← Back

Privacy Policy

Last updated: February 2026 · Pursuant to GDPR (EU 2016/679) and EU AI Act (EU 2024/1689). This English version is a convenience translation — the German version is the legally binding document.

1. Data Controller

···

···

··· ···, ···

Email: ···

2. Cookies & Authentication

PURGIFIER uses only technically necessary cookies for authentication (session cookie). These cookies are required for you to log in and use the service.

No tracking cookies, no analytics cookies, and no third-party cookies are set. A cookie consent banner is therefore not required (§ 25 TDDDG — technically necessary cookies are exempt).

Legal basis: Art. 6(1)(b) GDPR (performance of contract) + § 25(2)(2) TDDDG.

3. Data Sharing with AI Service Providers (LLM Providers)

To perform text transformations, your text inputs are transmitted via API interfaces to the following AI providers:

  • Google Gemini (Google DeepMind, EU / USA)
  • OpenAI GPT-4o (OpenAI Inc., USA)
  • Optional: Local model (LM Studio / Ollama — no external data transfer)

Transmission occurs solely for the purpose of text transformation. No other personal data is transmitted (no email, no name, no user ID).

⚠ Important notice: Your text inputs are not used to train AI models. Both Google Gemini (API) and OpenAI (API) contractually exclude the use of API inputs for model training.

Legal basis: Art. 6(1)(b) GDPR (performance of contract) · USA transfer: EU-US Data Privacy Framework.

4. AI Transparency (EU AI Act 2026)

PURGIFIER is an AI-powered text transformation tool. Pursuant to the EU AI Act (Regulation (EU) 2024/1689), we transparently disclose the use of AI systems:

  • Risk classification: Minimal risk (not a high-risk AI system)
  • Purpose: Text rephrasing to reduce generic-sounding formulations
  • Models used: Google Gemini 2.5 Flash, OpenAI GPT-4o, optionally local models
  • Human oversight: The user decides on input, intensity, and use of results
  • No real-time biometrics, no social scoring, no manipulation

An AI transparency badge is displayed in the footer of every page, linking to this section.

5. Stored Personal Data

The following personal data is stored in our database:

  • Email address, name (provided during registration)
  • Password (stored encrypted, not recoverable)
  • Plan status (Free / Blitz / Pro), expiration date
  • Fair-use counter (word count per transformation, no text content)
  • Admin status, loyalty bonus status
No text content is stored: Neither your input texts nor the transformed results are stored in the database.

Storage location: Servers in Germany (Nuremberg / Falkenstein). Retention period: Account data until account deletion, then removal within 7 days. Usage counters are overwritten with each transformation.

6. Abuse Prevention (Rate Limiting)

To prevent abuse, we temporarily store the following data to limit the number of requests per user:

  • IP address or user ID as key
  • Request counter with time window

No text content is stored in this process. All entries expire automatically after one hour at the latest. Processing occurs exclusively on the German server.

7. Email Delivery

For verification and password reset emails, we operate our own SMTP server. Emails are sent exclusively for account confirmation and password resets.

No disclosure to email marketing services, newsletter providers, or third parties.

8. Payment Processing (Creem)

Payment processing is handled by Creem as the EU Merchant of Record. Creem processes payment data (credit card, PayPal, etc.) in its own name.

PURGIFIER does not store any payment data (no credit card numbers, no bank details). We receive from Creem only a confirmation of the payment status via webhook.

Creem privacy policy: https://www.creem.io/privacy

9. Hosting Provider (Hetzner)

The website and all data are hosted on servers of Hetzner Online GmbH in Germany.

Hetzner Online GmbH · Industriestr. 25 · 91710 Gunzenhausen · Germany

A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Hetzner. Your data does not leave the EU.

10. Data Processing (Art. 28 GDPR)

Data Processing Agreements (DPA) pursuant to Art. 28 GDPR have been concluded with all external service providers who process personal data on our behalf:

  • Hetzner Online GmbH — Server hosting (Germany)
  • Google LLC (Google DeepMind) — LLM API; Data Processing Amendment; USA transfer: EU-US Data Privacy Framework
  • OpenAI Inc. — LLM API; Data Processing Agreement; USA transfer: EU-US Data Privacy Framework
  • Creem Inc. — Payment processing as Merchant of Record (own data protection responsibility)

11. Your Rights (Data Subject Rights)

You have the right at any time to:

  • Access — What data we store about you (Art. 15 GDPR)
  • Rectification — Correction of inaccurate data (Art. 16 GDPR)
  • Erasure — Deletion of your data (Art. 17 GDPR)
  • Restriction — Restriction of processing (Art. 18 GDPR)
  • Data portability — Export of your data (Art. 20 GDPR)
  • Objection — Objection to processing (Art. 21 GDPR)

Please send requests to: ···

12. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

Competent supervisory authority (Baden-Württemberg): State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)

Privacy Policy | PURGIFIER