Privacy

Privacy Policy

Last updated: January 1, 2026

Contents

Data Controller Legal Basis for Processing What We Collect Payment & Stripe Contact & Communication Analytics & Tracking Data Retention & Security Your Rights & Choices Third-Party Services International Data Transfers Disclaimer Contact & Complaints

Data Controller

▾

This service is operated by Digital Creative Academy, Switzerland. For privacy inquiries, please use our contact form.

This service is only available to users aged 18 and above. We do not knowingly collect data from individuals under 18.

Legal Basis for Processing

▾

Under Swiss data protection law (FADP), GDPR, and other applicable privacy laws, we process your personal data on these legal grounds:

Consent

When you create an account, you provide explicit consent for us to process your username, email, and password. You confirm your age (18+) during signup. Consent can be withdrawn by deleting your account.

Contractual Necessity

Processing account data, session usage, and payment references is necessary to fulfill our contract with you.

Legitimate Interest

✓Preventing fraud, abuse, and unauthorized access

✓Maintaining security and system integrity

✓Collecting anonymous, aggregated analytics to improve the service

✓Complying with legal obligations

What We Collect

▾

Account Data

✓Username, encrypted email, and securely hashed password for login across devices

✓Names are also encrypted for privacy

✓Only metrics needed to prevent abuse and track remaining allowance

Conversations

All conversations are ephemeral and disappear when you close the page. We never store conversation content on our servers.

Technical Logs

We retain high-level security logs (IP address and user agent hash) only long enough to investigate abuse or fraud, after which they are purged.

Payment & Stripe

▾

Payments are securely processed by Stripe, Inc. We do not store any credit card information on our servers.

✓Stripe collects card details (securely tokenized), billing address, and transaction amounts

✓You may optionally save payment methods with Stripe — manageable and deletable via Stripe Link

✓Stripe uses AES-256 encryption and is PCI DSS Level 1 certified

✓Payment processing does not require extensive personal information

We do not store any credit card information, payment details, or billing information on our servers — all handled exclusively by Stripe.

Contact & Communication

▾

✓Contact form messages are delivered via Gmail's SMTP service

✓Submissions are not shared with external marketing or analytics services

✓All contact communication is initiated by you and entirely voluntary

Analytics & Tracking

▾

✓Minimal analytics: basic usage statistics (trial starts, paid sessions, conversation counts)

✓All analytics data is aggregated and anonymous — no individual user tracking

✓No third-party trackers, cookies, or tracking pixels

We use only essential HTTPOnly cookies for session management. No tracking cookies, advertising cookies, or third-party tracking services.

Data Retention & Security

▾

✓Account details retained only as long as needed to provide the service

✓Accounts inactive for 365 days are automatically deleted

✓You can delete your account at any time through settings

✓Sensitive data encrypted at rest; all transmission encrypted via HTTPS/WSS

✓Data breach notification to affected users and authorities as required by Swiss law

✓Regular internal security and privacy audits

We adhere to privacy principles consistent with Swiss FADP, GDPR, CCPA, and HIPAA standards.

Your Rights & Choices

▾

Depending on your location, you may have the right to:

✓Access a copy of your personal data

✓Request correction or deletion of your information

✓Object to or restrict processing of your data

✓Withdraw consent (where applicable)

✓Lodge a complaint with your local data protection authority

Data Management

✓Delete your account from in-product settings at any time

✓Stripe payment data is managed via Stripe's customer portal

✓Dormant accounts (365+ days inactive) are automatically purged

Third-Party Services

▾

✓Stripe: Payment processing — does not share payment details with us beyond basic transaction confirmations

✓OpenAI: Real-time conversation processing via API — may retain inputs up to 30 days for abuse monitoring, not used for training

✓Gmail/Google: Contact form email transmission

✓Render: Cloud hosting — no access to conversation content

We do not share data with marketing services, social media platforms, or analytics providers.

International Data Transfers

▾

Our third-party providers may process data outside your country. They implement appropriate safeguards including Standard Contractual Clauses (SCCs) where legally required.

Disclaimer

▾

This service is not a medical device and is not intended to diagnose, treat, or prevent any health conditions.

✓Conversations are AI-generated and intended for emotional support only

✓Not a substitute for clinical, therapeutic, or emergency care

✓Use is voluntary and entirely at your discretion

✓If in crisis, contact a licensed professional or emergency service

Contact & Complaints

▾

If you have questions about this privacy policy or your data, please use our contact form.

If you are located in the EU or another jurisdiction with data protection laws, you have the right to lodge a complaint with your local data protection authority.

By using this service, you agree to these privacy practices and acknowledge the minimal data collection described above.