Privacy Policy

The controller responsible for data processing is:
Mustafa Yesilyayla
Kurt-Schumacher-Straße 76, 67663 Kaiserslautern, Deutschland
Email: service@thumbpilot.app

We only process personal data to the extent necessary for the provision of our services.

• Access data (e.g. IP address, timestamps, user agent) for technical provision and security on the basis of Art. 6(1)(f) GDPR.
• Account and authentication data (e.g. UID, email, display name, profile picture) for login and account management on the basis of Art. 6(1)(b) GDPR.
• Content data (uploads, prompts, generated results) for contract performance and delivery of the booked service on the basis of Art. 6(1)(b) GDPR.
• Payment and billing data (e.g. Stripe session ID, invoice information, transaction data) for payment processing and compliance with statutory retention obligations on the basis of Art. 6(1)(b) and (c) GDPR.
• Consent records for digital services (e.g. declared text version, timestamps and hashed IP and user agent values) for legal proof purposes on the basis of Art. 6(1)(c) and (f) GDPR.
• Local browser data (e.g. drafts in Local Storage) for functionality provision on the basis of Art. 6(1)(f) GDPR.

We use external technical service providers. These include, depending on usage:

• Google Firebase / Google Cloud (authentication, data storage)
• Stripe (payment processing, invoicing)
• OpenAI (prompt and analysis processing)
• fal.ai (image generation pipeline)
• Runware (object generation)
• Google Analytics (web analytics, if consented)

Where required, data processing agreements pursuant to Art. 28 GDPR are concluded with service providers.

Where you have given your consent (Art. 6(1)(a) GDPR), we use Google Analytics on this website, a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is generally transferred to and stored on a Google server in the USA. We use Google Analytics only with IP anonymization enabled.

You may withdraw your consent at any time with future effect by adjusting the cookie settings on our website or by installing an appropriate browser plugin.

When using certain service providers, data may be transferred to countries outside the EU/EEA. Where no adequacy decision exists, such transfers are based on appropriate safeguards (in particular EU Standard Contractual Clauses) pursuant to Art. 46 GDPR.

• Account and usage data is stored for the duration of the user relationship.
• After account deletion, data is deleted unless statutory retention obligations apply.
• Invoice and tax-relevant data is retained in accordance with statutory commercial and tax retention obligations.
• Technical log data is only stored for a limited period for security and error analysis purposes.

Under the GDPR, you have in particular the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to certain processing (Art. 21 GDPR)
• Right to withdraw consent with future effect

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates data protection law (Art. 77 GDPR).

The provision of certain data is required for entering into a contract and for technical use. Without this data, we may be unable to provide the service in whole or in part.

No solely automated decision-making within the meaning of Art. 22 GDPR takes place.

We may update this Privacy Policy when legal or technical requirements change. The version published on this page shall apply at any given time.