transmitted to the payment service provider is the amount due and the identification data required for invoicing (email address, invoice reference). Once a specific payment service provider has been selected, its name, registered office, and a reference to its privacy policy will be added here.
  • Partner organizations: When a Twin is embedded in a partner platform, the partner receives anonymized interaction data via webhooks (no personal data, only hashed user IDs and aggregated metrics). The partner acts as an independent data controller for the data they receive. Data transmission is encrypted and cryptographically signed (HMAC-SHA256).

5. Data Retention Periods

We retain your data only as long as necessary for the purposes stated:

  • Account data: Duration of your account plus 30 days after deletion.
  • Billing address and invoice data: 10 years (statutory retention obligation under § 257 HGB and § 14 UStG). Payment instrument data (card data, bank account details) is not stored by the Provider.
  • Learner session data: 90 days of inactivity, then 30-day grace period before permanent deletion. This applies to all chat sessions, including anonymous (public Twin) usage.
  • Chat message content: Permanently deleted after 120 days. Aggregated analytics derived from conversations (topic trends, usage statistics, quality metrics) are retained in anonymized form and cannot be traced back to individual sessions or users.
  • Quiz answers: Anonymized 30 days after completion (answer content redacted, only scores and results retained). Quiz session records are deleted together with learner session data.
  • Aggregated question analytics: 30 days, then automatically deleted. Contains no personal data (PII-redacted, k-anonymized).
  • Twin insights (citation analytics, session metrics, content quality, audience intelligence): Stored for the lifetime of the Twin. Exclusively anonymized aggregate data with no personal reference. Automatically deleted when the Twin is deleted.
  • Partner session data: Automatically deleted 24 hours after session end. Contains only hashed user identifiers (no personal data).
  • Partner webhook logs: 30 days for audit purposes, then automatically deleted. Contains only anonymized data.
  • API audit log entries: 90 days, then automatically deleted. Contains exclusively pseudonymized technical metadata (see Section 2.9).
  • Consent records: Retained for the duration of the account plus the period required by law for evidentiary purposes; at minimum until expiry of applicable limitation periods for data protection claims. Automatically deleted thereafter.
  • System logs: Maximum 30 days, with anonymized IP addresses.
  • Access control logs: Email addresses anonymized after 30 days.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): You can request information about your stored personal data at any time.
  • Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate personal data.
  • Right to Erasure (Art. 17 GDPR): You can request deletion of your personal data, unless legal retention obligations apply.
  • Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format (JSON).
  • Right to Object (Art. 21 GDPR): You can object to processing based on legitimate interest at any time.
  • Right to Restriction (Art. 18 GDPR): You can request restriction of processing under certain conditions.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw any given consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, please contact us at twin_support@familie-unger.info. Learners can also use the self-service data management features available within the platform.

7. Cookies

We use only technically necessary cookies that are essential for operating the platform. These do not require consent under Art. 5(3) ePrivacy Directive. We do not use tracking cookies, analytics cookies, or third-party cookies.

The following cookies are used:

  • sb-* (Supabase authentication): Technically necessary session cookie for login. Deleted when the session ends.
  • learner_session: Technically necessary cookie for identifying learners after magic link verification. Duration: 24 hours. HttpOnly (not accessible via JavaScript).
  • NEXT_LOCALE: Technically necessary cookie for storing the user's selected language preference. Persistent until manually deleted.

8. Analytics and Privacy

Our analytics system is built with privacy by design. All analytics are aggregated and anonymized. We enforce k-anonymity: question analytics are only shown when at least 5 similar queries exist, session and behavioral analytics require at least 10 learners. Personal data (email addresses, phone numbers, URLs) is automatically redacted before aggregation. No individual user behavior is tracked or profiled. Creators can optionally enable analytics for their Twins, but Learners must explicitly consent before any personalized data is collected.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS 1.2+) and at rest (AES-256), database-level Row-Level Security (RLS) for tenant isolation, anonymization of IP addresses and user identifiers in logs, regular security reviews and access controls, and structured audit logging for all sensitive operations.

10. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email to registered users. The date of the last update is shown at the top of this page.

11. International Data Transfers

Some of our data processors are based outside the EU/EEA:

  • Supabase Inc. (USA): Your data is hosted in the EU (Frankfurt, aws-eu-central-1). Supabase is certified under the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) are in place pursuant to Art. 46(2)(c) GDPR. A Data Processing Agreement (DPA) is in place.

All other processors (Mistral AI, Brevo, Mailjet) are based in the EU and are directly subject to the GDPR. Qdrant and Redis are self-hosted on EU infrastructure (Hetzner, Germany).

12. Automated Decision-Making and AI

Our platform uses AI models (Mistral AI) to generate responses based on uploaded documents. These AI-generated responses do not constitute automated individual decision-making within the meaning of Art. 22 GDPR — they produce no legal effects and do not similarly significantly affect you. No user profiling takes place. The AI processes your queries solely to generate responses; your queries are not used to train the AI models.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority is the data protection authority of the German federal state in which our registered office is located. You may also contact the supervisory authority of your own EU member state.