Privacy Policy

Last updated: December 9, 2025

1 Introduction

Welcome to MediaCrafter ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

This privacy policy explains how we collect, use, store, and protect your personal data when you use our AI-powered image generation service.

2 Data Controller

The data controller responsible for the processing of your personal data is:

MediaCrafter

Andreas Greimel

Feldstr. 15a

84405 Dorfen

Germany

Email: [email protected]

If you have any questions about how we handle your personal data, please contact us at the above address.

3 Data We Collect

3.1 Account Data

When you create an account, we collect your email address and an encrypted password. This data is necessary to provide you access to our service (legal basis: Art. 6(1)(b) GDPR – contract performance).

3.2 User-Generated Content

  • Text prompts: The descriptions you provide to generate images
  • Uploaded images: Reference images you upload for image generation
  • Generated images: AI-generated images created through our service
  • Templates and characters: Saved prompts and character profiles you create

3.3 Usage Data

We collect technical data about your use of the service, including:

  • Token usage and associated costs for billing purposes
  • Conversation history for service continuity
  • Timestamps of account activities

4 Purpose of Data Processing

We process your personal data for the following purposes:

  • Service provision: To enable AI image generation based on your prompts and reference images
  • Account management: To authenticate you and manage your account
  • Service improvement: To maintain and improve our service quality
  • Communication: To send you important service updates and respond to inquiries
  • Legal compliance: To comply with legal obligations, including tax and accounting requirements

5 Third-Party Services

We use trusted third-party service providers to operate our service. Data may be transferred to these providers:

Supabase (Authentication & Storage)

We use Supabase for user authentication and secure storage of your images and data. Supabase processes data in accordance with GDPR requirements.

Supabase Privacy Policy →

Google (Gemini AI)

We use Google's Gemini AI models to generate images from your prompts. Your prompts and reference images are sent to Google's servers for processing. Google processes this data in accordance with their AI terms of service.

Google Privacy Policy →

Note: Some of our service providers may be located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data during international transfers.

6 Data Retention

We retain your personal data as follows:

  • Account data: Retained for the duration of your account and deleted upon account deletion
  • Generated content: Stored until you delete it or delete your account
  • Usage logs: Retained for up to 12 months for service improvement and debugging
  • Billing records: Retained for 10 years in accordance with German commercial and tax law (§ 147 AO, § 257 HGB)

7 Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Art. 18 GDPR)

You can request limitation of processing of your data.

Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR)

You can object to processing of your data in certain circumstances.

Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

8 Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Secure password hashing
  • Row Level Security (RLS) policies for database access
  • Regular security assessments
  • Access controls and authentication mechanisms

9 Cookies

We use only strictly necessary cookies for authentication and session management. These cookies are essential for the operation of our service and do not require your consent under GDPR.

CookiePurposeDuration
sb-*-auth-tokenAuthentication sessionSession

10 Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

The competent supervisory authority in Germany is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153

53117 Bonn

Germany

Website: www.bfdi.bund.de

11 Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last updated" date.

We encourage you to review this privacy policy periodically for any changes.

Questions or Concerns?

If you have any questions about this privacy policy or our data practices, please don't hesitate to contact us:

Contact Us