Deutsch

Privacy policy

1. Controller

2. What this service is

Vera is an invitation-only personal diary service. You converse with an AI assistant; your entries are stored to build a long-term memory and, once enough has been collected, to generate fairy tales shared only with recipients you and they have both explicitly agreed to.

3. Data we process (Art. 13/14 GDPR)

• Account data: email address, name, password (stored only as a salted Argon2id hash), language and notification preferences.
• Content you provide: chat messages, uploaded images, voice recordings and their transcripts, and information derived from them (memories, key facts).
• Generated content: fairy tales based on your entries and metadata about which entries were used.
• Technical data: session cookie, device/push-subscription data if you enable notifications, and error reports you submit (including the page URL and browser user-agent).

4. Purposes and legal basis

We process this data to provide the service you requested (Art. 6(1)(b) GDPR) and, for security and operation, on the basis of our legitimate interest (Art. 6(1)(f) GDPR).

5. Special categories of data (Art. 9 GDPR)

A diary may contain special-category data within the meaning of Art. 9 GDPR (e.g. about health, religious beliefs, sexual orientation or political opinions). By voluntarily entering such information and using the service you give your explicit consent to its processing for the purposes described here (Art. 9(2)(a) GDPR). You may withdraw this consent at any time with effect for the future by contacting us.

6. AI processing and transfer to the USA

All AI features are powered by the OpenAI Codex CLI. To generate responses and fairy tales, the relevant content of your entries is transmitted to OpenAI, whose processing may take place on servers in the United States — a third country. This transfer is safeguarded by the standard contractual clauses and OpenAI's data-processing terms; nonetheless an equivalent level of data protection cannot be fully guaranteed. By using the service you consent to this transfer (Art. 49(1)(a) GDPR). Content is sent only to produce your responses and tales; it is not used to train third-party models under the applicable business terms.

7. Cookies

We set only strictly necessary cookies — a session cookie that keeps you logged in and the CSRF protection token. These are required for the service to function and need no consent banner. We use no tracking or advertising cookies.

8. Recipients of fairy tales

A tale is only ever delivered to a recipient when both you and that recipient have explicitly consented. Removing a recipient stops future tales but already-delivered tales remain accessible to both sides.

9. Retention

We keep your data for as long as your account exists. On deletion your personal data is erased, including your memory namespace and uploaded files. Fairy tales already delivered to others are retained, but your personal identifiers within them are anonymised.

10. Your rights

You have the right to access, rectification, erasure, restriction, data portability and objection, and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact vera [at] dphillips [dot] de. Account export and deletion are carried out by the administrator on request.

Last updated: 2026-06-01