Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Paul Rinninger
eyeCatcher Studios
Carl-Orff-Ring 189
87616 Marktoberdorf, Germany
E-mail: info@eyecatcher-studios.de

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data takes place regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal provisions.

This platform is hosted on infrastructure provided by Supabase Inc., 970 Toa Payoh North, #07-04, Singapore 318992. Supabase processes server log files that are automatically created when our pages are accessed, acting as our data processor. These log files contain:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file retrieved
• Browser type and operating system
• Referrer URL (previously visited page)

Log files are stored for a maximum of 7 days and then automatically deleted. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operational security). A data processing agreement (DPA) is in place with Supabase. Data transfers to third countries are based on EU standard contractual clauses (Art. 46 (2) (c) GDPR).

Registration is required to use our platform. In doing so, we collect the following data:

• E-mail address
• Password (stored encrypted, not in plain text)
• Display name (optional)
• Profile picture / avatar (optional, via upload)

Purpose: provision and administration of the user account. Legal basis: Art. 6 (1) (b) GDPR (contract performance). Storage period: until the account is deleted upon request.

As part of onboarding and profile settings, the following data may be provided voluntarily:

• Personal goals (e.g. sleep, focus, longevity)
• Knowledge level (beginner, advanced, expert)
• Source preferences (e.g. human studies, meta-analyses)
• Bio and username (handle)

This data is used to personalize search results and recommendations. Legal basis: Art. 6 (1) (b) GDPR.

For the AI-powered chat function, the contents of your chat messages are transmitted to OpenAI Inc., 3180 18th Street, San Francisco, CA 94110, USA. OpenAI processes this data as our data processor. According to OpenAI's API usage policy, data submitted via the API is not used to train models.

Please do not enter any sensitive personal data in the chat that is not required to answer your question.

Legal basis: Art. 6 (1) (b) GDPR. Third-country transfer (USA) on the basis of EU standard contractual clauses. More information: openai.com/policies/privacy-policy

For audio playback of content, we use the service of ElevenLabs Inc., New York, USA. Text is transmitted to ElevenLabs for audio generation. A data processing agreement is in place with ElevenLabs.

Legal basis: Art. 6 (1) (b) GDPR. Third-country transfer (USA) on the basis of EU standard contractual clauses.

If you use the optional voice cloning feature, a voice sample from you will be processed to create a personal voice profile. Voice data can constitute biometric data within the meaning of Art. 9 GDPR.

This processing takes place exclusively on the basis of your explicit consent pursuant to Art. 9 (2) (a) GDPR. You may withdraw your consent at any time. Your voice profile will be deleted immediately upon withdrawal.

To embed video content, we use the YouTube Data API of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Video metadata is retrieved. Google's privacy policy applies additionally to Google services.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in content presentation). Third-country transfer (USA) on the basis of the EU-US Data Privacy Framework and EU standard contractual clauses.

For scientific study searches, search queries (search terms) are transmitted to the API of the National Center for Biotechnology Information (NCBI) / PubMed, Bethesda, Maryland, USA (U.S. federal agency). Technically, the server IP address is transmitted. Personal data such as usernames or e-mail addresses are not transmitted.

Legal basis: Art. 6 (1) (b) GDPR.

If activated, we use PostHog (PostHog Inc., San Francisco, USA) for anonymized analysis of platform usage. PostHog collects anonymized usage statistics; IP addresses are not stored permanently.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in product improvement). You may object to usage analytics at any time by contacting us at the e-mail address mentioned above.

If activated, we use Sentry (Functional Software Inc., San Francisco, USA) to detect and resolve technical errors. Sentry collects error messages, stack traces, and technical browser information. Chat content or personal user data are not transmitted to Sentry.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in technical operational security).

Forum posts and comments are publicly visible and can be read by other users. To defend against abuse and to protect legal interests, we store the user's IP address when a post is published.

Legal basis: Art. 6 (1) (f) GDPR.

This platform uses only technically necessary cookies. The Supabase Auth session cookie is used to maintain your login session. No advertising or tracking cookies are set without your consent.

You can disable cookies in your browser. However, this may limit the functionality of the platform, as login is not possible without the session cookie.

Personal data is stored only as long as is necessary for the respective processing purpose or as long as legal retention obligations exist. Upon request, we will delete your user account and the associated personal data. Please send your request to info@eyecatcher-studios.de.

You have the following rights with respect to the personal data concerning you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)

To exercise your rights, please contact: info@eyecatcher-studios.de

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach, Germany
www.lda.bayern.de

We use services from providers based in the USA (OpenAI, ElevenLabs, Supabase, Google, PostHog, Sentry). Data transfers to these third countries are based on EU standard contractual clauses pursuant to Art. 46 (2) (c) GDPR and/or on the EU-US Data Privacy Framework, insofar as the respective provider is certified.

There is no automated decision-making, including profiling within the meaning of Art. 22 GDPR, that produces legal effects concerning you or significantly affects you in a similar way.

This privacy policy is currently valid and dated May 2026. Due to the further development of our website and our services or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed on this page at any time.