Privacy Policy

Last updated: 27 June 2026

Template / draft — not legal advice. Replace the bracketed placeholders and have a qualified person review this for GDPR/DSGVO compliance before publishing. A German "Datenschutzerklärung" version is recommended for German users.

1. Controller

Controller within the meaning of the GDPR:

Elena Hertel — 1ln Software Development
Raderberger Str. 160 c · 50968 Köln · Germany
E-mail: elena.hertel1986@gmail.com

2. What we process

• Account data: the e-mail address you use to buy and sign in.
• Purchase data: handled by Paddle as Merchant of Record (name, billing address, payment details). We receive only limited confirmation data — e.g. your e-mail, the product/price purchased, and an order/transaction id.
• Usage & billing metadata: model used, token counts, and credits charged per generation, kept to operate and meter the service.
• Optional content history: your prompts and generated results, stored only while you keep the "store history" setting on; turning it off deletes previously stored content.
• Technical data: server logs (e.g. IP, timestamp, request) for security and operation.

3. Purposes and legal bases

• Providing the service, accounts, credits, and licenses — performance of a contract, Art. 6(1)(b) GDPR.
• Invoicing and statutory record-keeping — legal obligation, Art. 6(1)(c) GDPR.
• Security, abuse prevention, and service improvement — legitimate interests, Art. 6(1)(f) GDPR.
• Optional content history and any use of content for model improvement — consent, Art. 6(1)(a) GDPR (you control this via the in-product toggles and may withdraw it at any time).

4. Processors and recipients

• Paddle.com Market Ltd — payment processing / Merchant of Record. See paddle.com/legal/privacy.
• Scaleway SAS (France/EU) — hosting (server & database) and transactional e-mail delivery (license keys, sign-in links).
• Anthropic (USA) — AI generation provider for cloud generations.

Processors act on our instructions under data-processing agreements.

5. International transfers

Where a recipient is outside the EU/EEA (e.g. an AI provider in the USA), transfers are safeguarded by appropriate measures such as the EU Standard Contractual Clauses. Contact us for details or a copy of the safeguards.

6. Retention

Account, credit-ledger, and billing records are kept while your account is active and for any statutory retention period thereafter (e.g. tax/commercial law). Optional content history is kept only while the setting is on and is deleted when you turn it off or delete your account. Logs are kept for a limited period.

7. Your rights

Subject to the conditions of the GDPR, you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future. To exercise any right, contact elena.hertel1986@gmail.com.

You also have the right to lodge a complaint with a supervisory authority. The authority competent for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4 · 40213 Düsseldorf · Germany
www.ldi.nrw.de

You may alternatively complain to the supervisory authority of your own habitual residence or place of work.

8. Your privacy controls

• Store history: off by choice; turning it off purges stored prompts/results (right to erasure of that content).
• Training opt-out: prevents your content from being used to improve models.

9. Cookies

The 1ln website itself is static and sets no tracking cookies. The Paddle checkout overlay may set cookies strictly necessary to process your payment; see Paddle's privacy policy.

10. Changes

We may update this policy; the current version is always published here.

11. Contact

Privacy questions: elena.hertel1986@gmail.com.